@matimo/core 0.1.0-alpha.12.1 → 0.1.0-alpha.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +169 -8
- package/dist/approval/approval-handler.d.ts +5 -1
- package/dist/approval/approval-handler.d.ts.map +1 -1
- package/dist/approval/approval-handler.js +6 -0
- package/dist/approval/approval-handler.js.map +1 -1
- package/dist/core/schema.d.ts +29 -8
- package/dist/core/schema.d.ts.map +1 -1
- package/dist/core/schema.js +10 -3
- package/dist/core/schema.js.map +1 -1
- package/dist/core/skill-content-parser.d.ts +91 -0
- package/dist/core/skill-content-parser.d.ts.map +1 -0
- package/dist/core/skill-content-parser.js +248 -0
- package/dist/core/skill-content-parser.js.map +1 -0
- package/dist/core/skill-loader.d.ts +46 -0
- package/dist/core/skill-loader.d.ts.map +1 -0
- package/dist/core/skill-loader.js +310 -0
- package/dist/core/skill-loader.js.map +1 -0
- package/dist/core/skill-registry.d.ts +131 -0
- package/dist/core/skill-registry.d.ts.map +1 -0
- package/dist/core/skill-registry.js +316 -0
- package/dist/core/skill-registry.js.map +1 -0
- package/dist/core/tfidf-embedding.d.ts +45 -0
- package/dist/core/tfidf-embedding.d.ts.map +1 -0
- package/dist/core/tfidf-embedding.js +199 -0
- package/dist/core/tfidf-embedding.js.map +1 -0
- package/dist/core/types.d.ts +155 -6
- package/dist/core/types.d.ts.map +1 -1
- package/dist/errors/matimo-error.d.ts +3 -1
- package/dist/errors/matimo-error.d.ts.map +1 -1
- package/dist/errors/matimo-error.js +2 -0
- package/dist/errors/matimo-error.js.map +1 -1
- package/dist/executors/command-executor.d.ts.map +1 -1
- package/dist/executors/command-executor.js +13 -2
- package/dist/executors/command-executor.js.map +1 -1
- package/dist/executors/function-executor.d.ts.map +1 -1
- package/dist/executors/function-executor.js +33 -20
- package/dist/executors/function-executor.js.map +1 -1
- package/dist/index.d.ts +20 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +14 -1
- package/dist/index.js.map +1 -1
- package/dist/integrations/langchain.d.ts +55 -0
- package/dist/integrations/langchain.d.ts.map +1 -1
- package/dist/integrations/langchain.js +66 -0
- package/dist/integrations/langchain.js.map +1 -1
- package/dist/logging/winston-logger.d.ts.map +1 -1
- package/dist/logging/winston-logger.js +9 -1
- package/dist/logging/winston-logger.js.map +1 -1
- package/dist/matimo-instance.d.ts +171 -6
- package/dist/matimo-instance.d.ts.map +1 -1
- package/dist/matimo-instance.js +602 -13
- package/dist/matimo-instance.js.map +1 -1
- package/dist/mcp/mcp-server.d.ts +25 -0
- package/dist/mcp/mcp-server.d.ts.map +1 -1
- package/dist/mcp/mcp-server.js +128 -21
- package/dist/mcp/mcp-server.js.map +1 -1
- package/dist/mcp/tool-converter.d.ts.map +1 -1
- package/dist/mcp/tool-converter.js +10 -1
- package/dist/mcp/tool-converter.js.map +1 -1
- package/dist/policy/approval-manifest.d.ts +74 -0
- package/dist/policy/approval-manifest.d.ts.map +1 -0
- package/dist/policy/approval-manifest.js +183 -0
- package/dist/policy/approval-manifest.js.map +1 -0
- package/dist/policy/content-validator.d.ts +19 -0
- package/dist/policy/content-validator.d.ts.map +1 -0
- package/dist/policy/content-validator.js +196 -0
- package/dist/policy/content-validator.js.map +1 -0
- package/dist/policy/default-policy.d.ts +46 -0
- package/dist/policy/default-policy.d.ts.map +1 -0
- package/dist/policy/default-policy.js +241 -0
- package/dist/policy/default-policy.js.map +1 -0
- package/dist/policy/events.d.ts +71 -0
- package/dist/policy/events.d.ts.map +1 -0
- package/dist/policy/events.js +8 -0
- package/dist/policy/events.js.map +1 -0
- package/dist/policy/index.d.ts +13 -0
- package/dist/policy/index.d.ts.map +1 -0
- package/dist/policy/index.js +9 -0
- package/dist/policy/index.js.map +1 -0
- package/dist/policy/integrity-tracker.d.ts +62 -0
- package/dist/policy/integrity-tracker.d.ts.map +1 -0
- package/dist/policy/integrity-tracker.js +79 -0
- package/dist/policy/integrity-tracker.js.map +1 -0
- package/dist/policy/policy-loader.d.ts +58 -0
- package/dist/policy/policy-loader.d.ts.map +1 -0
- package/dist/policy/policy-loader.js +153 -0
- package/dist/policy/policy-loader.js.map +1 -0
- package/dist/policy/risk-classifier.d.ts +18 -0
- package/dist/policy/risk-classifier.d.ts.map +1 -0
- package/dist/policy/risk-classifier.js +43 -0
- package/dist/policy/risk-classifier.js.map +1 -0
- package/dist/policy/types.d.ts +126 -0
- package/dist/policy/types.d.ts.map +1 -0
- package/dist/policy/types.js +8 -0
- package/dist/policy/types.js.map +1 -0
- package/package.json +5 -5
- package/tools/matimo_approve_tool/definition.yaml +36 -0
- package/tools/matimo_approve_tool/matimo_approve_tool.ts +90 -0
- package/tools/matimo_create_skill/definition.yaml +46 -0
- package/tools/matimo_create_skill/matimo_create_skill.ts +75 -0
- package/tools/matimo_create_tool/definition.yaml +48 -0
- package/tools/matimo_create_tool/matimo_create_tool.ts +137 -0
- package/tools/matimo_get_skill/definition.yaml +60 -0
- package/tools/matimo_get_skill/matimo_get_skill.ts +182 -0
- package/tools/matimo_get_tool_status/definition.yaml +42 -0
- package/tools/matimo_get_tool_status/matimo_get_tool_status.ts +101 -0
- package/tools/matimo_list_skills/definition.yaml +52 -0
- package/tools/matimo_list_skills/matimo_list_skills.ts +138 -0
- package/tools/matimo_list_user_tools/definition.yaml +32 -0
- package/tools/matimo_list_user_tools/matimo_list_user_tools.ts +74 -0
- package/tools/matimo_reload_tools/definition.yaml +35 -0
- package/tools/matimo_reload_tools/matimo_reload_tools.ts +29 -0
- package/tools/matimo_validate_skill/definition.yaml +43 -0
- package/tools/matimo_validate_skill/matimo_validate_skill.ts +137 -0
- package/tools/matimo_validate_tool/definition.yaml +34 -0
- package/tools/matimo_validate_tool/matimo_validate_tool.ts +168 -0
- package/tools/shared/skill-validation.ts +335 -0
- package/LICENSE +0 -21
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TF-IDF Embedding Provider — zero-dependency semantic search
|
|
3
|
+
* (Term Frequency–Inverse Document Frequency)
|
|
4
|
+
* Provides a lightweight text-to-vector implementation using TF-IDF (Term
|
|
5
|
+
* Frequency–Inverse Document Frequency) for cosine-similarity ranking. This
|
|
6
|
+
* is good enough for 10–200 skills. For production enterprise deployments,
|
|
7
|
+
* plug in an OpenAI/Cohere `EmbeddingProvider` instead.
|
|
8
|
+
*
|
|
9
|
+
* No external dependencies — works out of the box.
|
|
10
|
+
*/
|
|
11
|
+
/**
|
|
12
|
+
* Simple TF-IDF based embedding provider.
|
|
13
|
+
* Builds a vocabulary from the registered corpus and represents each text as
|
|
14
|
+
* a TF-IDF weighted vector.
|
|
15
|
+
*/
|
|
16
|
+
export class TfIdfEmbeddingProvider {
|
|
17
|
+
constructor() {
|
|
18
|
+
this.vocabulary = new Map();
|
|
19
|
+
this.idf = new Float64Array(0);
|
|
20
|
+
this.corpusSize = 0;
|
|
21
|
+
this._dimensions = 0;
|
|
22
|
+
}
|
|
23
|
+
get dimensions() {
|
|
24
|
+
return this._dimensions;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Build the vocabulary and IDF weights from a corpus of documents.
|
|
28
|
+
* Must be called before `embed()` or `embedBatch()`.
|
|
29
|
+
*/
|
|
30
|
+
fit(documents) {
|
|
31
|
+
this.vocabulary.clear();
|
|
32
|
+
this.corpusSize = documents.length;
|
|
33
|
+
// Build vocabulary (unique terms across all documents)
|
|
34
|
+
const docFrequency = new Map();
|
|
35
|
+
for (const doc of documents) {
|
|
36
|
+
const terms = this.tokenize(doc);
|
|
37
|
+
const uniqueTerms = new Set(terms);
|
|
38
|
+
for (const term of uniqueTerms) {
|
|
39
|
+
docFrequency.set(term, (docFrequency.get(term) || 0) + 1);
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
// Assign indices and compute IDF
|
|
43
|
+
let idx = 0;
|
|
44
|
+
const idfValues = [];
|
|
45
|
+
for (const [term, df] of docFrequency) {
|
|
46
|
+
this.vocabulary.set(term, idx++);
|
|
47
|
+
// Smooth IDF: log((N + 1) / (df + 1)) + 1
|
|
48
|
+
idfValues.push(Math.log((this.corpusSize + 1) / (df + 1)) + 1);
|
|
49
|
+
}
|
|
50
|
+
this._dimensions = idfValues.length;
|
|
51
|
+
this.idf = new Float64Array(idfValues);
|
|
52
|
+
}
|
|
53
|
+
async embed(text) {
|
|
54
|
+
return this.embedSync(text);
|
|
55
|
+
}
|
|
56
|
+
async embedBatch(texts) {
|
|
57
|
+
return texts.map((t) => this.embedSync(t));
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Synchronous embed for internal use (no async overhead).
|
|
61
|
+
*/
|
|
62
|
+
embedSync(text) {
|
|
63
|
+
if (this._dimensions === 0) {
|
|
64
|
+
return [];
|
|
65
|
+
}
|
|
66
|
+
const terms = this.tokenize(text);
|
|
67
|
+
const tf = new Float64Array(this._dimensions);
|
|
68
|
+
// Count term frequencies
|
|
69
|
+
for (const term of terms) {
|
|
70
|
+
const idx = this.vocabulary.get(term);
|
|
71
|
+
if (idx !== undefined) {
|
|
72
|
+
tf[idx]++;
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
// Normalize TF (sublinear: 1 + log(tf) if tf > 0)
|
|
76
|
+
for (let i = 0; i < this._dimensions; i++) {
|
|
77
|
+
if (tf[i] > 0) {
|
|
78
|
+
tf[i] = (1 + Math.log(tf[i])) * this.idf[i];
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
// L2 normalize
|
|
82
|
+
let norm = 0;
|
|
83
|
+
for (let i = 0; i < this._dimensions; i++) {
|
|
84
|
+
norm += tf[i] * tf[i];
|
|
85
|
+
}
|
|
86
|
+
norm = Math.sqrt(norm);
|
|
87
|
+
if (norm > 0) {
|
|
88
|
+
for (let i = 0; i < this._dimensions; i++) {
|
|
89
|
+
tf[i] /= norm;
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
return Array.from(tf);
|
|
93
|
+
}
|
|
94
|
+
/**
|
|
95
|
+
* Tokenize text into lowercase terms.
|
|
96
|
+
* Splits on non-alphanumeric characters and filters stopwords.
|
|
97
|
+
*/
|
|
98
|
+
tokenize(text) {
|
|
99
|
+
return text
|
|
100
|
+
.toLowerCase()
|
|
101
|
+
.split(/[^a-z0-9]+/)
|
|
102
|
+
.filter((t) => t.length > 1 && !STOPWORDS.has(t));
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
/**
|
|
106
|
+
* Cosine similarity between two vectors.
|
|
107
|
+
* Returns a value between -1 and 1 (1 = identical, 0 = orthogonal).
|
|
108
|
+
*/
|
|
109
|
+
export function cosineSimilarity(a, b) {
|
|
110
|
+
if (a.length !== b.length || a.length === 0)
|
|
111
|
+
return 0;
|
|
112
|
+
let dot = 0;
|
|
113
|
+
let normA = 0;
|
|
114
|
+
let normB = 0;
|
|
115
|
+
for (let i = 0; i < a.length; i++) {
|
|
116
|
+
dot += a[i] * b[i];
|
|
117
|
+
normA += a[i] * a[i];
|
|
118
|
+
normB += b[i] * b[i];
|
|
119
|
+
}
|
|
120
|
+
const denominator = Math.sqrt(normA) * Math.sqrt(normB);
|
|
121
|
+
return denominator === 0 ? 0 : dot / denominator;
|
|
122
|
+
}
|
|
123
|
+
/** Common English stopwords to exclude from TF-IDF */
|
|
124
|
+
const STOPWORDS = new Set([
|
|
125
|
+
'a',
|
|
126
|
+
'an',
|
|
127
|
+
'the',
|
|
128
|
+
'and',
|
|
129
|
+
'or',
|
|
130
|
+
'but',
|
|
131
|
+
'in',
|
|
132
|
+
'on',
|
|
133
|
+
'at',
|
|
134
|
+
'to',
|
|
135
|
+
'for',
|
|
136
|
+
'of',
|
|
137
|
+
'with',
|
|
138
|
+
'by',
|
|
139
|
+
'from',
|
|
140
|
+
'is',
|
|
141
|
+
'it',
|
|
142
|
+
'as',
|
|
143
|
+
'be',
|
|
144
|
+
'was',
|
|
145
|
+
'are',
|
|
146
|
+
'this',
|
|
147
|
+
'that',
|
|
148
|
+
'not',
|
|
149
|
+
'do',
|
|
150
|
+
'if',
|
|
151
|
+
'so',
|
|
152
|
+
'no',
|
|
153
|
+
'up',
|
|
154
|
+
'my',
|
|
155
|
+
'we',
|
|
156
|
+
'he',
|
|
157
|
+
'she',
|
|
158
|
+
'they',
|
|
159
|
+
'you',
|
|
160
|
+
'me',
|
|
161
|
+
'us',
|
|
162
|
+
'all',
|
|
163
|
+
'can',
|
|
164
|
+
'had',
|
|
165
|
+
'has',
|
|
166
|
+
'have',
|
|
167
|
+
'will',
|
|
168
|
+
'would',
|
|
169
|
+
'could',
|
|
170
|
+
'should',
|
|
171
|
+
'may',
|
|
172
|
+
'might',
|
|
173
|
+
'shall',
|
|
174
|
+
'been',
|
|
175
|
+
'being',
|
|
176
|
+
'were',
|
|
177
|
+
'did',
|
|
178
|
+
'does',
|
|
179
|
+
'its',
|
|
180
|
+
'than',
|
|
181
|
+
'then',
|
|
182
|
+
'when',
|
|
183
|
+
'what',
|
|
184
|
+
'which',
|
|
185
|
+
'who',
|
|
186
|
+
'how',
|
|
187
|
+
'there',
|
|
188
|
+
'here',
|
|
189
|
+
'about',
|
|
190
|
+
'into',
|
|
191
|
+
'over',
|
|
192
|
+
'after',
|
|
193
|
+
'also',
|
|
194
|
+
'each',
|
|
195
|
+
'just',
|
|
196
|
+
'only',
|
|
197
|
+
'very',
|
|
198
|
+
]);
|
|
199
|
+
//# sourceMappingURL=tfidf-embedding.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tfidf-embedding.js","sourceRoot":"","sources":["../../src/core/tfidf-embedding.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH;;;;GAIG;AACH,MAAM,OAAO,sBAAsB;IAAnC;QACU,eAAU,GAAwB,IAAI,GAAG,EAAE,CAAC;QAC5C,QAAG,GAAiB,IAAI,YAAY,CAAC,CAAC,CAAC,CAAC;QACxC,eAAU,GAAG,CAAC,CAAC;QACf,gBAAW,GAAG,CAAC,CAAC;IAgG1B,CAAC;IA9FC,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,GAAG,CAAC,SAAmB;QACrB,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC;QAEnC,uDAAuD;QACvD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YACnC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,YAAY,EAAE,CAAC;YACtC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YACjC,0CAA0C;YAC1C,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC;QACpC,IAAI,CAAC,GAAG,GAAG,IAAI,YAAY,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAe;QAC9B,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,IAAY;QACpB,IAAI,IAAI,CAAC,WAAW,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,EAAE,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE9C,yBAAyB;QACzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACtC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;gBACd,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,eAAe;QACf,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACxB,CAAC;QACD,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;YACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC1C,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC;IAED;;;OAGG;IACK,QAAQ,CAAC,IAAY;QAC3B,OAAO,IAAI;aACR,WAAW,EAAE;aACb,KAAK,CAAC,YAAY,CAAC;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,CAAW,EAAE,CAAW;IACvD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAEtD,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACnB,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACrB,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxD,OAAO,WAAW,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,WAAW,CAAC;AACnD,CAAC;AAED,sDAAsD;AACtD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;IACxB,GAAG;IACH,IAAI;IACJ,KAAK;IACL,KAAK;IACL,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,MAAM;IACN,IAAI;IACJ,MAAM;IACN,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,KAAK;IACL,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,MAAM;IACN,KAAK;IACL,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,KAAK;IACL,OAAO;IACP,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,KAAK;IACL,MAAM;IACN,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,OAAO;IACP,KAAK;IACL,KAAK;IACL,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;CACP,CAAC,CAAC"}
|
package/dist/core/types.d.ts
CHANGED
|
@@ -18,7 +18,7 @@ export interface Parameter {
|
|
|
18
18
|
* Authentication configuration for a tool
|
|
19
19
|
*/
|
|
20
20
|
export interface AuthConfig {
|
|
21
|
-
type
|
|
21
|
+
type?: 'none' | 'api_key' | 'oauth2' | 'basic' | 'bearer' | 'custom';
|
|
22
22
|
location?: 'header' | 'query' | 'body';
|
|
23
23
|
name?: string;
|
|
24
24
|
scheme?: string;
|
|
@@ -42,7 +42,7 @@ export interface HttpExecution {
|
|
|
42
42
|
method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
|
|
43
43
|
url: string;
|
|
44
44
|
headers?: Record<string, string>;
|
|
45
|
-
body?:
|
|
45
|
+
body?: unknown;
|
|
46
46
|
params?: Record<string, string>;
|
|
47
47
|
query_params?: Record<string, string>;
|
|
48
48
|
parameter_encoding?: ParameterEncodingConfig[];
|
|
@@ -70,12 +70,15 @@ export interface FunctionExecution {
|
|
|
70
70
|
timeout?: number;
|
|
71
71
|
}
|
|
72
72
|
/**
|
|
73
|
-
* Output schema for tool response validation
|
|
73
|
+
* Output schema for tool response validation.
|
|
74
|
+
* TypeScript interface inferred from Zod schema in schema.ts.
|
|
75
|
+
* Properties allows nested output schemas or any unknown structure for flexibility.
|
|
74
76
|
*/
|
|
75
77
|
export interface OutputSchema {
|
|
76
|
-
type
|
|
77
|
-
properties?: Record<string,
|
|
78
|
+
type?: string;
|
|
79
|
+
properties?: Record<string, unknown>;
|
|
78
80
|
items?: OutputSchema;
|
|
81
|
+
required?: string[];
|
|
79
82
|
description?: string;
|
|
80
83
|
}
|
|
81
84
|
/**
|
|
@@ -111,7 +114,7 @@ export interface ToolDefinition {
|
|
|
111
114
|
name: string;
|
|
112
115
|
version: string;
|
|
113
116
|
description: string;
|
|
114
|
-
parameters
|
|
117
|
+
parameters?: Record<string, Parameter>;
|
|
115
118
|
execution: HttpExecution | CommandExecution | FunctionExecution;
|
|
116
119
|
authentication?: AuthConfig;
|
|
117
120
|
output_schema?: OutputSchema;
|
|
@@ -126,6 +129,13 @@ export interface ToolDefinition {
|
|
|
126
129
|
* Set to true for destructive operations (CREATE, DELETE, DROP, etc.)
|
|
127
130
|
*/
|
|
128
131
|
requires_approval?: boolean;
|
|
132
|
+
/**
|
|
133
|
+
* Tool lifecycle status. Tools without a status are treated as 'approved'.
|
|
134
|
+
* - draft: Agent-created, not yet human-reviewed
|
|
135
|
+
* - approved: Human-reviewed and ready for use
|
|
136
|
+
* - deprecated: Scheduled for removal
|
|
137
|
+
*/
|
|
138
|
+
status?: 'draft' | 'approved' | 'deprecated';
|
|
129
139
|
/**
|
|
130
140
|
* Internal: Path to the tool definition file (set by ToolLoader)
|
|
131
141
|
* Used to resolve relative paths for function executors
|
|
@@ -206,5 +216,144 @@ export interface ExecuteOptions {
|
|
|
206
216
|
* duration of the execute() call.
|
|
207
217
|
*/
|
|
208
218
|
credentials?: Record<string, string>;
|
|
219
|
+
/**
|
|
220
|
+
* Policy context for the current execution. When a PolicyEngine is active,
|
|
221
|
+
* this context is checked against the tool's requirements before execution.
|
|
222
|
+
*/
|
|
223
|
+
context?: import('../policy/types').PolicyContext;
|
|
224
|
+
/**
|
|
225
|
+
* Skip approval check for this execution. Use when the caller (e.g., MCP layer)
|
|
226
|
+
* has already confirmed approval out-of-band, to avoid re-prompting the user.
|
|
227
|
+
* Does not override policy-level quarantine checks (pending_approval state).
|
|
228
|
+
* Default: false
|
|
229
|
+
*/
|
|
230
|
+
approved?: boolean;
|
|
231
|
+
}
|
|
232
|
+
/**
|
|
233
|
+
* Bundled resources within a skill directory (scripts, references, assets)
|
|
234
|
+
*/
|
|
235
|
+
export interface BundledResources {
|
|
236
|
+
scripts: string[];
|
|
237
|
+
references: string[];
|
|
238
|
+
assets: string[];
|
|
239
|
+
other: string[];
|
|
240
|
+
}
|
|
241
|
+
/**
|
|
242
|
+
* YAML frontmatter for a SKILL.md file
|
|
243
|
+
* Follows agentskills.io/specification
|
|
244
|
+
*/
|
|
245
|
+
export interface SkillFrontmatter {
|
|
246
|
+
name: string;
|
|
247
|
+
description: string;
|
|
248
|
+
version?: string;
|
|
249
|
+
license?: string;
|
|
250
|
+
compatibility?: string;
|
|
251
|
+
'allowed-tools'?: string | string[];
|
|
252
|
+
metadata?: Record<string, string>;
|
|
253
|
+
}
|
|
254
|
+
/**
|
|
255
|
+
* A single section of a skill body, parsed from Markdown headings.
|
|
256
|
+
*/
|
|
257
|
+
export interface SkillSection {
|
|
258
|
+
heading: string;
|
|
259
|
+
level: number;
|
|
260
|
+
content: string;
|
|
261
|
+
tokenEstimate: number;
|
|
262
|
+
children: SkillSection[];
|
|
263
|
+
path: string;
|
|
264
|
+
}
|
|
265
|
+
/**
|
|
266
|
+
* Parsed skill content (frontmatter + body + structured sections)
|
|
267
|
+
*/
|
|
268
|
+
export interface ParsedSkill {
|
|
269
|
+
frontmatter: SkillFrontmatter;
|
|
270
|
+
body: string;
|
|
271
|
+
raw: string;
|
|
272
|
+
sections?: SkillSection[];
|
|
273
|
+
totalTokens?: number;
|
|
274
|
+
}
|
|
275
|
+
/**
|
|
276
|
+
* Catalog metadata for a skill (download count, rating, etc.)
|
|
277
|
+
*/
|
|
278
|
+
export interface SkillCatalogInfo {
|
|
279
|
+
author: string;
|
|
280
|
+
downloads: number;
|
|
281
|
+
rating: number;
|
|
282
|
+
tags: string[];
|
|
283
|
+
publishedAt: string;
|
|
284
|
+
updatedAt: string;
|
|
285
|
+
repository?: string;
|
|
286
|
+
checksum?: string;
|
|
287
|
+
}
|
|
288
|
+
/**
|
|
289
|
+
* Complete skill definition
|
|
290
|
+
* Implements agentskills.io specification with Matimo extensions
|
|
291
|
+
*/
|
|
292
|
+
export interface SkillDefinition {
|
|
293
|
+
name: string;
|
|
294
|
+
description: string;
|
|
295
|
+
version?: string;
|
|
296
|
+
license?: string;
|
|
297
|
+
compatibility?: string;
|
|
298
|
+
allowedTools?: string[];
|
|
299
|
+
metadata?: Record<string, string>;
|
|
300
|
+
body: string;
|
|
301
|
+
/** Structured sections parsed from Markdown headings */
|
|
302
|
+
sections?: SkillSection[];
|
|
303
|
+
/** Approximate total token count for the skill body */
|
|
304
|
+
totalTokens?: number;
|
|
305
|
+
resources: BundledResources;
|
|
306
|
+
source: 'builtin' | 'user' | 'catalog';
|
|
307
|
+
_path?: string;
|
|
308
|
+
catalogInfo?: SkillCatalogInfo;
|
|
309
|
+
dependsOn?: string[];
|
|
310
|
+
}
|
|
311
|
+
/**
|
|
312
|
+
* Skill summary for discovery (Level 1 - minimal context)
|
|
313
|
+
*/
|
|
314
|
+
export interface SkillSummary {
|
|
315
|
+
name: string;
|
|
316
|
+
description: string;
|
|
317
|
+
version?: string;
|
|
318
|
+
license?: string;
|
|
319
|
+
metadata?: Record<string, string>;
|
|
320
|
+
source: 'builtin' | 'user' | 'catalog';
|
|
321
|
+
}
|
|
322
|
+
/**
|
|
323
|
+
* Options for searching skills
|
|
324
|
+
*/
|
|
325
|
+
export interface SearchSkillsOptions {
|
|
326
|
+
query?: string;
|
|
327
|
+
category?: string;
|
|
328
|
+
difficulty?: string;
|
|
329
|
+
tags?: string[];
|
|
330
|
+
author?: string;
|
|
331
|
+
limit?: number;
|
|
332
|
+
offset?: number;
|
|
333
|
+
/** Use semantic search via embeddings (requires an EmbeddingProvider) */
|
|
334
|
+
semantic?: boolean;
|
|
335
|
+
}
|
|
336
|
+
/**
|
|
337
|
+
* Options for selective skill content loading
|
|
338
|
+
*/
|
|
339
|
+
export interface SkillContentOptions {
|
|
340
|
+
/** Only return sections matching these headings (case-insensitive partial match) */
|
|
341
|
+
sections?: string[];
|
|
342
|
+
/** Maximum total tokens to return */
|
|
343
|
+
maxTokens?: number;
|
|
344
|
+
/** Include the preamble (default: true) */
|
|
345
|
+
includePreamble?: boolean;
|
|
346
|
+
/** Depth limit for section inclusion (1 = top-level only) */
|
|
347
|
+
maxDepth?: number;
|
|
348
|
+
}
|
|
349
|
+
/**
|
|
350
|
+
* Pluggable embedding provider for semantic skill search.
|
|
351
|
+
* Implement this interface to connect to OpenAI, Cohere, local models, etc.
|
|
352
|
+
*/
|
|
353
|
+
export interface EmbeddingProvider {
|
|
354
|
+
embed(text: string): Promise<number[]>;
|
|
355
|
+
embedBatch(texts: string[]): Promise<number[][]>;
|
|
356
|
+
/** Embedding dimensionality */
|
|
357
|
+
dimensions: number;
|
|
209
358
|
}
|
|
210
359
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/core/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAE1E;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,OAAO,GAAG,QAAQ,CAAC;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,IAAI,CAAC,EAAE,CAAC,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,EAAE,CAAC;IACrC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAE1E;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,OAAO,GAAG,QAAQ,CAAC;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,IAAI,CAAC,EAAE,CAAC,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,EAAE,CAAC;IACrC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACrE,QAAQ,CAAC,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,OAAO,CAAC;IACpD,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,kBAAkB,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,UAAU,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,aAAa,GAAG,QAAQ,GAAG,OAAO,CAAC;IAClD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACvC,SAAS,EAAE,aAAa,GAAG,gBAAgB,GAAG,iBAAiB,CAAC;IAChE,cAAc,CAAC,EAAE,UAAU,CAAC;IAC5B,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B,aAAa,CAAC,EAAE,eAAe,CAAC;IAChC,cAAc,CAAC,EAAE,mBAAmB,CAAC;IACrC,QAAQ,CAAC,EAAE,WAAW,EAAE,CAAC;IACzB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B;;;;;OAKG;IACH,MAAM,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,YAAY,CAAC;IAC7C;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,SAAS,EAAE,IAAI,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,eAAe,EAAE,CAAC;CAC3B;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,cAAc;IAC7B;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;;;;;;;;;;;;OAgBG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,iBAAiB,EAAE,aAAa,CAAC;IAClD;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,gBAAgB,CAAC;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,YAAY,EAAE,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,QAAQ,CAAC,EAAE,YAAY,EAAE,CAAC;IAC1B,uDAAuD;IACvD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,gBAAgB,CAAC;IAC5B,MAAM,EAAE,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAE/B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,MAAM,EAAE,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,oFAAoF;IACpF,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACvC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjD,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;CACpB"}
|
|
@@ -12,7 +12,9 @@ export declare enum ErrorCode {
|
|
|
12
12
|
TIMEOUT = "TIMEOUT",
|
|
13
13
|
NETWORK_ERROR = "NETWORK_ERROR",
|
|
14
14
|
INVALID_PARAMETER = "INVALID_PARAMETER",
|
|
15
|
-
UNKNOWN_ERROR = "UNKNOWN_ERROR"
|
|
15
|
+
UNKNOWN_ERROR = "UNKNOWN_ERROR",
|
|
16
|
+
POLICY_DENIED = "POLICY_DENIED",
|
|
17
|
+
POLICY_TIER_BLOCKED = "POLICY_TIER_BLOCKED"
|
|
16
18
|
}
|
|
17
19
|
/**
|
|
18
20
|
* Custom error class for Matimo
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"matimo-error.d.ts","sourceRoot":"","sources":["../../src/errors/matimo-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,oBAAY,SAAS;IACnB,cAAc,mBAAmB;IACjC,gBAAgB,qBAAqB;IACrC,WAAW,gBAAgB;IAC3B,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IACjC,iBAAiB,sBAAsB;IACvC,mBAAmB,wBAAwB;IAC3C,OAAO,YAAY;IACnB,aAAa,kBAAkB;IAC/B,iBAAiB,sBAAsB;IACvC,aAAa,kBAAkB;
|
|
1
|
+
{"version":3,"file":"matimo-error.d.ts","sourceRoot":"","sources":["../../src/errors/matimo-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,oBAAY,SAAS;IACnB,cAAc,mBAAmB;IACjC,gBAAgB,qBAAqB;IACrC,WAAW,gBAAgB;IAC3B,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IACjC,iBAAiB,sBAAsB;IACvC,mBAAmB,wBAAwB;IAC3C,OAAO,YAAY;IACnB,aAAa,kBAAkB;IAC/B,iBAAiB,sBAAsB;IACvC,aAAa,kBAAkB;IAC/B,aAAa,kBAAkB;IAC/B,mBAAmB,wBAAwB;CAC5C;AAED;;GAEG;AACH,qBAAa,WAAY,SAAQ,KAAK;IAK3B,IAAI,EAAE,SAAS;IACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IALnC,KAAK,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC;gBAG7B,OAAO,EAAE,MAAM,EACR,IAAI,EAAE,SAAS,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,YAAA,EACxC,KAAK,CAAC,EAAE,KAAK,GAAG,OAAO;IAOzB,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAYlC;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,SAAwB,eAW5E;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,WAAW,CAEb;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,WAAW,CAEb"}
|
|
@@ -14,6 +14,8 @@ export var ErrorCode;
|
|
|
14
14
|
ErrorCode["NETWORK_ERROR"] = "NETWORK_ERROR";
|
|
15
15
|
ErrorCode["INVALID_PARAMETER"] = "INVALID_PARAMETER";
|
|
16
16
|
ErrorCode["UNKNOWN_ERROR"] = "UNKNOWN_ERROR";
|
|
17
|
+
ErrorCode["POLICY_DENIED"] = "POLICY_DENIED";
|
|
18
|
+
ErrorCode["POLICY_TIER_BLOCKED"] = "POLICY_TIER_BLOCKED";
|
|
17
19
|
})(ErrorCode || (ErrorCode = {}));
|
|
18
20
|
/**
|
|
19
21
|
* Custom error class for Matimo
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"matimo-error.js","sourceRoot":"","sources":["../../src/errors/matimo-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,CAAN,IAAY,
|
|
1
|
+
{"version":3,"file":"matimo-error.js","sourceRoot":"","sources":["../../src/errors/matimo-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,CAAN,IAAY,SAcX;AAdD,WAAY,SAAS;IACnB,8CAAiC,CAAA;IACjC,kDAAqC,CAAA;IACrC,wCAA2B,CAAA;IAC3B,8CAAiC,CAAA;IACjC,8CAAiC,CAAA;IACjC,oDAAuC,CAAA;IACvC,wDAA2C,CAAA;IAC3C,gCAAmB,CAAA;IACnB,4CAA+B,CAAA;IAC/B,oDAAuC,CAAA;IACvC,4CAA+B,CAAA;IAC/B,4CAA+B,CAAA;IAC/B,wDAA2C,CAAA;AAC7C,CAAC,EAdW,SAAS,KAAT,SAAS,QAcpB;AAED;;GAEG;AACH,MAAM,OAAO,WAAY,SAAQ,KAAK;IAGpC,YACE,OAAe,EACR,IAAe,EACf,OAAiC,EACxC,KAAuB;QAEvB,KAAK,CAAC,OAAO,CAAC,CAAC;QAJR,SAAI,GAAJ,IAAI,CAAW;QACf,YAAO,GAAP,OAAO,CAA0B;QAIxC,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAC1B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,MAAM;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EACH,IAAI,CAAC,KAAK,YAAY,KAAK;gBACzB,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;gBACxD,CAAC,CAAC,IAAI,CAAC,KAAK;SACjB,CAAC;IACJ,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc,EAAE,OAAO,GAAG,qBAAqB;IAC3E,8CAA8C;IAC9C,MAAM,KAAK,GAAG,KAA4C,CAAC;IAC3D,MAAM,QAAQ,GAAG,KAAK,EAAE,QAA+C,CAAC;IACxE,MAAM,UAAU,GAAI,QAAQ,EAAE,MAA6B,IAAI,GAAG,CAAC;IACnE,MAAM,OAAO,GAAG,QAAQ,EAAE,IAA2C,CAAC;IACtE,MAAM,IAAI,GAA4B,EAAE,UAAU,EAAE,CAAC;IACrD,IAAI,OAAO,KAAK,SAAS;QAAE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAClD,oFAAoF;IACpF,IAAI,CAAC,aAAa,GAAG,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO,IAAI,WAAW,CAAC,OAAO,EAAE,SAAS,CAAC,gBAAgB,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAe,EACf,OAAiC;IAEjC,OAAO,IAAI,WAAW,CAAC,OAAO,EAAE,SAAS,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;AACxE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAe,EACf,OAAiC;IAEjC,OAAO,IAAI,WAAW,CAAC,OAAO,EAAE,SAAS,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;AACvE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"command-executor.d.ts","sourceRoot":"","sources":["../../src/executors/command-executor.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAGhD;;;GAGG;AAEH,qBAAa,eAAe;IAC1B,OAAO,CAAC,GAAG,CAAC,CAAS;gBAET,GAAG,CAAC,EAAE,MAAM;IAIxB;;;;;;;;;OASG;IACG,OAAO,CACX,IAAI,EAAE,cAAc,EACpB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACnC,OAAO,CAAC,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"command-executor.d.ts","sourceRoot":"","sources":["../../src/executors/command-executor.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAGhD;;;GAGG;AAEH,qBAAa,eAAe;IAC1B,OAAO,CAAC,GAAG,CAAC,CAAS;gBAET,GAAG,CAAC,EAAE,MAAM;IAIxB;;;;;;;;;OASG;IACG,OAAO,CACX,IAAI,EAAE,cAAc,EACpB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACnC,OAAO,CAAC,OAAO,CAAC;IA4GnB;;OAEG;IACH,OAAO,CAAC,cAAc;CAQvB;AAED,eAAe,eAAe,CAAC"}
|
|
@@ -27,8 +27,19 @@ export class CommandExecutor {
|
|
|
27
27
|
}
|
|
28
28
|
const { command, args = [], timeout = 30000 } = tool.execution;
|
|
29
29
|
const startTime = Date.now();
|
|
30
|
-
//
|
|
31
|
-
|
|
30
|
+
// SECURITY: command must be a fixed executable — never a templated value.
|
|
31
|
+
// Only 'args' may contain {placeholder} tokens.
|
|
32
|
+
// ReDoS protection: commands are typically <256 chars; limit regex testing to 1024 chars
|
|
33
|
+
// to prevent polynomial backtracking on malicious inputs (e.g. repeated opening braces).
|
|
34
|
+
if (command.length <= 1024 && /\{[^}]+\}/u.test(command)) {
|
|
35
|
+
throw new MatimoError(`execution.command must not contain parameter placeholders — only 'args' may be templated. ` +
|
|
36
|
+
`Found: '${command}'. Move the dynamic part into 'args'.`, ErrorCode.EXECUTION_FAILED, { toolName: tool.name });
|
|
37
|
+
}
|
|
38
|
+
else if (command.length > 1024) {
|
|
39
|
+
throw new MatimoError(`execution.command exceeds maximum length (1024 chars): ${command.length} chars. ` +
|
|
40
|
+
'Command must be a simple executable path.', ErrorCode.EXECUTION_FAILED, { toolName: tool.name, length: command.length });
|
|
41
|
+
}
|
|
42
|
+
const templatedCommand = command; // Never template the executable
|
|
32
43
|
const templatedArgs = args.map((arg) => this.templateString(arg, params));
|
|
33
44
|
return new Promise((resolve) => {
|
|
34
45
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"command-executor.js","sourceRoot":"","sources":["../../src/executors/command-executor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAEtC,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEhE;;;GAGG;AAEH,MAAM,OAAO,eAAe;IAG1B,YAAY,GAAY;QACtB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,OAAO,CACX,IAAoB,EACpB,MAA+B,EAC/B,WAAoC;QAEpC,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,WAAW,CAAC,oCAAoC,EAAE,SAAS,CAAC,gBAAgB,EAAE;gBACtF,YAAY,EAAE,SAAS;gBACvB,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;aAChC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC;QAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,
|
|
1
|
+
{"version":3,"file":"command-executor.js","sourceRoot":"","sources":["../../src/executors/command-executor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAEtC,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEhE;;;GAGG;AAEH,MAAM,OAAO,eAAe;IAG1B,YAAY,GAAY;QACtB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,OAAO,CACX,IAAoB,EACpB,MAA+B,EAC/B,WAAoC;QAEpC,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,WAAW,CAAC,oCAAoC,EAAE,SAAS,CAAC,gBAAgB,EAAE;gBACtF,YAAY,EAAE,SAAS;gBACvB,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;aAChC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC;QAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,0EAA0E;QAC1E,gDAAgD;QAChD,yFAAyF;QACzF,yFAAyF;QACzF,IAAI,OAAO,CAAC,MAAM,IAAI,IAAI,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,WAAW,CACnB,4FAA4F;gBAC1F,WAAW,OAAO,uCAAuC,EAC3D,SAAS,CAAC,gBAAgB,EAC1B,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CACxB,CAAC;QACJ,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;YACjC,MAAM,IAAI,WAAW,CACnB,0DAA0D,OAAO,CAAC,MAAM,UAAU;gBAChF,2CAA2C,EAC7C,SAAS,CAAC,gBAAgB,EAC1B,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAChD,CAAC;QACJ,CAAC;QACD,MAAM,gBAAgB,GAAG,OAAO,CAAC,CAAC,gCAAgC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC;QAE1E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,8DAA8D;YAC9D,MAAM,YAAY,GAAQ;gBACxB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,uEAAuE;gBACvE,oEAAoE;gBACpE,qEAAqE;gBACrE,2CAA2C;gBAC3C,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG;aACpE,CAAC;YAEF,oCAAoC;YACpC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACb,YAAY,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;YAC9B,CAAC;YAED,MAAM,KAAK,GAAG,KAAK,CAAC,gBAAgB,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;YAEnE,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,QAAQ,GAAG,KAAK,CAAC;YAErB,iBAAiB;YACjB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,QAAQ,GAAG,IAAI,CAAC;gBAChB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxB,CAAC,EAAE,OAAO,CAAC,CAAC;YAEZ,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACzB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAExC,IAAI,QAAQ,EAAE,CAAC;oBACb,OAAO,CAAC;wBACN,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,SAAS;wBAChB,QAAQ,EAAE,CAAC,CAAC;wBACZ,QAAQ;qBACT,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC;oBAC3B,MAAM,OAAO,GAAG,QAAQ,KAAK,CAAC,CAAC;oBAE/B,OAAO,CAAC;wBACN,OAAO;wBACP,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;wBACrB,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;wBACrB,QAAQ;wBACR,QAAQ;qBACT,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC1B,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAExC,OAAO,CAAC;oBACN,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,KAAK,CAAC,OAAO;oBACpB,QAAQ,EAAE,CAAC,CAAC;oBACZ,QAAQ;iBACT,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAW,EAAE,MAA+B;QACjE,IAAI,MAAM,GAAG,GAAG,CAAC;QACjB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,GAAG,GAAG,CAAC;YAC/B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,eAAe,eAAe,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"function-executor.d.ts","sourceRoot":"","sources":["../../src/executors/function-executor.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"function-executor.d.ts","sourceRoot":"","sources":["../../src/executors/function-executor.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAIhD;;;;;;;;;;GAUG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,SAAS,CAAS;gBAEd,SAAS,CAAC,EAAE,MAAM;IAI9B;;;;;;;;;;OAUG;IACG,OAAO,CACX,IAAI,EAAE,cAAc,EACpB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACnC,OAAO,CAAC,OAAO,CAAC;CAkMpB;AAED,eAAe,gBAAgB,CAAC"}
|
|
@@ -1,7 +1,5 @@
|
|
|
1
|
-
import fs from 'fs';
|
|
2
1
|
import path from 'path';
|
|
3
2
|
import { pathToFileURL } from 'node:url';
|
|
4
|
-
import axios from 'axios';
|
|
5
3
|
import { MatimoError, ErrorCode } from '../errors/matimo-error';
|
|
6
4
|
import { getGlobalMatimoLogger } from '../logging/logger';
|
|
7
5
|
/**
|
|
@@ -148,28 +146,43 @@ export class FunctionExecutor {
|
|
|
148
146
|
.catch(handleError);
|
|
149
147
|
}
|
|
150
148
|
else {
|
|
151
|
-
//
|
|
152
|
-
//
|
|
153
|
-
//
|
|
154
|
-
//
|
|
155
|
-
|
|
156
|
-
if (
|
|
157
|
-
throw new MatimoError('
|
|
149
|
+
// ── Embedded code execution ──────────────────────────────────────
|
|
150
|
+
// Requires explicit admin opt-in: MATIMO_ALLOW_EMBEDDED_CODE=true
|
|
151
|
+
// Even when enabled, a static security scan runs before evaluation
|
|
152
|
+
// to block known exploit patterns. No dangerous globals are passed
|
|
153
|
+
// into the sandbox — only `params` is accessible.
|
|
154
|
+
if (process.env.MATIMO_ALLOW_EMBEDDED_CODE !== 'true') {
|
|
155
|
+
throw new MatimoError(`Tool '${tool.name}': embedded code execution is disabled by default. ` +
|
|
156
|
+
'Set MATIMO_ALLOW_EMBEDDED_CODE=true to enable, or use a colocated .ts/.js file instead ' +
|
|
157
|
+
"(set execution.code to its relative path, e.g. './my-tool.ts').", ErrorCode.EXECUTION_FAILED, {
|
|
158
158
|
toolName: tool.name,
|
|
159
|
-
recommendation: 'Create a separate .ts file in the tool directory
|
|
160
|
-
enableFeatureFlag: 'Set MATIMO_ALLOW_EMBEDDED_CODE=true to enable (not recommended)',
|
|
159
|
+
recommendation: 'Create a separate .ts file in the tool directory and set execution.code to its relative path',
|
|
161
160
|
});
|
|
162
161
|
}
|
|
163
|
-
//
|
|
162
|
+
// Static security scan — reject code containing dangerous constructs
|
|
163
|
+
// BEFORE new Function() is ever called.
|
|
164
|
+
const BLOCKED_PATTERNS = [
|
|
165
|
+
{ re: /\brequire\s*\(/u, label: 'require()' },
|
|
166
|
+
{ re: /\bimport\s*\(/u, label: 'dynamic import()' },
|
|
167
|
+
{ re: /\bprocess\b/u, label: 'process object' },
|
|
168
|
+
{ re: /\b__dirname\b|\b__filename\b/u, label: '__dirname / __filename' },
|
|
169
|
+
{ re: /\beval\s*\(/u, label: 'eval()' },
|
|
170
|
+
{ re: /\bnew\s+Function\b/u, label: 'new Function()' },
|
|
171
|
+
{ re: /\bglobalThis\b|\bglobal\b/u, label: 'global / globalThis' },
|
|
172
|
+
];
|
|
173
|
+
for (const { re, label } of BLOCKED_PATTERNS) {
|
|
174
|
+
if (re.test(code)) {
|
|
175
|
+
throw new MatimoError(`Embedded code in tool '${tool.name}' contains a blocked construct: '${label}'. ` +
|
|
176
|
+
'Embedded code may only access the provided params argument.', ErrorCode.EXECUTION_FAILED, { toolName: tool.name, blockedConstruct: label });
|
|
177
|
+
}
|
|
178
|
+
}
|
|
164
179
|
const logger = getGlobalMatimoLogger();
|
|
165
|
-
logger.warn(
|
|
166
|
-
//
|
|
167
|
-
//
|
|
168
|
-
|
|
169
|
-
const fn = new Function(
|
|
170
|
-
|
|
171
|
-
const result = fn(params, {}, fs, path, axios, undefined);
|
|
172
|
-
// Handle both Promise and non-Promise returns
|
|
180
|
+
logger.warn(`Executing embedded code for tool '${tool.name}'. Ensure this tool YAML is from a trusted source.`, { toolName: tool.name });
|
|
181
|
+
// Execute with strict mode and only params in scope.
|
|
182
|
+
// No fs, path, axios, or require are passed — embedded code is
|
|
183
|
+
// intentionally limited to pure data transformation of params.
|
|
184
|
+
const fn = new Function('params', '"use strict";\nreturn (' + code + ')(params);');
|
|
185
|
+
const result = fn(params);
|
|
173
186
|
if (result instanceof Promise) {
|
|
174
187
|
result.then(handleSuccess).catch(handleError);
|
|
175
188
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"function-executor.js","sourceRoot":"","sources":["../../src/executors/function-executor.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"function-executor.js","sourceRoot":"","sources":["../../src/executors/function-executor.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAE1D;;;;;;;;;;GAUG;AACH,MAAM,OAAO,gBAAgB;IAG3B,YAAY,SAAkB;QAC5B,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAC9C,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,OAAO,CACX,IAAoB,EACpB,MAA+B,EAC/B,WAAoC;QAEpC,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YACvC,MAAM,IAAI,WAAW,CAAC,qCAAqC,EAAE,SAAS,CAAC,gBAAgB,EAAE;gBACvF,YAAY,EAAE,UAAU;gBACxB,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;aAChC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC;QAEjD,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,WAAW,CAAC,wBAAwB,EAAE,SAAS,CAAC,gBAAgB,EAAE;gBAC1E,QAAQ,EAAE,IAAI,CAAC,IAAI;aACpB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,QAAQ,GAAG,KAAK,CAAC;YACrB,IAAI,OAAO,GAAG,KAAK,CAAC;YAEpB,0CAA0C;YAC1C,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,QAAQ,GAAG,IAAI,CAAC;gBAChB,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,OAAO,CAAC;wBACN,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,4BAA4B;wBACnC,IAAI,EAAE,SAAS,CAAC,gBAAgB;qBACjC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,EAAE,OAAO,CAAC,CAAC;YAEZ,MAAM,OAAO,GAAG,GAAG,EAAE;gBACnB,YAAY,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC,CAAC;YAEF,MAAM,WAAW,GAAG,CAAC,KAAc,EAAE,EAAE;gBACrC,OAAO,EAAE,CAAC;gBACV,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,gDAAgD;oBAChD,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;wBACjC,OAAO,CAAC;4BACN,OAAO,EAAE,KAAK;4BACd,KAAK,EAAE,KAAK,CAAC,OAAO;4BACpB,IAAI,EAAE,KAAK,CAAC,IAAI;4BAChB,OAAO,EAAE,KAAK,CAAC,OAAO;yBACvB,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;wBAClC,OAAO,CAAC;4BACN,OAAO,EAAE,KAAK;4BACd,KAAK,EAAE,KAAK,CAAC,OAAO;yBACrB,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC;4BACN,OAAO,EAAE,KAAK;4BACd,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;yBACrB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,aAAa,GAAG,CAAC,IAAa,EAAE,EAAE;gBACtC,OAAO,EAAE,CAAC;gBACV,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAC;oBACf,IAAI,QAAQ,EAAE,CAAC;wBACb,OAAO,CAAC;4BACN,OAAO,EAAE,KAAK;4BACd,KAAK,EAAE,4BAA4B;4BACnC,IAAI,EAAE,SAAS,CAAC,gBAAgB;yBACjC,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,IAAI,CAAC,CAAC;oBAChB,CAAC;gBACH,CAAC;YACH,CAAC,CAAC;YAEF,IAAI,CAAC;gBACH,uEAAuE;gBACvE,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1E,iDAAiD;oBACjD,4CAA4C;oBAE5C,wDAAwD;oBACxD,IAAI,YAAoB,CAAC;oBACzB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;wBACzB,mEAAmE;wBACnE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;wBACzD,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;oBACnD,CAAC;yBAAM,CAAC;wBACN,2DAA2D;wBAC3D,wDAAwD;wBACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC;wBAC3B,IAAI,OAAe,CAAC;wBACpB,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;4BAC3B,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;4BAClC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;4BAC1B,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;wBAC1D,CAAC;6BAAM,CAAC;4BACN,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;wBAChD,CAAC;wBACD,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC7C,CAAC;oBAED,MAAM,OAAO,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBAEjD,iFAAiF;oBACjF,MAAM,CAAC,OAAO,CAAC;yBACZ,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;wBACf,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAGf,CAAC;wBACtB,MAAM,MAAM,GAAG,EAAE,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;wBAErE,8CAA8C;wBAC9C,IAAI,MAAM,YAAY,OAAO,EAAE,CAAC;4BAC9B,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;wBAChD,CAAC;6BAAM,CAAC;4BACN,aAAa,CAAC,MAAM,CAAC,CAAC;wBACxB,CAAC;oBACH,CAAC,CAAC;yBACD,KAAK,CAAC,WAAW,CAAC,CAAC;gBACxB,CAAC;qBAAM,CAAC;oBACN,oEAAoE;oBACpE,kEAAkE;oBAClE,mEAAmE;oBACnE,mEAAmE;oBACnE,kDAAkD;oBAElD,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,KAAK,MAAM,EAAE,CAAC;wBACtD,MAAM,IAAI,WAAW,CACnB,SAAS,IAAI,CAAC,IAAI,qDAAqD;4BACrE,yFAAyF;4BACzF,iEAAiE,EACnE,SAAS,CAAC,gBAAgB,EAC1B;4BACE,QAAQ,EAAE,IAAI,CAAC,IAAI;4BACnB,cAAc,EACZ,8FAA8F;yBACjG,CACF,CAAC;oBACJ,CAAC;oBAED,qEAAqE;oBACrE,wCAAwC;oBACxC,MAAM,gBAAgB,GAAoC;wBACxD,EAAE,EAAE,EAAE,iBAAiB,EAAE,KAAK,EAAE,WAAW,EAAE;wBAC7C,EAAE,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE,kBAAkB,EAAE;wBACnD,EAAE,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,gBAAgB,EAAE;wBAC/C,EAAE,EAAE,EAAE,+BAA+B,EAAE,KAAK,EAAE,wBAAwB,EAAE;wBACxE,EAAE,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE;wBACvC,EAAE,EAAE,EAAE,qBAAqB,EAAE,KAAK,EAAE,gBAAgB,EAAE;wBACtD,EAAE,EAAE,EAAE,4BAA4B,EAAE,KAAK,EAAE,qBAAqB,EAAE;qBACnE,CAAC;oBAEF,KAAK,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,gBAAgB,EAAE,CAAC;wBAC7C,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;4BAClB,MAAM,IAAI,WAAW,CACnB,0BAA0B,IAAI,CAAC,IAAI,oCAAoC,KAAK,KAAK;gCAC/E,6DAA6D,EAC/D,SAAS,CAAC,gBAAgB,EAC1B,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,CACjD,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAED,MAAM,MAAM,GAAG,qBAAqB,EAAE,CAAC;oBACvC,MAAM,CAAC,IAAI,CACT,qCAAqC,IAAI,CAAC,IAAI,oDAAoD,EAClG,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CACxB,CAAC;oBAEF,qDAAqD;oBACrD,+DAA+D;oBAC/D,+DAA+D;oBAC/D,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,QAAQ,EAAE,yBAAyB,GAAG,IAAI,GAAG,YAAY,CAE5D,CAAC;oBAEtB,MAAM,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;oBAC1B,IAAI,MAAM,YAAY,OAAO,EAAE,CAAC;wBAC9B,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;oBAChD,CAAC;yBAAM,CAAC;wBACN,aAAa,CAAC,MAAM,CAAC,CAAC;oBACxB,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,WAAW,CAAC,KAAK,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,gBAAgB,CAAC"}
|