@mondaydotcomorg/atp-server 0.17.14

package/dist/utils/provenance-reattachment.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Provenance Re-attachment Utility
+ *
+ * Re-attaches provenance to values based on verified hints
+ */
+import { type ProvenanceMetadata } from '@mondaydotcomorg/atp-provenance';
+/**
+ * Store hint map for an execution
+ */
+export declare function storeHintMap(executionId: string, hintMap: Map<string, ProvenanceMetadata>): void;
+/**
+ * Store a hint value for substring matching
+ */
+export declare function storeHintValue(executionId: string, value: string, metadata: ProvenanceMetadata): void;
+/**
+ * Get hint map for an execution
+ */
+export declare function getHintMap(executionId: string): Map<string, ProvenanceMetadata> | undefined;
+/**
+ * Get hint values for an execution (for substring matching)
+ */
+export declare function getHintValues(executionId: string): Map<string, ProvenanceMetadata> | undefined;
+/**
+ * Clear hint map for an execution (cleanup)
+ */
+export declare function clearHintMap(executionId: string): void;
+/**
+ * Re-attach provenance from hints to tool arguments
+ * Scans arguments recursively and attaches provenance based on value digests
+ */
+export declare function reattachProvenanceFromHints(args: Record<string, unknown>, hintMap: Map<string, ProvenanceMetadata>): void;
+//# sourceMappingURL=provenance-reattachment.d.ts.map

package/dist/utils/provenance-reattachment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provenance-reattachment.d.ts","sourceRoot":"","sources":["../../src/utils/provenance-reattachment.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAMN,KAAK,kBAAkB,EACvB,MAAM,iCAAiC,CAAC;AAczC;;GAEG;AACH,wBAAgB,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,GAAG,IAAI,CAEhG;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC7B,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,kBAAkB,GAC1B,IAAI,CAON;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,GAAG,SAAS,CAE3F;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,GAAG,SAAS,CAE9F;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAGtD;AAED;;;GAGG;AACH,wBAAgB,2BAA2B,CAC1C,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,GACtC,IAAI,CAiEN"}

package/dist/utils/provenance-reattachment.js

@@ -0,0 +1,115 @@
+/**
+ * Provenance Re-attachment Utility
+ *
+ * Re-attaches provenance to values based on verified hints
+ */
+import { getProvenance, getProvenanceForPrimitive, markPrimitiveTainted, computeDigest, } from '@mondaydotcomorg/atp-provenance';
+/**
+ * Global registry of hint maps per execution
+ * Key: executionId, Value: Map<digest, metadata>
+ */
+const executionHintMaps = new Map();
+/**
+ * Global registry of hint values per execution
+ * Key: executionId, Value: Map<value, metadata> for substring checking
+ */
+const executionHintValues = new Map();
+/**
+ * Store hint map for an execution
+ */
+export function storeHintMap(executionId, hintMap) {
+    executionHintMaps.set(executionId, hintMap);
+}
+/**
+ * Store a hint value for substring matching
+ */
+export function storeHintValue(executionId, value, metadata) {
+    let valueMap = executionHintValues.get(executionId);
+    if (!valueMap) {
+        valueMap = new Map();
+        executionHintValues.set(executionId, valueMap);
+    }
+    valueMap.set(value, metadata);
+}
+/**
+ * Get hint map for an execution
+ */
+export function getHintMap(executionId) {
+    return executionHintMaps.get(executionId);
+}
+/**
+ * Get hint values for an execution (for substring matching)
+ */
+export function getHintValues(executionId) {
+    return executionHintValues.get(executionId);
+}
+/**
+ * Clear hint map for an execution (cleanup)
+ */
+export function clearHintMap(executionId) {
+    executionHintMaps.delete(executionId);
+    executionHintValues.delete(executionId);
+}
+/**
+ * Re-attach provenance from hints to tool arguments
+ * Scans arguments recursively and attaches provenance based on value digests
+ */
+export function reattachProvenanceFromHints(args, hintMap) {
+    if (!hintMap || hintMap.size === 0) {
+        return;
+    }
+    const visited = new WeakSet();
+    function processValue(value) {
+        if (value === null || value === undefined) {
+            return;
+        }
+        // Handle primitives (string/number)
+        if (typeof value === 'string' || typeof value === 'number') {
+            // Skip if already has provenance
+            if (getProvenanceForPrimitive(value)) {
+                return;
+            }
+            // Compute digest and check hint map
+            const digest = computeDigest(value);
+            if (digest && hintMap.has(digest)) {
+                const metadata = hintMap.get(digest);
+                markPrimitiveTainted(value, metadata);
+            }
+            return;
+        }
+        // Handle objects/arrays
+        if (typeof value === 'object') {
+            // Prevent circular reference processing
+            if (visited.has(value)) {
+                return;
+            }
+            visited.add(value);
+            // Skip if already has provenance
+            if (getProvenance(value)) {
+                return;
+            }
+            // Check if object itself has provenance in hints
+            const digest = computeDigest(value);
+            if (digest && hintMap.has(digest)) {
+                const metadata = hintMap.get(digest);
+                // Note: We can't modify the object in place, but we mark primitives inside
+            }
+            // Process children
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    processValue(item);
+                }
+            }
+            else {
+                for (const childValue of Object.values(value)) {
+                    processValue(childValue);
+                }
+            }
+        }
+    }
+    // Process all argument values
+    for (const value of Object.values(args)) {
+        processValue(value);
+    }
+}
+//# sourceMappingURL=provenance-reattachment.js.map

package/dist/utils/provenance-reattachment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provenance-reattachment.js","sourceRoot":"","sources":["../../src/utils/provenance-reattachment.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EACN,aAAa,EACb,yBAAyB,EAEzB,oBAAoB,EACpB,aAAa,GAEb,MAAM,iCAAiC,CAAC;AAEzC;;;GAGG;AACH,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAA2C,CAAC;AAE7E;;;GAGG;AACH,MAAM,mBAAmB,GAAG,IAAI,GAAG,EAA2C,CAAC;AAE/E;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,WAAmB,EAAE,OAAwC;IACzF,iBAAiB,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC7B,WAAmB,EACnB,KAAa,EACb,QAA4B;IAE5B,IAAI,QAAQ,GAAG,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACf,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;QACrB,mBAAmB,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,WAAmB;IAC7C,OAAO,iBAAiB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAChD,OAAO,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,WAAmB;IAC/C,iBAAiB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACtC,mBAAmB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AACzC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,2BAA2B,CAC1C,IAA6B,EAC7B,OAAwC;IAExC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO;IACR,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,OAAO,EAAU,CAAC;IAEtC,SAAS,YAAY,CAAC,KAAc;QACnC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC3C,OAAO;QACR,CAAC;QAED,oCAAoC;QACpC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC5D,iCAAiC;YACjC,IAAI,yBAAyB,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtC,OAAO;YACR,CAAC;YAED,oCAAoC;YACpC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YACpC,IAAI,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC;gBACtC,oBAAoB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YACvC,CAAC;YACD,OAAO;QACR,CAAC;QAED,wBAAwB;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B,wCAAwC;YACxC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAe,CAAC,EAAE,CAAC;gBAClC,OAAO;YACR,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,KAAe,CAAC,CAAC;YAE7B,iCAAiC;YACjC,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO;YACR,CAAC;YAED,iDAAiD;YACjD,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YACpC,IAAI,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC;gBACtC,2EAA2E;YAC5E,CAAC;YAED,mBAAmB;YACnB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBAC1B,YAAY,CAAC,IAAI,CAAC,CAAC;gBACpB,CAAC;YACF,CAAC;iBAAM,CAAC;gBACP,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,KAAgC,CAAC,EAAE,CAAC;oBAC1E,YAAY,CAAC,UAAU,CAAC,CAAC;gBAC1B,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC;IAED,8BAA8B;IAC9B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,YAAY,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;AACF,CAAC"}

package/dist/utils/request.d.ts

@@ -0,0 +1,21 @@
+import { IncomingMessage } from 'node:http';
+/**
+ * Default maximum request body size (10MB)
+ */
+export declare const DEFAULT_MAX_BODY_SIZE: number;
+/**
+ * Reads the full request body as a string
+ * @param req - The HTTP request
+ * @param maxSize - Maximum allowed body size in bytes (default: 10MB)
+ * @returns Promise resolving to the complete body string
+ * @throws Error if body exceeds maxSize
+ */
+export declare function readBody(req: IncomingMessage, maxSize?: number): Promise<string>;
+/**
+ * Reads and parses request body as JSON
+ * @param req - The HTTP request
+ * @param maxSize - Maximum allowed body size in bytes
+ * @returns Promise resolving to the parsed JSON object
+ */
+export declare function readJsonBody<T = any>(req: IncomingMessage, maxSize?: number): Promise<T>;
+//# sourceMappingURL=request.d.ts.map

package/dist/utils/request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../src/utils/request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C;;GAEG;AACH,eAAO,MAAM,qBAAqB,QAAmB,CAAC;AAEtD;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,SAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAoB/F;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,CAAC,GAAG,GAAG,EACzC,GAAG,EAAE,eAAe,EACpB,OAAO,SAAwB,GAC7B,OAAO,CAAC,CAAC,CAAC,CAOZ"}

package/dist/utils/request.js

@@ -0,0 +1,44 @@
+/**
+ * Default maximum request body size (10MB)
+ */
+export const DEFAULT_MAX_BODY_SIZE = 10 * 1024 * 1024;
+/**
+ * Reads the full request body as a string
+ * @param req - The HTTP request
+ * @param maxSize - Maximum allowed body size in bytes (default: 10MB)
+ * @returns Promise resolving to the complete body string
+ * @throws Error if body exceeds maxSize
+ */
+export function readBody(req, maxSize = DEFAULT_MAX_BODY_SIZE) {
+    return new Promise((resolve, reject) => {
+        let body = '';
+        let size = 0;
+        req.on('data', (chunk) => {
+            size += chunk.length;
+            if (size > maxSize) {
+                req.destroy();
+                reject(new Error(`Request body too large (max ${maxSize} bytes)`));
+                return;
+            }
+            body += chunk.toString();
+        });
+        req.on('end', () => resolve(body));
+        req.on('error', reject);
+    });
+}
+/**
+ * Reads and parses request body as JSON
+ * @param req - The HTTP request
+ * @param maxSize - Maximum allowed body size in bytes
+ * @returns Promise resolving to the parsed JSON object
+ */
+export async function readJsonBody(req, maxSize = DEFAULT_MAX_BODY_SIZE) {
+    const body = await readBody(req, maxSize);
+    try {
+        return body ? JSON.parse(body) : null;
+    }
+    catch (error) {
+        throw new Error('Invalid JSON');
+    }
+}
+//# sourceMappingURL=request.js.map

package/dist/utils/request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request.js","sourceRoot":"","sources":["../../src/utils/request.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAEtD;;;;;;GAMG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAoB,EAAE,OAAO,GAAG,qBAAqB;IAC7E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACtC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,IAAI,IAAI,GAAG,CAAC,CAAC;QAEb,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;YACxB,IAAI,IAAI,KAAK,CAAC,MAAM,CAAC;YAErB,IAAI,IAAI,GAAG,OAAO,EAAE,CAAC;gBACpB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,+BAA+B,OAAO,SAAS,CAAC,CAAC,CAAC;gBACnE,OAAO;YACR,CAAC;YAED,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC1B,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACnC,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CACjC,GAAoB,EACpB,OAAO,GAAG,qBAAqB;IAE/B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC1C,IAAI,CAAC;QACJ,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAE,IAAU,CAAC;IAC9C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IACjC,CAAC;AACF,CAAC"}

package/dist/utils/response.d.ts

@@ -0,0 +1,30 @@
+import { ServerResponse } from 'node:http';
+/**
+ * Sends a JSON response
+ */
+export declare function sendJson(res: ServerResponse, data: unknown, status?: number): void;
+/**
+ * Sends an error response
+ */
+export declare function sendError(res: ServerResponse, error: string | Error, status?: number, requestId?: string): void;
+/**
+ * Sends a 404 Not Found response
+ */
+export declare function send404(res: ServerResponse): void;
+/**
+ * Sends a 400 Bad Request response
+ */
+export declare function sendBadRequest(res: ServerResponse, message: string): void;
+/**
+ * Sends a 503 Service Unavailable response
+ */
+export declare function sendServiceUnavailable(res: ServerResponse, message: string): void;
+/**
+ * Sets CORS headers on a response
+ */
+export declare function setCorsHeaders(res: ServerResponse, origin?: string): void;
+/**
+ * Handles OPTIONS preflight requests
+ */
+export declare function handleOptions(res: ServerResponse): void;
+//# sourceMappingURL=response.d.ts.map

package/dist/utils/response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"response.d.ts","sourceRoot":"","sources":["../../src/utils/response.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3C;;GAEG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,SAAM,GAAG,IAAI,CAG/E;AAED;;GAEG;AACH,wBAAgB,SAAS,CACxB,GAAG,EAAE,cAAc,EACnB,KAAK,EAAE,MAAM,GAAG,KAAK,EACrB,MAAM,SAAM,EACZ,SAAS,CAAC,EAAE,MAAM,GAChB,IAAI,CAUN;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI,CAEjD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAEzE;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAEjF;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,cAAc,EAAE,MAAM,SAAM,GAAG,IAAI,CAKtE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI,CAIvD"}

package/dist/utils/response.js

@@ -0,0 +1,53 @@
+/**
+ * Sends a JSON response
+ */
+export function sendJson(res, data, status = 200) {
+    res.writeHead(status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(data));
+}
+/**
+ * Sends an error response
+ */
+export function sendError(res, error, status = 500, requestId) {
+    const message = error instanceof Error ? error.message : error;
+    sendJson(res, {
+        error: message,
+        ...(requestId && { requestId }),
+    }, status);
+}
+/**
+ * Sends a 404 Not Found response
+ */
+export function send404(res) {
+    sendJson(res, { error: 'Not found' }, 404);
+}
+/**
+ * Sends a 400 Bad Request response
+ */
+export function sendBadRequest(res, message) {
+    sendJson(res, { error: message }, 400);
+}
+/**
+ * Sends a 503 Service Unavailable response
+ */
+export function sendServiceUnavailable(res, message) {
+    sendJson(res, { error: message }, 503);
+}
+/**
+ * Sets CORS headers on a response
+ */
+export function setCorsHeaders(res, origin = '*') {
+    res.setHeader('Access-Control-Allow-Origin', origin);
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Client-ID');
+    res.setHeader('Access-Control-Max-Age', '86400');
+}
+/**
+ * Handles OPTIONS preflight requests
+ */
+export function handleOptions(res) {
+    setCorsHeaders(res);
+    res.writeHead(204);
+    res.end();
+}
+//# sourceMappingURL=response.js.map

package/dist/utils/response.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"response.js","sourceRoot":"","sources":["../../src/utils/response.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAmB,EAAE,IAAa,EAAE,MAAM,GAAG,GAAG;IACxE,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC9D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CACxB,GAAmB,EACnB,KAAqB,EACrB,MAAM,GAAG,GAAG,EACZ,SAAkB;IAElB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;IAC/D,QAAQ,CACP,GAAG,EACH;QACC,KAAK,EAAE,OAAO;QACd,GAAG,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,CAAC;KAC/B,EACD,MAAM,CACN,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,GAAmB;IAC1C,QAAQ,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,GAAG,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,GAAmB,EAAE,OAAe;IAClE,QAAQ,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAmB,EAAE,OAAe;IAC1E,QAAQ,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,GAAmB,EAAE,MAAM,GAAG,GAAG;IAC/D,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC;IACrD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,iCAAiC,CAAC,CAAC;IACjF,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,0CAA0C,CAAC,CAAC;IAC1F,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,GAAmB;IAChD,cAAc,CAAC,GAAG,CAAC,CAAC;IACpB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACnB,GAAG,CAAC,GAAG,EAAE,CAAC;AACX,CAAC"}

package/dist/utils/runtime-types.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Generates TypeScript definitions for the runtime SDK
+ * Delegates to the runtime package's own type generator
+ */
+export declare function generateRuntimeTypes(): string;
+//# sourceMappingURL=runtime-types.d.ts.map

package/dist/utils/runtime-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime-types.d.ts","sourceRoot":"","sources":["../../src/utils/runtime-types.ts"],"names":[],"mappings":"AAOA;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C"}

package/dist/utils/runtime-types.js

@@ -0,0 +1,14 @@
+/**
+ * Runtime SDK Type Generator
+ *
+ * Generates TypeScript definitions from the runtime API registry.
+ */
+import { GENERATED_METADATA, generateRuntimeTypes as generate } from '@mondaydotcomorg/atp-runtime';
+/**
+ * Generates TypeScript definitions for the runtime SDK
+ * Delegates to the runtime package's own type generator
+ */
+export function generateRuntimeTypes() {
+    return generate(GENERATED_METADATA);
+}
+//# sourceMappingURL=runtime-types.js.map

package/dist/utils/runtime-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime-types.js","sourceRoot":"","sources":["../../src/utils/runtime-types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,IAAI,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAEpG;;;GAGG;AACH,MAAM,UAAU,oBAAoB;IACnC,OAAO,QAAQ,CAAC,kBAAkB,CAAC,CAAC;AACrC,CAAC"}

package/dist/utils/schema.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Converts a simple type map to a JSON Schema object
+ */
+export declare function toJSONSchema(types: Record<string, string>): {
+    type: 'object';
+    properties: Record<string, unknown>;
+    required: string[];
+};
+//# sourceMappingURL=schema.d.ts.map

package/dist/utils/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/utils/schema.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG;IAC5D,IAAI,EAAE,QAAQ,CAAC;IACf,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACnB,CAUA"}

package/dist/utils/schema.js

@@ -0,0 +1,13 @@
+/**
+ * Converts a simple type map to a JSON Schema object
+ */
+export function toJSONSchema(types) {
+    const properties = {};
+    const required = [];
+    for (const [key, type] of Object.entries(types)) {
+        properties[key] = { type };
+        required.push(key);
+    }
+    return { type: 'object', properties, required };
+}
+//# sourceMappingURL=schema.js.map

package/dist/utils/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/utils/schema.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,KAA6B;IAKzD,MAAM,UAAU,GAA4B,EAAE,CAAC;IAC/C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AACjD,CAAC"}

package/dist/utils/token-emitter.d.ts

@@ -0,0 +1,21 @@
+import { type ProvenanceMetadata, type ProvenanceMode } from '@mondaydotcomorg/atp-provenance';
+import type { CacheProvider } from '@mondaydotcomorg/atp-protocol';
+import type { log } from '@mondaydotcomorg/atp-runtime';
+type Logger = ReturnType<typeof log.child>;
+interface TokenEmission {
+    path: string;
+    token: string;
+}
+/**
+ * Emits provenance tokens for all values in the result that have provenance in the snapshot.
+ * This works by:
+ * 1. Traversing the actual serialized result object
+ * 2. For each value, checking if it matches provenance in the snapshot
+ * 3. Emitting tokens with the ACTUAL value for correct digest matching
+ */
+export declare function emitProvenanceTokens(result: unknown, clientId: string, executionId: string, provenanceMode: ProvenanceMode, cacheProvider: CacheProvider, logger: Logger, maxTokens?: number, tokenTTL?: number, provenanceSnapshot?: {
+    registry: Array<[string, ProvenanceMetadata]>;
+    primitives: Array<[string, ProvenanceMetadata]>;
+}): Promise<TokenEmission[]>;
+export {};
+//# sourceMappingURL=token-emitter.d.ts.map

package/dist/utils/token-emitter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-emitter.d.ts","sourceRoot":"","sources":["../../src/utils/token-emitter.ts"],"names":[],"mappings":"AAAA,OAAO,EAEN,KAAK,kBAAkB,EACvB,KAAK,cAAc,EAEnB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,8BAA8B,CAAC;AAExD,KAAK,MAAM,GAAG,UAAU,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC;AAE3C,UAAU,aAAa;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACd;AAED;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CACzC,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,cAAc,EAAE,cAAc,EAC9B,aAAa,EAAE,aAAa,EAC5B,MAAM,EAAE,MAAM,EACd,SAAS,GAAE,MAAa,EACxB,QAAQ,GAAE,MAAa,EACvB,kBAAkB,CAAC,EAAE;IACpB,QAAQ,EAAE,KAAK,CAAC,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAC9C,UAAU,EAAE,KAAK,CAAC,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAAC;CAChD,GACC,OAAO,CAAC,aAAa,EAAE,CAAC,CAiJ1B"}

package/dist/utils/token-emitter.js

@@ -0,0 +1,129 @@
+import { issueProvenanceToken, ProvenanceMode as PM, } from '@mondaydotcomorg/atp-provenance';
+/**
+ * Emits provenance tokens for all values in the result that have provenance in the snapshot.
+ * This works by:
+ * 1. Traversing the actual serialized result object
+ * 2. For each value, checking if it matches provenance in the snapshot
+ * 3. Emitting tokens with the ACTUAL value for correct digest matching
+ */
+export async function emitProvenanceTokens(result, clientId, executionId, provenanceMode, cacheProvider, logger, maxTokens = 5000, tokenTTL = 3600, provenanceSnapshot) {
+    if (provenanceMode === PM.NONE || !result || !provenanceSnapshot) {
+        logger.debug('Skipping token emission', {
+            hasResult: !!result,
+            hasSnapshot: !!provenanceSnapshot,
+            mode: provenanceMode,
+        });
+        return [];
+    }
+    logger.info('Token emission starting from snapshot', {
+        executionId,
+        registrySize: provenanceSnapshot.registry.length,
+        primitiveMapSize: provenanceSnapshot.primitives.length,
+        resultType: typeof result,
+    });
+    const tokens = [];
+    const visited = new WeakSet();
+    const primitiveMap = new Map(provenanceSnapshot.primitives);
+    const taintedValues = new Set();
+    for (const [key] of provenanceSnapshot.primitives) {
+        if (key.startsWith('tainted:')) {
+            taintedValues.add(key.slice('tainted:'.length));
+        }
+    }
+    const queue = [{ value: result, path: '' }];
+    while (queue.length > 0 && tokens.length < maxTokens) {
+        const { value, path } = queue.shift();
+        if (value === null || value === undefined) {
+            continue;
+        }
+        if (typeof value === 'string' || typeof value === 'number') {
+            const valueStr = String(value);
+            const taintedKey = `tainted:${valueStr}`;
+            let meta = primitiveMap.get(taintedKey);
+            if (!meta) {
+                for (const [key, metadata] of primitiveMap.entries()) {
+                    if (!key.startsWith('tainted:')) {
+                        const parts = key.split(':');
+                        if (parts.length >= 3) {
+                            const derivedValue = parts.slice(2).join(':');
+                            if (derivedValue === valueStr) {
+                                meta = metadata;
+                                logger.debug('Found property-derived primitive match', {
+                                    path,
+                                    key,
+                                    valuePreview: valueStr.substring(0, 30),
+                                });
+                                break;
+                            }
+                        }
+                    }
+                }
+            }
+            if (meta) {
+                try {
+                    const token = await issueProvenanceToken(meta, value, clientId, executionId, cacheProvider, tokenTTL);
+                    if (token) {
+                        tokens.push({ path, token });
+                        logger.debug('Emitted token for primitive', {
+                            path,
+                            valuePreview: typeof value === 'string' ? value.substring(0, 30) : value,
+                            tokenPrefix: token.substring(0, 10),
+                        });
+                    }
+                }
+                catch (error) {
+                    logger.warn('Failed to issue token for primitive', { path, error });
+                }
+            }
+            continue;
+        }
+        if (typeof value === 'object') {
+            if (visited.has(value)) {
+                continue;
+            }
+            visited.add(value);
+            // For objects, we need to check if ANY of the registry metadata applies
+            // Since we can't match by identity, we emit tokens for ALL registry entries
+            // and let the client match by digest
+            if (provenanceSnapshot.registry.length > 0 && path === '') {
+                for (const [id, meta] of provenanceSnapshot.registry) {
+                    if (tokens.length >= maxTokens)
+                        break;
+                    try {
+                        const token = await issueProvenanceToken(meta, value, clientId, executionId, cacheProvider, tokenTTL);
+                        if (token) {
+                            tokens.push({ path, token });
+                            logger.debug('Emitted token for object', {
+                                path,
+                                id,
+                                tokenPrefix: token.substring(0, 10),
+                            });
+                        }
+                    }
+                    catch (error) {
+                        logger.warn('Failed to issue token for object', { path, id, error });
+                    }
+                }
+            }
+            if (Array.isArray(value)) {
+                for (let i = 0; i < value.length; i++) {
+                    queue.push({ value: value[i], path: `${path}/${i}` });
+                }
+            }
+            else {
+                for (const key in value) {
+                    if (Object.prototype.hasOwnProperty.call(value, key)) {
+                        const escapedKey = key.replace(/~/g, '~0').replace(/\//g, '~1');
+                        queue.push({ value: value[key], path: `${path}/${escapedKey}` });
+                    }
+                }
+            }
+        }
+    }
+    if (tokens.length >= maxTokens) {
+        logger.warn('Max provenance tokens reached', { executionId, maxTokens });
+    }
+    logger.info('Token emission completed', { executionId, tokenCount: tokens.length });
+    return tokens;
+}
+//# sourceMappingURL=token-emitter.js.map

package/dist/utils/token-emitter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-emitter.js","sourceRoot":"","sources":["../../src/utils/token-emitter.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,oBAAoB,EAGpB,cAAc,IAAI,EAAE,GACpB,MAAM,iCAAiC,CAAC;AAWzC;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACzC,MAAe,EACf,QAAgB,EAChB,WAAmB,EACnB,cAA8B,EAC9B,aAA4B,EAC5B,MAAc,EACd,YAAoB,IAAI,EACxB,WAAmB,IAAI,EACvB,kBAGC;IAED,IAAI,cAAc,KAAK,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAClE,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;YACvC,SAAS,EAAE,CAAC,CAAC,MAAM;YACnB,WAAW,EAAE,CAAC,CAAC,kBAAkB;YACjC,IAAI,EAAE,cAAc;SACpB,CAAC,CAAC;QACH,OAAO,EAAE,CAAC;IACX,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,uCAAuC,EAAE;QACpD,WAAW;QACX,YAAY,EAAE,kBAAkB,CAAC,QAAQ,CAAC,MAAM;QAChD,gBAAgB,EAAE,kBAAkB,CAAC,UAAU,CAAC,MAAM;QACtD,UAAU,EAAE,OAAO,MAAM;KACzB,CAAC,CAAC;IAEH,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAU,CAAC;IACtC,MAAM,YAAY,GAAG,IAAI,GAAG,CAA6B,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAExF,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IACxC,KAAK,MAAM,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACnD,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAChC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,CAAC;IACF,CAAC;IAED,MAAM,KAAK,GAA4C,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAErF,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QACtD,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC;QAEvC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC3C,SAAS;QACV,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC5D,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YAE/B,MAAM,UAAU,GAAG,WAAW,QAAQ,EAAE,CAAC;YACzC,IAAI,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAExC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,KAAK,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;oBACtD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;wBACjC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;wBAC7B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;4BACvB,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;4BAC9C,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;gCAC/B,IAAI,GAAG,QAAQ,CAAC;gCAChB,MAAM,CAAC,KAAK,CAAC,wCAAwC,EAAE;oCACtD,IAAI;oCACJ,GAAG;oCACH,YAAY,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;iCACvC,CAAC,CAAC;gCACH,MAAM;4BACP,CAAC;wBACF,CAAC;oBACF,CAAC;gBACF,CAAC;YACF,CAAC;YAED,IAAI,IAAI,EAAE,CAAC;gBACV,IAAI,CAAC;oBACJ,MAAM,KAAK,GAAG,MAAM,oBAAoB,CACvC,IAAI,EACJ,KAAK,EACL,QAAQ,EACR,WAAW,EACX,aAAa,EACb,QAAQ,CACR,CAAC;oBACF,IAAI,KAAK,EAAE,CAAC;wBACX,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;wBAC7B,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;4BAC3C,IAAI;4BACJ,YAAY,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK;4BACxE,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;yBACnC,CAAC,CAAC;oBACJ,CAAC;gBACF,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBAChB,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;gBACrE,CAAC;YACF,CAAC;YACD,SAAS;QACV,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,KAAe,CAAC,EAAE,CAAC;gBAClC,SAAS;YACV,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,KAAe,CAAC,CAAC;YAE7B,wEAAwE;YACxE,4EAA4E;YAC5E,qCAAqC;YACrC,IAAI,kBAAkB,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;gBAC3D,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,kBAAkB,CAAC,QAAQ,EAAE,CAAC;oBACtD,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS;wBAAE,MAAM;oBAEtC,IAAI,CAAC;wBACJ,MAAM,KAAK,GAAG,MAAM,oBAAoB,CACvC,IAAI,EACJ,KAAK,EACL,QAAQ,EACR,WAAW,EACX,aAAa,EACb,QAAQ,CACR,CAAC;wBACF,IAAI,KAAK,EAAE,CAAC;4BACX,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;4BAC7B,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;gCACxC,IAAI;gCACJ,EAAE;gCACF,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;6BACnC,CAAC,CAAC;wBACJ,CAAC;oBACF,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBAChB,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;oBACtE,CAAC;gBACF,CAAC;YACF,CAAC;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACvC,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;gBACvD,CAAC;YACF,CAAC;iBAAM,CAAC;gBACP,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;oBACzB,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;wBACtD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;wBAChE,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAG,KAAa,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,GAAG,IAAI,IAAI,UAAU,EAAE,EAAE,CAAC,CAAC;oBAC3E,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACpF,OAAO,MAAM,CAAC;AACf,CAAC"}

package/dist/validator/index.d.ts

@@ -0,0 +1,36 @@
+import type { ValidationResult, ExecutionConfig } from '@mondaydotcomorg/atp-protocol';
+/**
+ * CodeValidator validates user code before execution using a whitelist approach.
+ * Only explicitly allowed operations and patterns are permitted.
+ */
+export declare class CodeValidator {
+    private readonly allowedGlobalObjects;
+    private readonly forbiddenPatterns;
+    /**
+     * Validates code for security and syntax issues.
+     * @param code - The code to validate
+     * @param config - Execution configuration
+     * @returns Validation result with any errors or security issues
+     */
+    validate(code: string, config: ExecutionConfig): Promise<ValidationResult>;
+    /**
+     * Validates JavaScript syntax using acorn parser.
+     * @param code - Code to validate
+     * @param errors - Array to append syntax errors to
+     */
+    private validateSyntax;
+    /**
+     * Checks for unauthorized global object access.
+     * @param code - Code to check
+     * @param securityIssues - Array to append issues to
+     */
+    private checkGlobalAccess;
+    /**
+     * Validates import statements to ensure NO imports are allowed.
+     * ALL imports are blocked for security - use injected sandbox globals instead.
+     * @param code - Code to validate
+     * @param securityIssues - Array to append issues to
+     */
+    private validateImports;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/validator/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/validator/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAgBvF;;;GAGG;AACH,qBAAa,aAAa;IACzB,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAkBlC;IAEH,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAkChC;IAEF;;;;;OAKG;IACG,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAiChF;;;;OAIG;IACH,OAAO,CAAC,cAAc;IA0BtB;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAqBzB;;;;;OAKG;IACH,OAAO,CAAC,eAAe;CAyEvB"}