@nekzus/liop 1.2.0-alpha.10 → 1.2.0

package/README.md

@@ -301,7 +301,7 @@ const server = new LiopServer(info, {
 The following shows a complete Logic-Injection-on-Origin execution cycle (handled internally by the SDK):
 
 ```
-1. LLM generates JavaScript analysis code wrapped in ---BEGIN_LOGIC--- / ---END_LOGIC--- boundaries
+1. LLM generates JavaScript analysis code wrapped in @LIOP / @END boundaries
 2. LiopServer receives the payload via tools/call (JSON-RPC or direct)
 3. Guardian AST inspects for sandbox escapes (zero-time heuristic analysis)
 4. Code executes inside a V8 isolate with CPU fuel limits (no Node.js globals)

package/dist/crypto/logic-image-id.js

@@ -4,7 +4,7 @@ import crypto from "node:crypto";
  * proxy logic embeds a full envelope inside JSON strings; `^` per line would
  * incorrectly treat that as the document root and desync ImageID vs the worker.
  */
-const TOP_LEVEL_ENVELOPE = /^\s*LIOP_MAGIC:0x00FF\s*\n?\s*MANIFEST:\{[\s\S]*?\}\s*\n?\s*---BEGIN_LOGIC---\n?([\s\S]*?)\n?---END_LOGIC---\s*$/;
+const TOP_LEVEL_ENVELOPE = /^\s*@LIOP\{[^}]+\}\n?([\s\S]*?)\n?@END\s*$/;
 export function normalizeLogicSource(logicUtf8) {
     const match = logicUtf8.match(TOP_LEVEL_ENVELOPE);
     if (match?.[1] !== undefined) {

package/dist/errors.d.ts

@@ -0,0 +1,14 @@
+export declare enum ErrorCode {
+    CapabilityViolation = "CapabilityViolation",
+    SandboxEscape = "SandboxEscape",
+    PiiLeak = "PiiLeak",
+    InvalidIntent = "InvalidIntent",
+    Throttled = "Throttled",
+    ZkVerificationFailed = "ZkVerificationFailed",
+    MeshUnavailable = "MeshUnavailable",
+    ConnectionFailed = "ConnectionFailed"
+}
+export declare class LiopError extends Error {
+    readonly code: ErrorCode;
+    constructor(code: ErrorCode, message: string);
+}

package/dist/errors.js

@@ -0,0 +1,19 @@
+export var ErrorCode;
+(function (ErrorCode) {
+    ErrorCode["CapabilityViolation"] = "CapabilityViolation";
+    ErrorCode["SandboxEscape"] = "SandboxEscape";
+    ErrorCode["PiiLeak"] = "PiiLeak";
+    ErrorCode["InvalidIntent"] = "InvalidIntent";
+    ErrorCode["Throttled"] = "Throttled";
+    ErrorCode["ZkVerificationFailed"] = "ZkVerificationFailed";
+    ErrorCode["MeshUnavailable"] = "MeshUnavailable";
+    ErrorCode["ConnectionFailed"] = "ConnectionFailed";
+})(ErrorCode || (ErrorCode = {}));
+export class LiopError extends Error {
+    code;
+    constructor(code, message) {
+        super(message);
+        this.name = "LiopError";
+        this.code = code;
+    }
+}

package/dist/index.d.ts

@@ -1,6 +1,7 @@
 export * from "./bridge/index.js";
 export * from "./client/index.js";
 export * from "./economy/index.js";
+export * from "./errors.js";
 export * from "./gateway/hybrid.js";
 export * from "./mesh/node.js";
 export * from "./prompts/adapters.js";

package/dist/index.js

@@ -1,6 +1,7 @@
 export * from "./bridge/index.js";
 export * from "./client/index.js";
 export * from "./economy/index.js";
+export * from "./errors.js";
 export * from "./gateway/hybrid.js";
 export * from "./mesh/node.js";
 export * from "./prompts/adapters.js";

package/dist/sandbox/wasi.js

@@ -101,36 +101,65 @@ export class WasiSandbox {
         else {
             // Path B: Hardened V8 Isolate Fallback
             // Uses node:vm with zero-prototype objects to prevent prototype pollution escapes.
+            // biome-ignore lint/suspicious/noExplicitAny: Required for Sandbox global poisoning
             const sandboxEnv = Object.create(null); // Isolated global object
             const env = { records, ...inputs };
+            // Explicitly poison Node.js escape vectors in the context
+            sandboxEnv.require = undefined;
+            sandboxEnv.process = undefined;
+            sandboxEnv.global = undefined;
+            sandboxEnv.globalThis = undefined;
+            sandboxEnv.Buffer = undefined;
+            sandboxEnv.setTimeout = undefined;
+            sandboxEnv.setInterval = undefined;
+            sandboxEnv.setImmediate = undefined;
+            sandboxEnv.queueMicrotask = undefined;
+            sandboxEnv.eval = undefined;
+            sandboxEnv.Function = undefined;
             // Inject strictly monitored globals
             sandboxEnv.records = JSON.parse(JSON.stringify(records)); // Deep copy safety
             sandboxEnv.env = JSON.parse(JSON.stringify(env));
             for (const [key, value] of Object.entries(inputs)) {
                 sandboxEnv[key] = JSON.parse(JSON.stringify(value));
             }
+            // Freeze the sandbox context to prevent mutation (SEC-GAP-1)
+            // biome-ignore lint/suspicious/noExplicitAny: Required for recursive deep freeze of unknown data
+            const deepFreeze = (obj) => {
+                if (obj && typeof obj === "object" && !Object.isFrozen(obj)) {
+                    Object.freeze(obj);
+                    for (const key of Object.keys(obj)) {
+                        deepFreeze(obj[key]);
+                    }
+                }
+                return obj;
+            };
+            deepFreeze(sandboxEnv.records);
+            deepFreeze(sandboxEnv.env);
+            // Prevent property addition/modification on global scope
+            for (const key of Object.keys(sandboxEnv)) {
+                Object.defineProperty(sandboxEnv, key, {
+                    writable: false,
+                    configurable: false,
+                });
+            }
             // LIOP Execution Wrapper
-            // Supports two code patterns:
-            //   1. Explicit entry point: function liop_main(env) { ... }
-            //   2. Bare return logic:    const x = env.records; return { total: x.length };
+            // Host-side logic transformation to avoid 'new Function' in sandbox
+            let processedLogic = String(compiledLogic);
+            if (/^\s*return\s/m.test(processedLogic) ||
+                !processedLogic.includes("function liop_main")) {
+                if (!processedLogic.includes("function liop_main")) {
+                    processedLogic = `function liop_main(env) {\n${processedLogic}\n}`;
+                }
+            }
             const scriptCode = `
 				(function() {
 					try {
-						${compiledLogic}
+						${processedLogic}
 						if (typeof liop_main === 'function') {
 							return liop_main(env);
 						}
 						return "ERR_NO_ENTRY_POINT";
 					} catch(e) {
-						if (e instanceof SyntaxError && /Illegal return statement/i.test(e.message)) {
-							// Bare-return pattern: wrap the logic as a function body
-							try {
-								const __liop_fn = new Function('env', 'records', ${JSON.stringify(String(compiledLogic))});
-								return __liop_fn(env, env.records);
-							} catch(e2) {
-								return "LogicError: " + e2.message;
-							}
-						}
 						return "LogicError: " + e.message;
 					}
 				})();

package/dist/server/index.d.ts

@@ -24,6 +24,12 @@ export interface LiopServerOptions {
         executionTypes?: string[];
     };
 }
+export interface AggregationPolicy {
+    /** Maximum number of object-type array elements allowed (default: 10) */
+    maxOutputRows?: number;
+    /** Allow arrays containing only primitive values (default: true) */
+    allowPrimitiveArrays?: boolean;
+}
 export interface LogicExecutionPolicy {
     /**
      * Validate the business payload returned by sandbox logic (post-execution).
@@ -33,7 +39,7 @@ export interface LogicExecutionPolicy {
     /**
      * Enforce aggregation-first heuristics (preflight + post-check).
      */
-    enforceAggregationFirst?: boolean;
+    enforceAggregationFirst?: boolean | AggregationPolicy;
     /**
      * Optional additional deny patterns checked against extracted logic source.
      */
@@ -58,7 +64,6 @@ export declare class LiopServer {
     private rpcServer;
     private boundPort;
     private sessions;
-    private static readonly LIOP_LOGIC_REGEX;
     private static readonly LIOP_COMPACT_REGEX;
     private extractLogic;
     private parseUnknownJson;

package/dist/server/index.js

@@ -40,14 +40,9 @@ export class LiopServer {
     rpcServer = null;
     boundPort = null;
     sessions = new Map();
-    static LIOP_LOGIC_REGEX = /\s*LIOP_MAGIC:0x00FF\s*\n?\s*MANIFEST:(?<manifest>\{[\s\S]*?\})\s*\n?\s*---BEGIN_LOGIC---\n?(?<logic>[\s\S]*?)\n?---END_LOGIC---/m;
     // Compact envelope: @LIOP{target,name}\n<code>\n@END
     static LIOP_COMPACT_REGEX = /@LIOP\{(?<target>[^,}]+)(?:,(?<name>[^}]*))?\}\n(?<logic>[\s\S]*?)\n@END/m;
     extractLogic(payload) {
-        const match = payload.match(LiopServer.LIOP_LOGIC_REGEX);
-        if (match?.groups?.logic)
-            return match.groups.logic.trim();
-        // Compact envelope fallback — same execution, fewer tokens
         const compact = payload.match(LiopServer.LIOP_COMPACT_REGEX);
         return compact?.groups?.logic ? compact.groups.logic.trim() : null;
     }
@@ -101,7 +96,7 @@ export class LiopServer {
             }
         }
         if (policy.enforceAggregationFirst &&
-            this.violatesAggregationFirstPolicy(this.unwrapForAggregationPolicyScan(parsed))) {
+            this.violatesAggregationFirstPolicy(this.unwrapForAggregationPolicyScan(parsed), policy.enforceAggregationFirst)) {
             return "Aggregation-First Policy Violation: row-level export blocked. HINT: Use .reduce() to produce a flat {key:value} object. Do NOT use .map() to create arrays of objects.";
         }
         return null;
@@ -147,13 +142,13 @@ export class LiopServer {
         const joined = texts.length === 1 ? texts[0] : texts.join("\n");
         return this.unwrapForAggregationPolicyScan(joined);
     }
-    violatesAggregationFirstPolicy(input) {
+    violatesAggregationFirstPolicy(input, policyObj) {
         if (typeof input === "string") {
             const trimmed = input.trim();
             if ((trimmed.startsWith("{") && trimmed.endsWith("}")) ||
                 (trimmed.startsWith("[") && trimmed.endsWith("]"))) {
                 try {
-                    return this.violatesAggregationFirstPolicy(JSON.parse(trimmed));
+                    return this.violatesAggregationFirstPolicy(JSON.parse(trimmed), policyObj);
                 }
                 catch {
                     return false;
@@ -162,14 +157,32 @@ export class LiopServer {
             return false;
         }
         if (Array.isArray(input)) {
-            if (input.length > 0 && input.every((item) => typeof item === "object")) {
-                // Treat tabular row export as non-aggregated leakage risk.
-                return true;
+            const maxRows = typeof policyObj === "object" &&
+                typeof policyObj.maxOutputRows === "number"
+                ? policyObj.maxOutputRows
+                : 10;
+            const allowPrimitives = typeof policyObj === "object" &&
+                typeof policyObj.allowPrimitiveArrays === "boolean"
+                ? policyObj.allowPrimitiveArrays
+                : true;
+            if (input.length > 0 &&
+                input.every((item) => typeof item === "object" && item !== null)) {
+                // Treat tabular row export as non-aggregated leakage risk if above threshold.
+                if (input.length > maxRows) {
+                    return true;
+                }
+                return input.some((item) => this.violatesAggregationFirstPolicy(item, policyObj));
+            }
+            if (input.length > 0 &&
+                input.every((item) => typeof item !== "object" || item === null)) {
+                if (!allowPrimitives)
+                    return true;
+                return false;
             }
-            return input.some((item) => this.violatesAggregationFirstPolicy(item));
+            return input.some((item) => this.violatesAggregationFirstPolicy(item, policyObj));
         }
         if (input && typeof input === "object") {
-            return Object.values(input).some((value) => this.violatesAggregationFirstPolicy(value));
+            return Object.values(input).some((value) => this.violatesAggregationFirstPolicy(value, policyObj));
         }
         return false;
     }
@@ -242,20 +255,13 @@ export class LiopServer {
             "LIOP v1 Envelope Specification",
             "================================",
             "",
-            "FORMATS (both accepted):",
+            "FORMAT:",
             "",
-            "Compact:",
+            "Compact Envelope:",
             "  @LIOP{wasi_v1,TaskName}",
             "  <JavaScript code>",
             "  @END",
             "",
-            "Standard:",
-            "  LIOP_MAGIC:0x00FF",
-            '  MANIFEST:{"target":"wasi_v1","name":"TaskName","integrity_checks":true}',
-            "  ---BEGIN_LOGIC---",
-            "  <JavaScript code>",
-            "  ---END_LOGIC---",
-            "",
             "RUNTIME ENVIRONMENT:",
             "- env.records: Array of data objects from the origin",
             "- Must use 'return' to output results",
@@ -406,7 +412,7 @@ export class LiopServer {
                         content: [
                             {
                                 type: "text",
-                                text: 'Error: Malformed payload. Missing LIOP_MAGIC, MANIFEST, or boundaries.\nYou MUST wrap your logic exactly like this:\n\nLIOP_MAGIC:0x00FF\nMANIFEST:{"target":"wasi_v1","name":"DynamicAudit","integrity_checks":true}\n---BEGIN_LOGIC---\n// Your JS code here\n---END_LOGIC---',
+                                text: "Error: Malformed payload. Missing @LIOP boundary.\\nYou MUST wrap your logic exactly like this:\\n\\n@LIOP{wasi_v1,DynamicAudit}\\n// Your JS code here\\n@END",
                             },
                         ],
                         isError: true,
@@ -509,13 +515,11 @@ Your objective is to perform secure Logic-on-Origin injections. You must process
 INDUSTRIAL CONSTRAINTS & PROTOCOL RULES:
 1. DATA PRIVACY: NEVER attempt to export Personally Identifiable Information (PII). The LIOP Egress Shield will block any response containing raw IDs, names, or addresses.
 2. AGGREGATION FIRST: Always prefer returning counts, averages, or anonymized summaries.
-3. PAYLOAD ENCAPSULATION: Your JavaScript payloads MUST strictly adhere to the LIOPv1 Envelope. DO NOT include markdown backticks or leading text inside the 'payload' argument.
+3. PAYLOAD ENCAPSULATION: Your JavaScript payloads MUST strictly adhere to the Compact Envelope. DO NOT include markdown backticks or leading text inside the 'payload' argument.
    Structure:
-   LIOP_MAGIC:0x00FF
-   MANIFEST:{"target":"wasi_v1","name":"AnalysisTask","integrity_checks":true}
-   ---BEGIN_LOGIC---
+   @LIOP{wasi_v1,AnalysisTask}
    // Your JS Code Here
-   ---END_LOGIC---
+   @END
 4. RUNTIME SCOPE: The execution environment provides a global 'env' object. Use 'env.records' to access the target dataset.
 5. LOCALIZATION: Format all JSON response keys in the language used by the user in their query (e.g., use Spanish keys if the query is in Spanish).
 6. SCHEMA RIGIDITY: Only use fields defined in the 'Data Dictionary'. Usage of non-existent fields will trigger a sandbox runtime exception.${this.activeSchema

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nekzus/liop",
-  "version": "1.2.0-alpha.10",
+  "version": "1.2.0",
   "description": "Official SDK for Logic-Injection-on-Origin Protocol (LIOP). Deploy Logic-on-Origin with WebAssembly at gRPC speed and bidirectional MCP compatibility.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",