@neverinfamous/mysql-mcp 2.1.0 → 2.3.0

package/dist/codemode/sandbox.js

@@ -0,0 +1,345 @@
+/**
+ * mysql-mcp - Code Mode Sandbox
+ *
+ * Sandboxed execution environment using Node.js vm module.
+ * Provides code isolation with memory/time limits for LLM-generated code.
+ *
+ * Note: This uses Node.js vm module which provides script isolation but not
+ * true V8 isolate separation. For production environments with untrusted code,
+ * consider using isolated-vm or running in a separate process/container.
+ */
+import vm from "node:vm";
+import { logger } from "../utils/logger.js";
+import { DEFAULT_SANDBOX_OPTIONS, DEFAULT_POOL_OPTIONS, } from "./types.js";
+/**
+ * A sandboxed execution context using Node.js vm module
+ */
+export class CodeModeSandbox {
+    context;
+    options;
+    disposed = false;
+    logBuffer = [];
+    constructor(context, options) {
+        this.context = context;
+        this.options = options;
+    }
+    /**
+     * Create a new sandbox instance
+     */
+    static create(options) {
+        const opts = { ...DEFAULT_SANDBOX_OPTIONS, ...options };
+        // Create a shared log buffer that will be used by both sandbox console and instance
+        const sharedLogBuffer = [];
+        // Create a minimal sandbox context
+        const sandbox = {
+            console: {
+                log: (...args) => {
+                    sharedLogBuffer.push(args
+                        .map((a) => typeof a === "object" && a !== null
+                        ? JSON.stringify(a)
+                        : String(a))
+                        .join(" "));
+                },
+                warn: (...args) => sharedLogBuffer.push("[WARN] " +
+                    args
+                        .map((a) => typeof a === "object" && a !== null
+                        ? JSON.stringify(a)
+                        : String(a))
+                        .join(" ")),
+                error: (...args) => sharedLogBuffer.push("[ERROR] " +
+                    args
+                        .map((a) => typeof a === "object" && a !== null
+                        ? JSON.stringify(a)
+                        : String(a))
+                        .join(" ")),
+                info: (...args) => sharedLogBuffer.push("[INFO] " +
+                    args
+                        .map((a) => typeof a === "object" && a !== null
+                        ? JSON.stringify(a)
+                        : String(a))
+                        .join(" ")),
+            },
+            // No access to Node.js globals
+            require: undefined,
+            process: undefined,
+            global: undefined,
+            globalThis: undefined,
+            __dirname: undefined,
+            __filename: undefined,
+            module: undefined,
+            exports: undefined,
+            // Safe built-ins only
+            JSON,
+            Math,
+            Date,
+            Array,
+            Object,
+            String,
+            Number,
+            Boolean,
+            Map,
+            Set,
+            Promise,
+            Error,
+            TypeError,
+            RangeError,
+            SyntaxError,
+            // Async support
+            setTimeout: undefined, // Disabled for security
+            setInterval: undefined, // Disabled for security
+            setImmediate: undefined, // Disabled for security
+        };
+        const context = vm.createContext(sandbox);
+        const instance = new CodeModeSandbox(context, opts);
+        // Use the shared buffer directly - replace instance's buffer with the shared one
+        instance.logBuffer =
+            sharedLogBuffer;
+        return instance;
+    }
+    /**
+     * Execute code in the sandbox
+     * @param code - TypeScript/JavaScript code to execute
+     * @param apiBindings - Object with mysql.* API methods to expose
+     */
+    async execute(code, apiBindings) {
+        if (this.disposed) {
+            return {
+                success: false,
+                error: "Sandbox has been disposed",
+                metrics: { wallTimeMs: 0, cpuTimeMs: 0, memoryUsedMb: 0 },
+            };
+        }
+        const startTime = performance.now();
+        const startMemory = process.memoryUsage().heapUsed;
+        try {
+            // Inject mysql API bindings into the context
+            this.context["mysql"] = apiBindings;
+            // Wrap code in async IIFE to support await
+            const wrappedCode = `
+                (async () => {
+                    ${code}
+                })();
+            `;
+            // Compile and run with timeout
+            const script = new vm.Script(wrappedCode, {
+                filename: "codemode-script.js",
+            });
+            const result = await script.runInContext(this.context, {
+                timeout: this.options.timeoutMs,
+                breakOnSigint: true,
+            });
+            const endTime = performance.now();
+            const endMemory = process.memoryUsage().heapUsed;
+            return {
+                success: true,
+                result,
+                metrics: this.calculateMetrics(startTime, endTime, startMemory, endMemory),
+            };
+        }
+        catch (error) {
+            const endTime = performance.now();
+            const endMemory = process.memoryUsage().heapUsed;
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            const stack = error instanceof Error ? error.stack : undefined;
+            // Check for specific error types
+            if (errorMessage.includes("Script execution timed out")) {
+                return {
+                    success: false,
+                    error: `Execution timeout: exceeded ${String(this.options.timeoutMs)}ms limit`,
+                    stack,
+                    metrics: this.calculateMetrics(startTime, endTime, startMemory, endMemory),
+                };
+            }
+            return {
+                success: false,
+                error: errorMessage,
+                stack,
+                metrics: this.calculateMetrics(startTime, endTime, startMemory, endMemory),
+            };
+        }
+    }
+    /**
+     * Calculate execution metrics
+     */
+    calculateMetrics(startTime, endTime, startMemory, endMemory) {
+        return {
+            wallTimeMs: Math.round(endTime - startTime),
+            cpuTimeMs: Math.round(endTime - startTime), // Approximation
+            memoryUsedMb: Math.max(0, Math.round(((endMemory - startMemory) / (1024 * 1024)) * 100) / 100),
+        };
+    }
+    /**
+     * Get console output from the sandbox
+     */
+    getConsoleOutput() {
+        return [...this.logBuffer];
+    }
+    /**
+     * Clear console output buffer
+     */
+    clearConsoleOutput() {
+        this.logBuffer.length = 0;
+    }
+    /**
+     * Check if sandbox is healthy
+     */
+    isHealthy() {
+        return !this.disposed;
+    }
+    /**
+     * Dispose of the sandbox and release resources
+     */
+    dispose() {
+        if (this.disposed)
+            return;
+        this.disposed = true;
+        // vm.Context doesn't need explicit cleanup, but we mark as disposed
+        this.logBuffer.length = 0;
+    }
+}
+/**
+ * Pool of sandbox instances for reuse
+ */
+export class SandboxPool {
+    options;
+    sandboxOptions;
+    available = [];
+    inUse = new Set();
+    disposed = false;
+    cleanupInterval = null;
+    constructor(poolOptions, sandboxOptions) {
+        this.options = { ...DEFAULT_POOL_OPTIONS, ...poolOptions };
+        this.sandboxOptions = { ...DEFAULT_SANDBOX_OPTIONS, ...sandboxOptions };
+    }
+    /**
+     * Initialize the pool with minimum instances
+     */
+    initialize() {
+        logger.info(`Initializing sandbox pool with ${String(this.options.minInstances)} instances`, {
+            module: "CODEMODE",
+        });
+        for (let i = 0; i < this.options.minInstances; i++) {
+            const sandbox = CodeModeSandbox.create(this.sandboxOptions);
+            this.available.push(sandbox);
+        }
+        // Start cleanup interval
+        this.cleanupInterval = setInterval(() => {
+            this.cleanup();
+        }, this.options.idleTimeoutMs);
+    }
+    /**
+     * Acquire a sandbox from the pool
+     */
+    acquire() {
+        if (this.disposed) {
+            throw new Error("Pool has been disposed");
+        }
+        // Try to get an available sandbox
+        while (this.available.length > 0) {
+            const sandbox = this.available.pop();
+            if (sandbox?.isHealthy()) {
+                this.inUse.add(sandbox);
+                return sandbox;
+            }
+            // Sandbox is unhealthy, dispose it
+            sandbox?.dispose();
+        }
+        // Create a new sandbox if under limit
+        const totalCount = this.inUse.size;
+        if (totalCount < this.options.maxInstances) {
+            const sandbox = CodeModeSandbox.create(this.sandboxOptions);
+            this.inUse.add(sandbox);
+            return sandbox;
+        }
+        // Pool exhausted
+        throw new Error(`Sandbox pool exhausted (max: ${String(this.options.maxInstances)})`);
+    }
+    /**
+     * Release a sandbox back to the pool
+     */
+    release(sandbox) {
+        if (!this.inUse.has(sandbox)) {
+            return;
+        }
+        this.inUse.delete(sandbox);
+        if (this.disposed) {
+            sandbox.dispose();
+            return;
+        }
+        // Return to pool if healthy and under limit
+        if (sandbox.isHealthy() &&
+            this.available.length < this.options.maxInstances) {
+            sandbox.clearConsoleOutput();
+            this.available.push(sandbox);
+        }
+        else {
+            sandbox.dispose();
+        }
+    }
+    /**
+     * Execute code using a pooled sandbox
+     */
+    async execute(code, apiBindings) {
+        const sandbox = this.acquire();
+        try {
+            return await sandbox.execute(code, apiBindings);
+        }
+        finally {
+            this.release(sandbox);
+        }
+    }
+    /**
+     * Clean up excess idle sandboxes
+     */
+    cleanup() {
+        // Remove unhealthy sandboxes
+        const healthy = [];
+        for (const sandbox of this.available) {
+            if (sandbox.isHealthy()) {
+                healthy.push(sandbox);
+            }
+            else {
+                sandbox.dispose();
+            }
+        }
+        this.available.length = 0;
+        this.available.push(...healthy);
+        // Trim to minimum
+        while (this.available.length > this.options.minInstances) {
+            const sandbox = this.available.pop();
+            sandbox?.dispose();
+        }
+    }
+    /**
+     * Get pool statistics
+     */
+    getStats() {
+        return {
+            available: this.available.length,
+            inUse: this.inUse.size,
+            max: this.options.maxInstances,
+        };
+    }
+    /**
+     * Dispose of all sandboxes in the pool
+     */
+    dispose() {
+        if (this.disposed)
+            return;
+        this.disposed = true;
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+            this.cleanupInterval = null;
+        }
+        for (const sandbox of this.available) {
+            sandbox.dispose();
+        }
+        this.available.length = 0;
+        for (const sandbox of this.inUse) {
+            sandbox.dispose();
+        }
+        this.inUse.clear();
+        logger.info("Sandbox pool disposed", { module: "CODEMODE" });
+    }
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/codemode/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../src/codemode/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EACL,uBAAuB,EACvB,oBAAoB,GAKrB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,OAAO,eAAe;IAClB,OAAO,CAAa;IACX,OAAO,CAA2B;IAC3C,QAAQ,GAAG,KAAK,CAAC;IACR,SAAS,GAAa,EAAE,CAAC;IAE1C,YAAoB,OAAmB,EAAE,OAAiC;QACxE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAAM,CAAC,OAAwB;QACpC,MAAM,IAAI,GAAG,EAAE,GAAG,uBAAuB,EAAE,GAAG,OAAO,EAAE,CAAC;QAExD,oFAAoF;QACpF,MAAM,eAAe,GAAa,EAAE,CAAC;QAErC,mCAAmC;QACnC,MAAM,OAAO,GAAG;YACd,OAAO,EAAE;gBACP,GAAG,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;oBAC1B,eAAe,CAAC,IAAI,CAClB,IAAI;yBACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI;wBACjC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;wBACnB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CACd;yBACA,IAAI,CAAC,GAAG,CAAC,CACb,CAAC;gBACJ,CAAC;gBACD,IAAI,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE,CAC3B,eAAe,CAAC,IAAI,CAClB,SAAS;oBACP,IAAI;yBACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI;wBACjC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;wBACnB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CACd;yBACA,IAAI,CAAC,GAAG,CAAC,CACf;gBACH,KAAK,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE,CAC5B,eAAe,CAAC,IAAI,CAClB,UAAU;oBACR,IAAI;yBACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI;wBACjC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;wBACnB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CACd;yBACA,IAAI,CAAC,GAAG,CAAC,CACf;gBACH,IAAI,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE,CAC3B,eAAe,CAAC,IAAI,CAClB,SAAS;oBACP,IAAI;yBACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI;wBACjC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;wBACnB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CACd;yBACA,IAAI,CAAC,GAAG,CAAC,CACf;aACJ;YACD,+BAA+B;YAC/B,OAAO,EAAE,SAAS;YAClB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,SAAS;YACjB,UAAU,EAAE,SAAS;YACrB,SAAS,EAAE,SAAS;YACpB,UAAU,EAAE,SAAS;YACrB,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,SAAS;YAClB,sBAAsB;YACtB,IAAI;YACJ,IAAI;YACJ,IAAI;YACJ,KAAK;YACL,MAAM;YACN,MAAM;YACN,MAAM;YACN,OAAO;YACP,GAAG;YACH,GAAG;YACH,OAAO;YACP,KAAK;YACL,SAAS;YACT,UAAU;YACV,WAAW;YACX,gBAAgB;YAChB,UAAU,EAAE,SAAS,EAAE,wBAAwB;YAC/C,WAAW,EAAE,SAAS,EAAE,wBAAwB;YAChD,YAAY,EAAE,SAAS,EAAE,wBAAwB;SAClD,CAAC;QAEF,MAAM,OAAO,GAAG,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAEpD,iFAAiF;QAChF,QAA+C,CAAC,SAAS;YACxD,eAAe,CAAC;QAElB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CACX,IAAY,EACZ,WAAoC;QAEpC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,2BAA2B;gBAClC,OAAO,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE;aAC1D,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACpC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;QAEnD,IAAI,CAAC;YACH,6CAA6C;YAC7C,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,WAAW,CAAC;YAEpC,2CAA2C;YAC3C,MAAM,WAAW,GAAG;;sBAEJ,IAAI;;aAEb,CAAC;YAER,+BAA+B;YAC/B,MAAM,MAAM,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE;gBACxC,QAAQ,EAAE,oBAAoB;aAC/B,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAO,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE;gBACtD,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;gBAC/B,aAAa,EAAE,IAAI;aACpB,CAAsB,CAAC;YAExB,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;YAEjD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM;gBACN,OAAO,EAAE,IAAI,CAAC,gBAAgB,CAC5B,SAAS,EACT,OAAO,EACP,WAAW,EACX,SAAS,CACV;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;YAEjD,MAAM,YAAY,GAChB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACzD,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAE/D,iCAAiC;YACjC,IAAI,YAAY,CAAC,QAAQ,CAAC,4BAA4B,CAAC,EAAE,CAAC;gBACxD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,+BAA+B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU;oBAC9E,KAAK;oBACL,OAAO,EAAE,IAAI,CAAC,gBAAgB,CAC5B,SAAS,EACT,OAAO,EACP,WAAW,EACX,SAAS,CACV;iBACF,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY;gBACnB,KAAK;gBACL,OAAO,EAAE,IAAI,CAAC,gBAAgB,CAC5B,SAAS,EACT,OAAO,EACP,WAAW,EACX,SAAS,CACV;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,gBAAgB,CACtB,SAAiB,EACjB,OAAe,EACf,WAAmB,EACnB,SAAiB;QAEjB,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,SAAS,CAAC;YAC3C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,SAAS,CAAC,EAAE,gBAAgB;YAC5D,YAAY,EAAE,IAAI,CAAC,GAAG,CACpB,CAAC,EACD,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CACpE;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,OAAO,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAE1B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,oEAAoE;QACpE,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;IAC5B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,WAAW;IACL,OAAO,CAAwB;IAC/B,cAAc,CAA2B;IACzC,SAAS,GAAsB,EAAE,CAAC;IAClC,KAAK,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC5C,QAAQ,GAAG,KAAK,CAAC;IACjB,eAAe,GAA0B,IAAI,CAAC;IAEtD,YAAY,WAAyB,EAAE,cAA+B;QACpE,IAAI,CAAC,OAAO,GAAG,EAAE,GAAG,oBAAoB,EAAE,GAAG,WAAW,EAAE,CAAC;QAC3D,IAAI,CAAC,cAAc,GAAG,EAAE,GAAG,uBAAuB,EAAE,GAAG,cAAc,EAAE,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,UAAU;QACR,MAAM,CAAC,IAAI,CACT,kCAAkC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,YAAY,EAC/E;YACE,MAAM,EAAE,UAAmB;SAC5B,CACF,CAAC;QAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,EAAE,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5D,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACtC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,kCAAkC;QAClC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC;YACrC,IAAI,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC;gBACzB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACxB,OAAO,OAAO,CAAC;YACjB,CAAC;YACD,mCAAmC;YACnC,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC;QAED,sCAAsC;QACtC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;QACnC,IAAI,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5D,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACxB,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,iBAAiB;QACjB,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CACrE,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,OAAwB;QAC9B,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,OAAO;QACT,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAE3B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO;QACT,CAAC;QAED,4CAA4C;QAC5C,IACE,OAAO,CAAC,SAAS,EAAE;YACnB,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EACjD,CAAC;YACD,OAAO,CAAC,kBAAkB,EAAE,CAAC;YAC7B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,IAAY,EACZ,WAAoC;QAEpC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,OAAO,MAAM,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,OAAO;QACb,6BAA6B;QAC7B,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,IAAI,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,CAAC;QACH,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;QAC1B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QAEhC,kBAAkB;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YACzD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;YAChC,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YACtB,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY;SAC/B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAE1B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QAErB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC9B,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;QAE1B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACjC,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QAEnB,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,UAAmB,EAAE,CAAC,CAAC;IACxE,CAAC;CACF"}

package/dist/codemode/security.d.ts

@@ -0,0 +1,44 @@
+/**
+ * mysql-mcp - Code Mode Security
+ *
+ * Input validation, rate limiting, and audit logging for code execution.
+ */
+import { type SecurityConfig, type ValidationResult, type ExecutionRecord, type SandboxResult } from "./types.js";
+/**
+ * Security manager for Code Mode executions
+ */
+export declare class CodeModeSecurityManager {
+    private readonly config;
+    private readonly rateLimitMap;
+    constructor(config?: Partial<SecurityConfig>);
+    /**
+     * Validate code before execution
+     */
+    validateCode(code: string): ValidationResult;
+    /**
+     * Check rate limit for a client
+     * @returns true if within limits, false if rate limited
+     */
+    checkRateLimit(clientId: string): boolean;
+    /**
+     * Get remaining rate limit for a client
+     */
+    getRateLimitRemaining(clientId: string): number;
+    /**
+     * Sanitize and truncate result if too large
+     */
+    sanitizeResult(result: unknown): unknown;
+    /**
+     * Log execution for audit purposes
+     */
+    auditLog(execution: ExecutionRecord): void;
+    /**
+     * Create execution record for audit
+     */
+    createExecutionRecord(code: string, result: SandboxResult, readonly: boolean, clientId?: string): ExecutionRecord;
+    /**
+     * Clean up old rate limit entries
+     */
+    cleanupRateLimits(): void;
+}
+//# sourceMappingURL=security.d.ts.map

package/dist/codemode/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/codemode/security.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAEL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,aAAa,EACnB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,qBAAa,uBAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IACxC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAGzB;gBAEQ,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC;IAI5C;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB;IA6B5C;;;OAGG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAuBzC;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAQ/C;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO;IAoBxC;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,eAAe,GAAG,IAAI;IAgC1C;;OAEG;IACH,qBAAqB,CACnB,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,aAAa,EACrB,QAAQ,EAAE,OAAO,EACjB,QAAQ,CAAC,EAAE,MAAM,GAChB,eAAe;IAWlB;;OAEG;IACH,iBAAiB,IAAI,IAAI;CAQ1B"}

package/dist/codemode/security.js

@@ -0,0 +1,149 @@
+/**
+ * mysql-mcp - Code Mode Security
+ *
+ * Input validation, rate limiting, and audit logging for code execution.
+ */
+import { logger } from "../utils/logger.js";
+import { DEFAULT_SECURITY_CONFIG, } from "./types.js";
+/**
+ * Security manager for Code Mode executions
+ */
+export class CodeModeSecurityManager {
+    config;
+    rateLimitMap = new Map();
+    constructor(config) {
+        this.config = { ...DEFAULT_SECURITY_CONFIG, ...config };
+    }
+    /**
+     * Validate code before execution
+     */
+    validateCode(code) {
+        const errors = [];
+        // Check code length
+        if (!code || typeof code !== "string") {
+            errors.push("Code must be a non-empty string");
+            return { valid: false, errors };
+        }
+        if (code.length > this.config.maxCodeLength) {
+            errors.push(`Code exceeds maximum length of ${String(this.config.maxCodeLength)} bytes`);
+            return { valid: false, errors };
+        }
+        // Check for blocked patterns
+        for (const pattern of this.config.blockedPatterns) {
+            if (pattern.test(code)) {
+                errors.push(`Blocked pattern detected: ${pattern.source}`);
+            }
+        }
+        return {
+            valid: errors.length === 0,
+            errors,
+        };
+    }
+    /**
+     * Check rate limit for a client
+     * @returns true if within limits, false if rate limited
+     */
+    checkRateLimit(clientId) {
+        const now = Date.now();
+        const windowMs = 60000; // 1 minute window
+        const existing = this.rateLimitMap.get(clientId);
+        if (!existing || now >= existing.resetTime) {
+            // Start new window
+            this.rateLimitMap.set(clientId, {
+                count: 1,
+                resetTime: now + windowMs,
+            });
+            return true;
+        }
+        if (existing.count >= this.config.maxExecutionsPerMinute) {
+            return false;
+        }
+        existing.count++;
+        return true;
+    }
+    /**
+     * Get remaining rate limit for a client
+     */
+    getRateLimitRemaining(clientId) {
+        const existing = this.rateLimitMap.get(clientId);
+        if (!existing || Date.now() >= existing.resetTime) {
+            return this.config.maxExecutionsPerMinute;
+        }
+        return Math.max(0, this.config.maxExecutionsPerMinute - existing.count);
+    }
+    /**
+     * Sanitize and truncate result if too large
+     */
+    sanitizeResult(result) {
+        try {
+            const serialized = JSON.stringify(result);
+            if (serialized.length > this.config.maxResultSize) {
+                return {
+                    _truncated: true,
+                    _originalSize: serialized.length,
+                    _maxSize: this.config.maxResultSize,
+                    preview: serialized.substring(0, 1000) + "...",
+                };
+            }
+            return result;
+        }
+        catch {
+            return {
+                _error: "Result could not be serialized",
+                _type: typeof result,
+            };
+        }
+    }
+    /**
+     * Log execution for audit purposes
+     */
+    auditLog(execution) {
+        const { id, clientId, codePreview, result, readonly } = execution;
+        const logContext = {
+            module: "CODEMODE",
+            operation: "execute",
+            entityId: id,
+            clientId: clientId ?? "anonymous",
+            readonly,
+            success: result.success,
+            wallTimeMs: result.metrics.wallTimeMs,
+            memoryUsedMb: result.metrics.memoryUsedMb,
+        };
+        if (result.success) {
+            logger.info(`Code execution completed: ${codePreview.substring(0, 50)}...`, logContext);
+        }
+        else {
+            const errorContext = {
+                ...logContext,
+                ...(result.error !== undefined ? { error: result.error } : {}),
+                ...(result.stack !== undefined ? { stack: result.stack } : {}),
+            };
+            logger.warning(`Code execution failed: ${result.error ?? "unknown error"}`, errorContext);
+        }
+    }
+    /**
+     * Create execution record for audit
+     */
+    createExecutionRecord(code, result, readonly, clientId) {
+        return {
+            id: crypto.randomUUID(),
+            clientId,
+            timestamp: new Date(),
+            codePreview: code.length > 200 ? code.substring(0, 200) + "..." : code,
+            result,
+            readonly,
+        };
+    }
+    /**
+     * Clean up old rate limit entries
+     */
+    cleanupRateLimits() {
+        const now = Date.now();
+        for (const [clientId, entry] of this.rateLimitMap) {
+            if (now >= entry.resetTime) {
+                this.rateLimitMap.delete(clientId);
+            }
+        }
+    }
+}
+//# sourceMappingURL=security.js.map

package/dist/codemode/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/codemode/security.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EACL,uBAAuB,GAKxB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,OAAO,uBAAuB;IACjB,MAAM,CAAiB;IACvB,YAAY,GAAG,IAAI,GAAG,EAGpC,CAAC;IAEJ,YAAY,MAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,uBAAuB,EAAE,GAAG,MAAM,EAAE,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,IAAY;QACvB,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,oBAAoB;QACpB,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;YAC/C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAClC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC5C,MAAM,CAAC,IAAI,CACT,kCAAkC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAC5E,CAAC;YACF,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAClC,CAAC;QAED,6BAA6B;QAC7B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YAClD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC,6BAA6B,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1B,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,QAAgB;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,kBAAkB;QAE1C,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEjD,IAAI,CAAC,QAAQ,IAAI,GAAG,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YAC3C,mBAAmB;YACnB,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE;gBAC9B,KAAK,EAAE,CAAC;gBACR,SAAS,EAAE,GAAG,GAAG,QAAQ;aAC1B,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC;YACzD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,QAAQ,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,qBAAqB,CAAC,QAAgB;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YAClD,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,sBAAsB,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAe;QAC5B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAClD,OAAO;oBACL,UAAU,EAAE,IAAI;oBAChB,aAAa,EAAE,UAAU,CAAC,MAAM;oBAChC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa;oBACnC,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,KAAK;iBAC/C,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,MAAM,EAAE,gCAAgC;gBACxC,KAAK,EAAE,OAAO,MAAM;aACrB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,SAA0B;QACjC,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;QAElE,MAAM,UAAU,GAAG;YACjB,MAAM,EAAE,UAAmB;YAC3B,SAAS,EAAE,SAAS;YACpB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,QAAQ,IAAI,WAAW;YACjC,QAAQ;YACR,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;YACrC,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,YAAY;SAC1C,CAAC;QAEF,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,MAAM,CAAC,IAAI,CACT,6BAA6B,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,EAC9D,UAAU,CACX,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,YAAY,GAAG;gBACnB,GAAG,UAAU;gBACb,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9D,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC/D,CAAC;YACF,MAAM,CAAC,OAAO,CACZ,0BAA0B,MAAM,CAAC,KAAK,IAAI,eAAe,EAAE,EAC3D,YAAY,CACb,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,qBAAqB,CACnB,IAAY,EACZ,MAAqB,EACrB,QAAiB,EACjB,QAAiB;QAEjB,OAAO;YACL,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;YACvB,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,WAAW,EAAE,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI;YACtE,MAAM;YACN,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAClD,IAAI,GAAG,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;gBAC3B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;IACH,CAAC;CACF"}