@openape/proxy 0.2.7 → 0.2.9

package/CHANGELOG.md

@@ -1,5 +1,22 @@
 # @openape/proxy
 
+## 0.2.9
+
+### Patch Changes
+
+- Updated dependencies [[`6c0cbad`](https://github.com/openape-ai/openape/commit/6c0cbada5165dc4e45381ffdaca847cd9dfc1d02)]:
+  - @openape/grants@0.8.0
+
+## 0.2.8
+
+### Patch Changes
+
+- Fix ReDoS-vulnerable regex in proxy auth header parsing. Fix lint violations across packages. Update import paths for CLI permissions moved to @openape/grants.
+
+- Updated dependencies []:
+  - @openape/core@0.12.0
+  - @openape/grants@0.7.0
+
 ## 0.2.7
 
 ### Patch Changes

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@openape/proxy",
   "type": "module",
-  "version": "0.2.7",
+  "version": "0.2.9",
   "turbo": {
     "tags": [
       "publishable"
@@ -16,8 +16,8 @@
   "dependencies": {
     "jose": "^5.9.0",
     "smol-toml": "^1.3.0",
-    "@openape/core": "0.11.0",
-    "@openape/grants": "0.6.0"
+    "@openape/core": "0.12.0",
+    "@openape/grants": "0.8.0"
   },
   "devDependencies": {
     "@types/bun": "^1.3.10",
@@ -43,6 +43,7 @@
     "build": "tsup",
     "typecheck": "tsc --noEmit",
     "lint": "eslint .",
-    "test": "vitest run --passWithNoTests"
+    "test": "vitest run --passWithNoTests",
+    "test:coverage": "vitest run --coverage"
   }
 }

package/src/audit.ts

@@ -15,6 +15,6 @@ export function writeAudit(entry: AuditEntry): void {
 
   // Write to file if configured
   if (auditPath) {
-    appendFileSync(auditPath, line + '\n')
+    appendFileSync(auditPath, `${line}\n`)
   }
 }

package/src/auth.ts

@@ -27,7 +27,7 @@ export async function verifyAgentAuth(
     return null
   }
 
-  const match = authHeader.match(/^Bearer\s+(.+)$/i)
+  const match = authHeader.match(/^Bearer (.+)$/i)
   if (!match) {
     if (mandatory) throw new AuthError('Invalid authorization header')
     return null

package/src/grants-client.ts

@@ -19,7 +19,7 @@ export class GrantsClient {
   private headers(): Record<string, string> {
     const h: Record<string, string> = { 'Content-Type': 'application/json' }
     if (this.agentToken) {
-      h['Authorization'] = `Bearer ${this.agentToken}`
+      h.Authorization = `Bearer ${this.agentToken}`
     }
     return h
   }

package/src/matcher.ts

@@ -7,13 +7,13 @@ import type { ProxyConfig, RuleAction, RuleEntry } from './types.js'
 function globMatch(pattern: string, value: string): boolean {
   // Simple glob: convert * to regex
   const regex = new RegExp(
-    '^' +
-    pattern
-      .replace(/[.+^${}()|[\]\\]/g, '\\$&')  // escape regex chars except *
-      .replace(/\*\*/g, '<<<DOUBLESTAR>>>')
-      .replace(/\*/g, '[^/]*')
-      .replace(/<<<DOUBLESTAR>>>/g, '.*')
-    + '$'
+    `^${
+      pattern
+        .replace(/[.+^${}()|[\]\\]/g, '\\$&')  // escape regex chars except *
+        .replace(/\*\*/g, '<<<DOUBLESTAR>>>')
+        .replace(/\*/g, '[^/]*')
+        .replace(/<<<DOUBLESTAR>>>/g, '.*')
+    }$`,
   )
   return regex.test(value)
 }

package/src/proxy.ts

@@ -393,7 +393,8 @@ async function forwardRequest(originalReq: Request, targetUrl: string, cachedBod
       statusText: res.statusText,
       headers: responseHeaders,
     })
-  } catch (err) {
+  }
+  catch (err) {
     const msg = err instanceof Error ? err.message : 'Upstream error'
     return new Response(`Proxy error: ${msg}`, { status: 502 })
   }

package/vitest.config.ts

@@ -3,5 +3,16 @@ import { defineConfig } from 'vitest/config'
 export default defineConfig({
   test: {
     environment: 'node',
+    coverage: {
+      provider: 'istanbul',
+      include: ['src/**/*.ts'],
+      exclude: ['src/**/*.test.ts', 'src/**/index.ts', 'src/types/**'],
+      reporter: ['text', 'lcov'],
+      thresholds: {
+        statements: 29,
+        functions: 29,
+        lines: 29,
+      },
+    },
   },
 })