@papicandela/mcx-core 0.2.1 → 0.2.5

package/src/sandbox/network-policy.ts

@@ -75,83 +75,139 @@ export function generateNetworkIsolationCode(policy: NetworkPolicy): string {
   }
 
   if (policy.mode === "blocked") {
+    // SECURITY: Wrap in IIFE to prevent user code from accessing __original_fetch
+    // Use Object.defineProperty with writable:false to prevent user code from overwriting
     return `
 // Network isolation: BLOCKED
-const __original_fetch = globalThis.fetch;
-globalThis.fetch = async function(url, options) {
-  throw new Error('Network access is blocked in sandbox. Use adapters instead.');
-};
+(function() {
+  const blockedFetch = async function() {
+    throw new Error('Network access is blocked in sandbox. Use adapters instead.');
+  };
+  Object.defineProperty(globalThis, 'fetch', {
+    value: blockedFetch,
+    writable: false,
+    configurable: false
+  });
+})();
 
 // Block XMLHttpRequest
-globalThis.XMLHttpRequest = class {
-  constructor() {
-    throw new Error('XMLHttpRequest is blocked in sandbox.');
-  }
-};
+Object.defineProperty(globalThis, 'XMLHttpRequest', {
+  value: class {
+    constructor() {
+      throw new Error('XMLHttpRequest is blocked in sandbox.');
+    }
+  },
+  writable: false,
+  configurable: false
+});
 
 // Block WebSocket
-globalThis.WebSocket = class {
-  constructor(url) {
-    throw new Error('WebSocket is blocked in sandbox.');
-  }
-};
+Object.defineProperty(globalThis, 'WebSocket', {
+  value: class {
+    constructor() {
+      throw new Error('WebSocket is blocked in sandbox.');
+    }
+  },
+  writable: false,
+  configurable: false
+});
 
 // Block EventSource (SSE)
-globalThis.EventSource = class {
-  constructor(url) {
-    throw new Error('EventSource is blocked in sandbox.');
-  }
-};
+Object.defineProperty(globalThis, 'EventSource', {
+  value: class {
+    constructor() {
+      throw new Error('EventSource is blocked in sandbox.');
+    }
+  },
+  writable: false,
+  configurable: false
+});
 `;
   }
 
   // mode === 'allowed' - whitelist specific domains
+  // SECURITY: Wrap in IIFE to prevent user code from accessing internals
+  // Use Object.defineProperty with writable:false to prevent user code from overwriting
   const domainsJson = JSON.stringify(policy.domains);
   return `
 // Network isolation: ALLOWED (whitelist)
-const __allowed_domains = ${domainsJson};
-const __original_fetch = globalThis.fetch;
+(function() {
+  const _domains = ${domainsJson};
+  const _real_fetch = globalThis.fetch;
 
-function __isUrlAllowed(url) {
-  try {
-    const hostname = new URL(url).hostname;
-    return __allowed_domains.some(d => hostname === d || hostname.endsWith('.' + d));
-  } catch {
-    return false;
+  // Block private/link-local IPs to prevent DNS rebinding attacks
+  function _isPrivateIp(hostname) {
+    return /^(localhost|127\\.|10\\.|192\\.168\\.|172\\.(1[6-9]|2\\d|3[01])\\.|169\\.254\\.|\\[::1\\]|\\[fc|\\[fd)/.test(hostname);
   }
-}
 
-globalThis.fetch = async function(url, options) {
-  const urlStr = typeof url === 'string' ? url : url instanceof URL ? url.toString() : url.url;
-  if (!__isUrlAllowed(urlStr)) {
-    const hostname = new URL(urlStr).hostname;
-    throw new Error(\`Network access blocked: \${hostname} not in allowed domains: \${__allowed_domains.join(', ')}\`);
+  function _isUrlAllowed(url) {
+    try {
+      const parsed = new URL(url);
+      // Only allow http/https protocols
+      if (parsed.protocol !== 'https:' && parsed.protocol !== 'http:') return false;
+      const hostname = parsed.hostname;
+      if (!hostname || _isPrivateIp(hostname)) return false;
+      return _domains.some(d => d && (hostname === d || hostname.endsWith('.' + d)));
+    } catch {
+      return false;
+    }
   }
-  return __original_fetch(url, options);
-};
 
-// Block XMLHttpRequest (not easily whitelistable)
-globalThis.XMLHttpRequest = class {
-  constructor() {
-    throw new Error('XMLHttpRequest is blocked. Use fetch() with allowed domains.');
-  }
-};
+  const whitelistedFetch = async function(url, options) {
+    // Safely extract URL string from various input types
+    let urlStr;
+    try {
+      if (typeof url === 'string') urlStr = url;
+      else if (url instanceof URL) urlStr = url.toString();
+      else if (url && typeof url.url === 'string') urlStr = url.url;
+      else throw new Error('Invalid URL type');
+    } catch {
+      throw new Error('Network access blocked: could not determine request URL.');
+    }
+    if (!_isUrlAllowed(urlStr)) {
+      throw new Error('Network access blocked: domain not in allowed list.');
+    }
+    return _real_fetch(url, options);
+  };
+
+  Object.defineProperty(globalThis, 'fetch', {
+    value: whitelistedFetch,
+    writable: false,
+    configurable: false
+  });
+})();
 
-// Block WebSocket (would need separate whitelist)
-globalThis.WebSocket = class {
-  constructor(url) {
-    if (!__isUrlAllowed(url)) {
-      throw new Error('WebSocket blocked: domain not in allowed list.');
+// Block XMLHttpRequest (not easily whitelistable)
+Object.defineProperty(globalThis, 'XMLHttpRequest', {
+  value: class {
+    constructor() {
+      throw new Error('XMLHttpRequest is blocked. Use fetch() with allowed domains.');
     }
-    throw new Error('WebSocket not supported in sandbox even for allowed domains.');
-  }
-};
+  },
+  writable: false,
+  configurable: false
+});
+
+// Block WebSocket - opaque error to prevent allowlist enumeration
+Object.defineProperty(globalThis, 'WebSocket', {
+  value: class {
+    constructor() {
+      throw new Error('WebSocket is not supported in sandbox.');
+    }
+  },
+  writable: false,
+  configurable: false
+});
 
 // Block EventSource
-globalThis.EventSource = class {
-  constructor(url) {
-    throw new Error('EventSource is blocked in sandbox.');
-  }
-};
+Object.defineProperty(globalThis, 'EventSource', {
+  value: class {
+    constructor() {
+      throw new Error('EventSource is blocked in sandbox.');
+    }
+  },
+  writable: false,
+  configurable: false
+});
 `;
 }

package/src/type-generator.ts

@@ -48,7 +48,8 @@ export function generateTypes(
     // Generate input interface for each tool with parameters
     for (const [toolName, tool] of Object.entries(adapter.tools)) {
       if (tool.parameters && Object.keys(tool.parameters).length > 0) {
-        const inputTypeName = `${capitalize(safeName)}_${capitalize(toolName)}_Input`;
+        const safeToolNameForType = sanitizeIdentifier(toolName);
+        const inputTypeName = `${capitalize(safeName)}_${capitalize(safeToolNameForType)}_Input`;
         lines.push(generateInputInterface(inputTypeName, tool.parameters, includeDescriptions));
         lines.push("");
       }
@@ -56,17 +57,18 @@ export function generateTypes(
 
     // Generate adapter declaration
     if (includeDescriptions && adapter.description) {
-      lines.push(`/** ${adapter.description} */`);
+      lines.push(`/** ${sanitizeJSDoc(adapter.description)} */`);
     }
     lines.push(`declare const ${safeName}: {`);
 
     for (const [toolName, tool] of Object.entries(adapter.tools)) {
       const safeToolName = sanitizeIdentifier(toolName);
       const hasParams = tool.parameters && Object.keys(tool.parameters).length > 0;
-      const inputTypeName = `${capitalize(safeName)}_${capitalize(toolName)}_Input`;
+      // Use sanitized tool name in type name to ensure consistency
+      const inputTypeName = `${capitalize(safeName)}_${capitalize(safeToolName)}_Input`;
 
       if (includeDescriptions && tool.description) {
-        lines.push(`  /** ${tool.description} */`);
+        lines.push(`  /** ${sanitizeJSDoc(tool.description)} */`);
       }
 
       const paramStr = hasParams ? `params: ${inputTypeName}` : "";
@@ -83,7 +85,8 @@ export function generateTypes(
 
 /**
  * Generate a compact type summary for token-constrained contexts.
- * Returns a condensed one-liner per adapter.
+ * Only shows adapter names and method count to minimize context usage.
+ * Use mcx_search to discover specific methods.
  *
  * @param adapters - Array of adapters
  * @returns Compact summary string
@@ -91,8 +94,8 @@ export function generateTypes(
 export function generateTypesSummary(adapters: Adapter[]): string {
   return adapters
     .map((adapter) => {
-      const methods = Object.keys(adapter.tools).join(", ");
-      return `${adapter.name}: { ${methods} }`;
+      const count = Object.keys(adapter.tools).length;
+      return `- ${adapter.name} (${count} methods)`;
     })
     .join("\n");
 }
@@ -108,13 +111,16 @@ function generateInputInterface(
   const lines: string[] = [`interface ${typeName} {`];
 
   for (const [paramName, param] of Object.entries(parameters)) {
+    // Sanitize parameter name to prevent injection
+    const safeParamName = sanitizeIdentifier(paramName);
+
     if (includeDescriptions && param.description) {
-      lines.push(`  /** ${param.description} */`);
+      lines.push(`  /** ${sanitizeJSDoc(param.description)} */`);
     }
 
     const tsType = paramTypeToTS(param.type);
     const optional = param.required === false ? "?" : "";
-    lines.push(`  ${paramName}${optional}: ${tsType};`);
+    lines.push(`  ${safeParamName}${optional}: ${tsType};`);
   }
 
   lines.push("}");
@@ -170,3 +176,11 @@ export function sanitizeIdentifier(name: string): string {
 function capitalize(str: string): string {
   return str.charAt(0).toUpperCase() + str.slice(1);
 }
+
+/**
+ * Sanitize text for use in JSDoc comments.
+ * Prevents comment injection via `*​/` sequences.
+ */
+function sanitizeJSDoc(text: string): string {
+  return text.replace(/\*\//g, "* /").replace(/[\r\n]+/g, " ");
+}