npm - @peac/schema - Versions diffs - 0.10.12 → 0.10.14 - Mend

@peac/schema 0.10.12 → 0.10.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/attribution.cjs +2 -0
package/dist/attribution.cjs.map +1 -1
package/dist/attribution.mjs +2 -0
package/dist/attribution.mjs.map +1 -1
package/dist/constraints.d.ts +68 -0
package/dist/constraints.d.ts.map +1 -0
package/dist/errors.d.ts.map +1 -1
package/dist/index.cjs +129 -7
package/dist/index.cjs.map +1 -1
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.mjs +110 -9
package/dist/index.mjs.map +1 -1
package/dist/json.d.ts +3 -2
package/dist/json.d.ts.map +1 -1
package/dist/receipt-parser.cjs +2 -0
package/dist/receipt-parser.cjs.map +1 -1
package/dist/receipt-parser.mjs +2 -0
package/dist/receipt-parser.mjs.map +1 -1
package/package.json +3 -3

package/dist/index.cjs CHANGED Viewed

@@ -3,8 +3,28 @@
 var kernel = require('@peac/kernel');
 var zod = require('zod');
+function _interopNamespace(e) {
+  if (e && e.__esModule) return e;
+  var n = Object.create(null);
+  if (e) {
+    Object.keys(e).forEach(function (k) {
+      if (k !== 'default') {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+var kernel__namespace = /*#__PURE__*/_interopNamespace(kernel);
 // src/errors.ts
-var ERROR_CATEGORIES_CANONICAL = kernel.ERROR_CATEGORIES;
+var ERROR_CATEGORIES_CANONICAL = kernel__namespace.ERROR_CATEGORIES;
 var ERROR_CODES = {
   // Validation errors (400)
   E_CONTROL_REQUIRED: "E_CONTROL_REQUIRED",
@@ -277,6 +297,106 @@ function determinePurposeReason(context) {
 function hasUnknownPurposeTokens(tokens) {
   return tokens.some((token) => !isCanonicalPurpose(token));
 }
+// src/constraints.ts
+var KERNEL_CONSTRAINTS = {
+  /** Maximum nesting depth for JSON evidence */
+  MAX_NESTED_DEPTH: 32,
+  /** Maximum array length in evidence */
+  MAX_ARRAY_LENGTH: 1e4,
+  /** Maximum object keys in a single object */
+  MAX_OBJECT_KEYS: 1e3,
+  /** Maximum string length in code units (JS .length). Matches assertJsonSafeIterative. */
+  MAX_STRING_LENGTH: 65536,
+  /** Maximum total nodes to visit during traversal */
+  MAX_TOTAL_NODES: 1e5,
+  /** Temporal validity clock skew tolerance in seconds (DD-8) */
+  CLOCK_SKEW_SECONDS: 60
+};
+function validateKernelConstraints(claims) {
+  const violations = [];
+  if (claims === null || claims === void 0 || typeof claims !== "object") {
+    return { valid: true, violations };
+  }
+  let totalNodes = 0;
+  const stack = [
+    { value: claims, depth: 0, path: "" }
+  ];
+  while (stack.length > 0) {
+    const item = stack.pop();
+    totalNodes++;
+    if (totalNodes > KERNEL_CONSTRAINTS.MAX_TOTAL_NODES) {
+      violations.push({
+        constraint: "MAX_TOTAL_NODES",
+        actual: totalNodes,
+        limit: KERNEL_CONSTRAINTS.MAX_TOTAL_NODES,
+        path: item.path
+      });
+      break;
+    }
+    if (item.depth > KERNEL_CONSTRAINTS.MAX_NESTED_DEPTH) {
+      violations.push({
+        constraint: "MAX_NESTED_DEPTH",
+        actual: item.depth,
+        limit: KERNEL_CONSTRAINTS.MAX_NESTED_DEPTH,
+        path: item.path
+      });
+      continue;
+    }
+    if (item.value === null || typeof item.value !== "object") {
+      if (typeof item.value === "string") {
+        if (item.value.length > KERNEL_CONSTRAINTS.MAX_STRING_LENGTH) {
+          violations.push({
+            constraint: "MAX_STRING_LENGTH",
+            actual: item.value.length,
+            limit: KERNEL_CONSTRAINTS.MAX_STRING_LENGTH,
+            path: item.path
+          });
+        }
+      }
+      continue;
+    }
+    if (Array.isArray(item.value)) {
+      if (item.value.length > KERNEL_CONSTRAINTS.MAX_ARRAY_LENGTH) {
+        violations.push({
+          constraint: "MAX_ARRAY_LENGTH",
+          actual: item.value.length,
+          limit: KERNEL_CONSTRAINTS.MAX_ARRAY_LENGTH,
+          path: item.path
+        });
+      }
+      for (let i = item.value.length - 1; i >= 0; i--) {
+        stack.push({
+          value: item.value[i],
+          depth: item.depth + 1,
+          path: `${item.path}[${i}]`
+        });
+      }
+      continue;
+    }
+    const keys = Object.keys(item.value);
+    if (keys.length > KERNEL_CONSTRAINTS.MAX_OBJECT_KEYS) {
+      violations.push({
+        constraint: "MAX_OBJECT_KEYS",
+        actual: keys.length,
+        limit: KERNEL_CONSTRAINTS.MAX_OBJECT_KEYS,
+        path: item.path
+      });
+    }
+    for (let i = keys.length - 1; i >= 0; i--) {
+      const key = keys[i];
+      const childPath = item.path ? `${item.path}.${key}` : key;
+      stack.push({
+        value: item.value[key],
+        depth: item.depth + 1,
+        path: childPath
+      });
+    }
+  }
+  return { valid: violations.length === 0, violations };
+}
+// src/json.ts
 function isPlainObject(value) {
   if (value === null || typeof value !== "object") {
     return false;
@@ -305,15 +425,15 @@ var JsonObjectSchema = PlainObjectSchema.transform(
 var JsonArraySchema = zod.z.array(JsonValueSchema);
 var JSON_EVIDENCE_LIMITS = {
   /** Maximum nesting depth (default: 32) */
-  maxDepth: 32,
+  maxDepth: KERNEL_CONSTRAINTS.MAX_NESTED_DEPTH,
   /** Maximum array length (default: 10,000) */
-  maxArrayLength: 1e4,
+  maxArrayLength: KERNEL_CONSTRAINTS.MAX_ARRAY_LENGTH,
   /** Maximum object keys (default: 1,000) */
-  maxObjectKeys: 1e3,
-  /** Maximum string length in bytes (default: 65,536 = 64KB) */
-  maxStringLength: 65536,
+  maxObjectKeys: KERNEL_CONSTRAINTS.MAX_OBJECT_KEYS,
+  /** Maximum string length in code units (default: 65,536) */
+  maxStringLength: KERNEL_CONSTRAINTS.MAX_STRING_LENGTH,
   /** Maximum total nodes to visit (default: 100,000) */
-  maxTotalNodes: 1e5
+  maxTotalNodes: KERNEL_CONSTRAINTS.MAX_TOTAL_NODES
 };
 function assertJsonSafeIterative(value, limits = {}) {
   const maxDepth = limits.maxDepth ?? JSON_EVIDENCE_LIMITS.maxDepth;
@@ -2656,6 +2776,7 @@ exports.JsonArraySchema = JsonArraySchema;
 exports.JsonObjectSchema = JsonObjectSchema;
 exports.JsonPrimitiveSchema = JsonPrimitiveSchema;
 exports.JsonValueSchema = JsonValueSchema;
+exports.KERNEL_CONSTRAINTS = KERNEL_CONSTRAINTS;
 exports.KIND_FORMAT_PATTERN = KIND_FORMAT_PATTERN;
 exports.KindSchema = KindSchema;
 exports.MAX_PURPOSE_TOKENS_PER_REQUEST = MAX_PURPOSE_TOKENS_PER_REQUEST;
@@ -2807,6 +2928,7 @@ exports.validateIdentityBinding = validateIdentityBinding;
 exports.validateInteraction = validateInteraction;
 exports.validateInteractionEvidence = validateInteractionEvidence;
 exports.validateInteractionOrdered = validateInteractionOrdered;
+exports.validateKernelConstraints = validateKernelConstraints;
 exports.validateMinimalInteractionBinding = validateMinimalInteractionBinding;
 exports.validateObligationsExtension = validateObligationsExtension;
 exports.validatePurposeTokens = validatePurposeTokens;