@pedrofariasx/qwenproxy 1.2.0 → 1.2.2

package/src/linter/repair-normalize.ts

@@ -1,245 +0,0 @@
-/*
- * Layer 4: Normalization + Repair Engine
- */
-
-import type { CanonicalToolCall, ToolCallSource, RawToolCandidate } from './types'
-import { StructuralParser } from './structural-parser'
-
-export interface RepairResult {
-  repaired: boolean
-  value: unknown
-  confidence: number
-  strategy: string
-}
-
-export interface NormalizationResult {
-  toolCall: CanonicalToolCall
-  warnings: string[]
-}
-
-export class GrammarRepairEngine {
-  private parser: StructuralParser = new StructuralParser()
-
-  repair(input: string): RepairResult {
-    const strategies: Array<{ name: string; attempt: () => unknown | undefined }> = [
-      { name: 'json_strip_repair', attempt: () => this.tryStripRepair(input) },
-      { name: 'quote_fix', attempt: () => this.tryQuoteFix(input) },
-      { name: 'trailing_comma_fix', attempt: () => this.tryTrailingCommaFix(input) },
-      { name: 'braces_balance', attempt: () => this.tryBraceBalance(input) },
-      { name: 'key_unquote', attempt: () => this.tryKeyUnquote(input) },
-      { name: 'parser_resync', attempt: () => this.tryParserResync(input) },
-      { name: 'synthetic_construction', attempt: () => this.trySyntheticConstruction(input) },
-      { name: 'json_parse_last_resort', attempt: () => this.tryJsonParseLastResort(input) },
-    ]
-
-    for (const strategy of strategies) {
-      try {
-        const result = strategy.attempt()
-        if (result !== undefined && result !== null) {
-          return { repaired: true, value: result, confidence: this.inferConfidence(strategy.name), strategy: strategy.name }
-        }
-      } catch { continue }
-    }
-
-    return { repaired: false, value: null, confidence: 0, strategy: 'failed' }
-  }
-
-  private tryStripRepair(input: string): Record<string, unknown> | undefined {
-    const stripped = input
-      .replace(/```json\s*/gi, '')
-      .replace(/```\s*$/gm, '')
-      .replace(/```\s*/gi, '')
-      .replace(/^\s*[\[\{]\s*$/, '')
-      .replace(/[\u0000-\u001F]+/g, ' ')
-      .trim()
-
-    if (stripped === input) return undefined
-
-    try {
-      const parsed = JSON.parse(stripped)
-      if (typeof parsed === 'object' && parsed !== null) return parsed
-    } catch { /* not parseable */ }
-
-    return undefined
-  }
-
-  private tryQuoteFix(input: string): Record<string, unknown> | undefined {
-    let fixed = input
-    const quoteCount = (fixed.match(/"/g) ?? []).length
-    if (quoteCount % 2 !== 0) fixed += '"'
-
-    if (/['"]/.test(fixed) && /(^|[,:{\s])'[a-z]/i.test(fixed)) {
-      fixed = fixed.replace(/'/g, '"')
-    }
-
-    try {
-      const parsed = JSON.parse(fixed)
-      if (typeof parsed === 'object' && parsed !== null) return parsed
-    } catch { /* not parseable */ }
-
-    return undefined
-  }
-
-  private tryTrailingCommaFix(input: string): Record<string, unknown> | undefined {
-    let fixed = input.replace(/,(\s*[}\]])/g, '$1')
-    if (fixed === input) return undefined
-    try {
-      const parsed = JSON.parse(fixed)
-      if (typeof parsed === 'object' && parsed !== null) return parsed
-    } catch { /* not parseable */ }
-    return undefined
-  }
-
-  private tryBraceBalance(input: string): Record<string, unknown> | undefined {
-    let depth = 0, start = -1
-    for (let i = 0; i < input.length; i++) {
-      if (input[i] === '{') { if (depth === 0) start = i; depth++ }
-      else if (input[i] === '}') {
-        depth--
-        if (depth === 0 && start !== -1) {
-          try { const parsed = JSON.parse(input.slice(start, i + 1)); if (typeof parsed === 'object' && parsed !== null) return parsed }
-          catch { /* not parseable */ }
-        }
-      }
-    }
-    return undefined
-  }
-
-  private tryKeyUnquote(input: string): Record<string, unknown> | undefined {
-    if (!/^\{[\s]*[a-zA-Z_]/m.test(input)) return undefined
-    let fixed = input.replace(/([,{]\s*)([a-zA-Z_][a-zA-Z0-9_\-]*)(\s*:)/g, '$1"$2"$3')
-    try {
-      const parsed = JSON.parse(fixed)
-      if (typeof parsed === 'object' && parsed !== null) return parsed
-    } catch { /* not parseable */ }
-    return undefined
-  }
-
-  private tryParserResync(input: string): Record<string, unknown> | undefined {
-    const result = this.parser.parse(input, 'unknown')
-    if (result.ast && result.confidence >= 0.5 && result.ast.type === 'object') {
-      return result.ast.value as Record<string, unknown>
-    }
-    return undefined
-  }
-
-  private trySyntheticConstruction(input: string): Record<string, unknown> | undefined {
-    const nameMatch = input.match(/"name"\s*:\s*"([^"]+)"|name\s*[:=]\s*['"]?(\w+)['"]?/i)
-    const toolMatch = input.match(/"tool"\s*:\s*"([^"]+)"|tool\s*[:=]\s*['"]?(\w+)['"]?/i)
-    const funcNameMatch = input.match(/"functionCall"\s*:\s*\{\s*"name"\s*:\s*"([^"]+)"/)
-    const toolUseMatch = input.match(/"type"\s*:\s*"tool_use"[\s\S]*?"name"\s*:\s*"([^"]+)"/)
-
-    if (nameMatch || funcNameMatch || toolUseMatch || toolMatch) {
-      const toolName = nameMatch?.[1] ?? nameMatch?.[2] ?? funcNameMatch?.[1] ?? toolUseMatch?.[1] ?? toolMatch?.[1] ?? toolMatch?.[2] ?? 'unknown'
-      const inputBlock = this.extractInputBlock(input)
-      return { tool: toolName, input: inputBlock ?? {} }
-    }
-
-    return undefined
-  }
-
-  private tryJsonParseLastResort(input: string): Record<string, unknown> | undefined {
-    try {
-      const parsed = JSON.parse(input)
-      if (typeof parsed === 'object' && parsed !== null) return parsed
-    } catch { /* last resort failed */ }
-    return undefined
-  }
-
-  private extractInputBlock(input: string): Record<string, unknown> | undefined {
-    const argsMatch = input.match(new RegExp('"arguments"\\s*:\\s*(\\{[\\s\\S]*\\})', 'i'))
-    const inputMatch = input.match(new RegExp('"input"\\s*:\\s*(\\{[\\s\\S]*\\})', 'i'))
-    const argsMatch2 = input.match(new RegExp('"args"\\s*:\\s*(\\{[\\s\\S]*\\})', 'i'))
-    const funcArgsMatch = input.match(/"functionCall"\s*:\s*\{\s*"name"\s*:\s*"[^"]+"\s*,\s*"args"\s*:\s*(\{[\s\S]*?\})\s*\}/)
-    const toolInputMatch = input.match(/"type"\s*:\s*"tool_use"[\s\S]*?"input"\s*:\s*(\{[\s\S]*?\})\s*\}/)
-
-    const target = argsMatch?.[1] ?? inputMatch?.[1] ?? argsMatch2?.[1] ?? funcArgsMatch?.[1] ?? toolInputMatch?.[1]
-    if (target) {
-      try { return JSON.parse(target) } catch { return undefined }
-    }
-    return undefined
-  }
-
-  private inferConfidence(strategy: string): number {
-    const map: Record<string, number> = {
-      json_strip_repair: 0.95, json_parse_last_resort: 0.9, quote_fix: 0.85,
-      trailing_comma_fix: 0.85, braces_balance: 0.8, key_unquote: 0.8,
-      parser_resync: 0.7, synthetic_construction: 0.6,
-    }
-    return map[strategy] ?? 0.5
-  }
-}
-
-export class NormalizationEngine {
-  normalize(candidate: RawToolCandidate, repaired = false): NormalizationResult {
-    const raw = candidate.raw
-    const warnings: string[] = []
-    let toolName = 'unknown'
-    let inputData: Record<string, unknown> = {}
-
-    const asRecord = raw as Record<string, unknown>
-
-    if (asRecord.tool) {
-      toolName = String(asRecord.tool)
-      inputData = this.normalizeInput(asRecord.arguments ?? asRecord.input ?? asRecord.args ?? {}, warnings)
-    } else if (asRecord.name) {
-      toolName = String(asRecord.name)
-      if (asRecord.functionCall && typeof asRecord.functionCall === 'object') {
-        const fc = asRecord.functionCall as Record<string, unknown>
-        toolName = String(fc.name ?? toolName)
-        inputData = this.normalizeInput(fc.args ?? fc.input ?? {}, warnings)
-      } else if (asRecord.type === 'tool_use') {
-        inputData = this.normalizeInput(asRecord.input ?? asRecord.args ?? {}, warnings)
-      } else if (asRecord.arguments !== undefined) {
-        inputData = this.normalizeInput(asRecord.arguments, warnings)
-      } else if (asRecord.input !== undefined) {
-        inputData = this.normalizeInput(asRecord.input, warnings)
-      } else if (asRecord.args !== undefined) {
-        inputData = this.normalizeInput(asRecord.args, warnings)
-      } else if (asRecord.action) {
-        toolName = String(asRecord.action)
-        inputData = this.normalizeInput(asRecord.input ?? asRecord.arguments ?? {}, warnings)
-      } else {
-        warnings.push('No tool name found in candidate')
-      }
-    } else {
-      const keys = Object.keys(asRecord)
-      warnings.push('No tool name found in candidate')
-      if (keys.length === 1 && typeof asRecord[keys[0]] === 'object' && asRecord[keys[0]] !== null && !Array.isArray(asRecord[keys[0]])) {
-        toolName = String(keys[0])
-        inputData = this.normalizeInput(asRecord[keys[0]], warnings)
-      }
-    }
-
-    const toolCall: CanonicalToolCall = {
-      tool: toolName,
-      input: inputData,
-      meta: { source: candidate.source, confidence: candidate.confidence, repaired },
-    }
-
-    return { toolCall, warnings }
-  }
-
-  private normalizeInput(input: unknown, warnings: string[]): Record<string, unknown> {
-    if (typeof input === 'string') {
-      return this.parseInputString(input, warnings)
-    }
-    if (typeof input === 'object' && input !== null && !Array.isArray(input)) {
-      return input as Record<string, unknown>
-    }
-    warnings.push(`Input was not a valid object: ${typeof input}`)
-    return {}
-  }
-
-  private parseInputString(input: string, warnings: string[]): Record<string, unknown> {
-    if (!input || input.trim().length === 0) { warnings.push('Empty input string'); return {} }
-    try {
-      const parsed = JSON.parse(input)
-      if (typeof parsed === 'object' && parsed !== null && !Array.isArray(parsed)) {
-        return parsed as Record<string, unknown>
-      }
-    } catch { /* not parseable */ }
-    warnings.push('Input string was not valid JSON, wrapping')
-    return { raw_input: input }
-  }
-}

package/src/linter/safety-gate.ts

@@ -1,219 +0,0 @@
-/*
- * Layer 5: Validation + Safety Gate
- */
-
-import type { CanonicalToolCall, ToolCallSource, SecurityViolation, ToolDefinition } from './types'
-
-export interface ValidationReport {
-  isValid: boolean
-  violations: SecurityViolation[]
-  confidence: number
-  warnings: string[]
-  canExecute: boolean
-}
-
-export class SafetyGate {
-  private registry: Record<string, ToolDefinition> = {}
-
-  private readonly dangerousPatterns = [
-    /\$\(/g, /\$\{/g, /`/g,
-    /;\s*(rm|cat|ls|whoami|id|curl|wget|nc|ncat)\b/gi,
-    /\|\s*(sh|bash|zsh|csh|python|node|perl)\b/gi,
-    /&&\s*(rm|cat|whoami)/gi,
-    /exec\s*\(/gi, /eval\s*\(/gi, /\beval\s*\(/gi,
-    /system\s*\(/gi, /passthru\s*\(/gi, /shell_exec\s*\(/gi,
-    /proc\s*\(/gi, /subprocess\s*\./gi, /spawn\s*\(/gi,
-    /execSync\s*\(/gi, /child_process/gi,
-  ]
-
-  private readonly ssrfPatterns = [
-    /http[s]?:\/\/(?:127\.0\.0\.1|0\.0\.0\.0|\[::1\]|localhost|169\.254\.\d+\.\d+|metadata\.google)/i,
-    /gopher:\/\//i, /file:\/\//i, /ftp:\/\//i,
-    /\b7777\b|\b9090\b|\b3389\b|\b22\b/,
-  ]
-
-  private readonly promptInjectionPatterns = [
-    /ignore\s+(all\s+)?previous\s+instructions/i, /disregard\s+(all\s+)?previous/i,
-    /jailbreak/i, /you\s+are\s+now\s+DAN/i, /pretend\s+you\s+are/i,
-    /act\s+as\s+if/i, /your\s+new\s+instructions/i, /developer\s+mode/i,
-    /list\s+all\s+files/i, /cat\s+\/etc/i,
-  ]
-
-  private readonly encodedPatterns = [
-    /%3Cscript/i, /javascript:/i, /\\x[0-9a-fA-F]{2}/, /\\u[0-9a-fA-F]{4}/,
-    /&#[0-9]+;/i, /data:text\/html/i,
-  ]
-
-  registerTool(name: string, definition: Partial<ToolDefinition>): void {
-    this.registry[name] = {
-      name,
-      description: definition.description ?? '',
-      parameters: definition.parameters ?? {},
-      required: definition.required ?? [],
-      strict: definition.strict ?? false,
-    }
-  }
-
-  registerRegistry(registry: Record<string, ToolDefinition>): void {
-    this.registry = registry
-  }
-
-  validate(call: CanonicalToolCall, sourceHint: ToolCallSource): ValidationReport {
-    const violations: SecurityViolation[] = []
-    const warnings: string[] = []
-    let confidence = call.meta?.confidence ?? 0.5
-
-    const semanticResult = this.validateSemantics(call)
-    violations.push(...semanticResult.violations)
-    warnings.push(...semanticResult.warnings)
-    confidence = Math.min(confidence, semanticResult.confidence)
-
-    const securityResult = this.validateSecurity(call)
-    violations.push(...securityResult.violations)
-    warnings.push(...securityResult.warnings)
-
-    warnings.push(...this.validateTypes(call).warnings)
-
-    const registryResult = this.validateRegistry(call)
-    warnings.push(...registryResult.warnings)
-    confidence = Math.min(confidence, registryResult.confidence)
-
-    const hasBlockingViolations = violations.some(v =>
-      v.type === 'shell_injection' || v.type === 'filesystem_access' || v.type === 'prompt_injection'
-    )
-
-    confidence = Math.max(0.1, Math.min(1.0, confidence))
-
-    return {
-      isValid: !hasBlockingViolations && violations.length === 0,
-      violations,
-      confidence,
-      warnings,
-      canExecute: !hasBlockingViolations,
-    }
-  }
-
-  private validateSemantics(call: CanonicalToolCall): { violations: SecurityViolation[]; warnings: string[]; confidence: number } {
-    const violations: SecurityViolation[] = []
-    const warnings: string[] = []
-    let confidence = 1.0
-
-    if (!call.tool || call.tool.trim().length === 0) {
-      violations.push({ type: 'shell_injection', field: 'tool', value: String(call.tool), detail: 'Tool name is empty' })
-      confidence -= 0.5
-    }
-    if (typeof call.tool !== 'string') {
-      violations.push({ type: 'shell_injection', field: 'tool', value: String(call.tool), detail: 'Tool name is not a string' })
-      confidence -= 0.4
-    }
-    if (call.tool && /[ /\\]/.test(call.tool)) {
-      warnings.push(`Suspicious tool name: "${call.tool}"`)
-      confidence -= 0.1
-    }
-    if (typeof call.input !== 'object' || call.input === null || Array.isArray(call.input)) {
-      violations.push({ type: 'shell_injection', field: 'input', value: String(call.input), detail: 'Input is not a valid object' })
-      confidence -= 0.4
-    }
-    for (const [key, value] of Object.entries(call.input)) {
-      if (typeof value === 'string' && value.trim().length === 0) {
-        warnings.push(`Empty string parameter: "${key}"`)
-        confidence -= 0.05
-      }
-    }
-
-    return { violations, warnings, confidence: Math.max(0, confidence) }
-  }
-
-  private validateSecurity(call: CanonicalToolCall): { violations: SecurityViolation[]; warnings: string[] } {
-    const violations: SecurityViolation[] = []
-    const warnings: string[] = []
-    const inputString = JSON.stringify(call.input)
-
-    for (const pattern of this.dangerousPatterns) {
-      pattern.lastIndex = 0
-      if (pattern.test(inputString)) {
-        violations.push({ type: 'shell_injection', field: 'input', value: inputString.slice(0, 100), detail: `Potential shell injection pattern detected` })
-        break
-      }
-    }
-
-    for (const field of Object.values(call.input)) {
-      const str = String(field ?? '')
-      for (const pattern of this.ssrfPatterns) {
-        pattern.lastIndex = 0
-        if (pattern.test(str)) {
-          violations.push({ type: 'ssrf', field: 'input', value: str.slice(0, 200), detail: `SSRF pattern detected` })
-          break
-        }
-      }
-    }
-
-    const combinedInput = Object.values(call.input)
-      .map(v => typeof v === 'string' ? v : JSON.stringify(v))
-      .join(' ')
-
-    for (const pattern of this.promptInjectionPatterns) {
-      pattern.lastIndex = 0
-      if (pattern.test(combinedInput)) {
-        violations.push({ type: 'prompt_injection', field: 'input', value: combinedInput.slice(0, 200), detail: `Prompt injection pattern detected` })
-        break
-      }
-    }
-
-    for (const pattern of this.encodedPatterns) {
-      pattern.lastIndex = 0
-      if (pattern.test(combinedInput)) {
-        violations.push({ type: 'encoded_payload', field: 'input', value: combinedInput.slice(0, 200), detail: `Encoded payload detected` })
-        break
-      }
-    }
-
-    return { violations, warnings }
-  }
-
-  private validateTypes(call: CanonicalToolCall): { warnings: string[] } {
-    const warnings: string[] = []
-    for (const [key, value] of Object.entries(call.input)) {
-      const type = typeof value
-      if (value !== null && typeof value !== 'undefined' && typeof value !== 'function' && typeof value !== 'symbol' && typeof value !== 'bigint' && typeof value !== 'object') {
-        warnings.push(`Unexpected type for parameter "${key}": ${type}`)
-      }
-    }
-    return { warnings }
-  }
-
-  private validateRegistry(call: CanonicalToolCall): { warnings: string[]; confidence: number } {
-    const warnings: string[] = []
-    let confidence = 1.0
-
-    const toolDef = this.registry[call.tool]
-    if (!toolDef) {
-      warnings.push(`Tool "${call.tool}" not found in registry`)
-      confidence -= 0.3
-      return { warnings, confidence: Math.max(0.1, confidence) }
-    }
-
-    if (toolDef.required && Array.isArray(toolDef.required)) {
-      for (const requiredField of toolDef.required) {
-        if (!(requiredField in call.input) || call.input[requiredField] === undefined) {
-          warnings.push(`Missing required field: "${requiredField}" for tool "${call.tool}"`)
-          confidence -= 0.2
-        }
-      }
-    }
-
-    if (toolDef.strict && toolDef.parameters) {
-      for (const [param, expectedType] of Object.entries(toolDef.parameters)) {
-        if (param in call.input && call.input[param] !== undefined) {
-          const actualType = typeof call.input[param]
-          if (actualType !== String(expectedType).toLowerCase()) {
-            warnings.push(`Type mismatch for "${param}": expected ${String(expectedType)}, got ${actualType}`)
-            confidence -= 0.1
-          }
-        }
-      }
-    }
-
-    return { warnings, confidence: Math.max(0.1, confidence) }
-  }
-}