npm - @pellux/goodvibes-sdk - Versions diffs - 0.25.0 → 0.25.2 - Mend

@pellux/goodvibes-sdk 0.25.0 → 0.25.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

package/dist/_internal/platform/runtime/contracts/validators/session.js DELETED Viewed

@@ -1,103 +0,0 @@
-/**
- * Compatibility Contracts — Session Validator
- *
- * Performs runtime shape validation for the session persistence format
- * (messages array + meta object). Returns a structured ValidationResult.
- *
- * @module contracts/validators/session
- */
-/**
- * Validates that `data` conforms to the expected session persistence shape.
- *
- * Checks:
- * - `data` is a non-null object
- * - `sessionId` is a non-empty string
- * - `messages` is an array (contents are not deeply validated)
- * - `meta` is a non-null, non-array object
- * - `meta.version` (if present) has numeric `major`, `minor`, `patch` fields
- *
- * @param data - The raw persisted data to validate.
- * @returns A ValidationResult with structured errors if any field is invalid.
- */
-export function validateSession(data) {
-    const errors = [];
-    if (data === null || typeof data !== 'object') {
-        errors.push({
-            path: '',
-            message: 'Session must be a non-null object',
-            expected: 'object',
-            actual: data === null ? 'null' : typeof data,
-        });
-        return { valid: false, errors };
-    }
-    const record = data;
-    // Validate sessionId: non-empty string
-    const sessionIdRaw = record['sessionId'];
-    if (typeof sessionIdRaw !== 'string' || sessionIdRaw.length === 0) {
-        errors.push({
-            path: 'sessionId',
-            message: "Field 'sessionId' must be a non-empty string",
-            expected: 'non-empty string',
-            actual: sessionIdRaw === undefined ? 'undefined' : sessionIdRaw === null ? 'null' : typeof sessionIdRaw,
-        });
-    }
-    // Validate messages: array
-    const messagesRaw = record['messages'];
-    if (!Array.isArray(messagesRaw)) {
-        errors.push({
-            path: 'messages',
-            message: "Field 'messages' must be an array",
-            expected: 'array',
-            actual: messagesRaw === undefined ? 'undefined' : messagesRaw === null ? 'null' : typeof messagesRaw,
-        });
-    }
-    // Validate meta: non-null, non-array object
-    const metaRaw = record['meta'];
-    if (metaRaw === undefined || metaRaw === null || typeof metaRaw !== 'object' || Array.isArray(metaRaw)) {
-        errors.push({
-            path: 'meta',
-            message: "Field 'meta' must be a non-null, non-array object",
-            expected: 'object',
-            actual: metaRaw === undefined ? 'undefined' : metaRaw === null ? 'null' : Array.isArray(metaRaw) ? 'array' : typeof metaRaw,
-        });
-    }
-    // Detect version from meta.version if present
-    let detectedVersion;
-    if (metaRaw !== undefined && metaRaw !== null && typeof metaRaw === 'object' && !Array.isArray(metaRaw)) {
-        const meta = metaRaw;
-        const versionRaw = meta['version'];
-        if (versionRaw !== undefined && versionRaw !== null && typeof versionRaw === 'object') {
-            const v = versionRaw;
-            const allNumeric = typeof v['major'] === 'number' &&
-                typeof v['minor'] === 'number' &&
-                typeof v['patch'] === 'number';
-            if (allNumeric) {
-                detectedVersion = {
-                    major: v['major'],
-                    minor: v['minor'],
-                    patch: v['patch'],
-                };
-            }
-            else {
-                let actualStr;
-                try {
-                    actualStr = JSON.stringify(versionRaw);
-                }
-                catch {
-                    actualStr = String(versionRaw);
-                }
-                errors.push({
-                    path: 'meta.version',
-                    message: "Field 'meta.version' must have numeric major, minor, patch components",
-                    expected: '{ major: number, minor: number, patch: number }',
-                    actual: actualStr,
-                });
-            }
-        }
-    }
-    return {
-        valid: errors.length === 0,
-        errors,
-        version: detectedVersion,
-    };
-}

package/dist/_internal/platform/runtime/contracts/version.d.ts DELETED Viewed

@@ -1,84 +0,0 @@
-/**
- * Compatibility Contracts — Current Schema Versions
- *
- * Declares the authoritative current schema version for each versioned domain.
- * Bump these when making structural changes to the corresponding schema.
- *
- * @module contracts/version
- */
-/**
- * Current schema versions for all versioned runtime domains.
- *
- * Rules for bumping:
- * - Bump `major` when the change is breaking (requires migration)
- * - Bump `minor` when adding optional fields (additive, backward-compatible)
- * - Bump `patch` for non-structural documentation or annotation changes
- */
-export declare const SCHEMA_VERSIONS: {
-    /** Top-level RuntimeState snapshot schema. */
-    readonly runtimeState: {
-        readonly major: 1;
-        readonly minor: 0;
-        readonly patch: 0;
-    };
-    /** RuntimeEventEnvelope schema for event persistence and replay. */
-    readonly eventEnvelope: {
-        readonly major: 1;
-        readonly minor: 1;
-        readonly patch: 0;
-    };
-    /** Session persistence format (messages + meta). */
-    readonly session: {
-        readonly major: 1;
-        readonly minor: 0;
-        readonly patch: 0;
-    };
-    /** Plugin manifest and capability descriptor schema. */
-    readonly pluginManifest: {
-        readonly major: 1;
-        readonly minor: 0;
-        readonly patch: 0;
-    };
-    /** RuntimeTask record schema used in task domain persistence. */
-    readonly taskRecord: {
-        readonly major: 1;
-        readonly minor: 0;
-        readonly patch: 0;
-    };
-};
-/**
- * The minimum schema version supported for migration for each domain.
- *
- * Data older than this version cannot be migrated and must be discarded
- * or re-initialized. This is updated when old migration steps are pruned.
- */
-export declare const MIN_SUPPORTED_VERSIONS: {
-    readonly runtimeState: {
-        readonly major: 1;
-        readonly minor: 0;
-        readonly patch: 0;
-    };
-    readonly eventEnvelope: {
-        readonly major: 1;
-        readonly minor: 0;
-        readonly patch: 0;
-    };
-    readonly session: {
-        readonly major: 1;
-        readonly minor: 0;
-        readonly patch: 0;
-    };
-    readonly pluginManifest: {
-        readonly major: 1;
-        readonly minor: 0;
-        readonly patch: 0;
-    };
-    readonly taskRecord: {
-        readonly major: 1;
-        readonly minor: 0;
-        readonly patch: 0;
-    };
-};
-/** Union of all known contract names. */
-export type ContractName = keyof typeof SCHEMA_VERSIONS;
-//# sourceMappingURL=version.d.ts.map

package/dist/_internal/platform/runtime/contracts/version.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../../../../src/_internal/platform/runtime/contracts/version.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe;IAC1B,8CAA8C;;;;;;IAE9C,oEAAoE;;;;;;IAEpE,oDAAoD;;;;;;IAEpD,wDAAwD;;;;;;IAExD,iEAAiE;;;;;;CAEzD,CAAC;AAEX;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;CAMzB,CAAC;AAEX,yCAAyC;AACzC,MAAM,MAAM,YAAY,GAAG,MAAM,OAAO,eAAe,CAAC"}

package/dist/_internal/platform/runtime/contracts/version.js DELETED Viewed

@@ -1,41 +0,0 @@
-/**
- * Compatibility Contracts — Current Schema Versions
- *
- * Declares the authoritative current schema version for each versioned domain.
- * Bump these when making structural changes to the corresponding schema.
- *
- * @module contracts/version
- */
-/**
- * Current schema versions for all versioned runtime domains.
- *
- * Rules for bumping:
- * - Bump `major` when the change is breaking (requires migration)
- * - Bump `minor` when adding optional fields (additive, backward-compatible)
- * - Bump `patch` for non-structural documentation or annotation changes
- */
-export const SCHEMA_VERSIONS = {
-    /** Top-level RuntimeState snapshot schema. */
-    runtimeState: { major: 1, minor: 0, patch: 0 },
-    /** RuntimeEventEnvelope schema for event persistence and replay. */
-    eventEnvelope: { major: 1, minor: 1, patch: 0 },
-    /** Session persistence format (messages + meta). */
-    session: { major: 1, minor: 0, patch: 0 },
-    /** Plugin manifest and capability descriptor schema. */
-    pluginManifest: { major: 1, minor: 0, patch: 0 },
-    /** RuntimeTask record schema used in task domain persistence. */
-    taskRecord: { major: 1, minor: 0, patch: 0 },
-};
-/**
- * The minimum schema version supported for migration for each domain.
- *
- * Data older than this version cannot be migrated and must be discarded
- * or re-initialized. This is updated when old migration steps are pruned.
- */
-export const MIN_SUPPORTED_VERSIONS = {
-    runtimeState: { major: 1, minor: 0, patch: 0 },
-    eventEnvelope: { major: 1, minor: 0, patch: 0 },
-    session: { major: 1, minor: 0, patch: 0 },
-    pluginManifest: { major: 1, minor: 0, patch: 0 },
-    taskRecord: { major: 1, minor: 0, patch: 0 },
-};

package/scripts/postinstall-patch-minimatch.mjs DELETED Viewed

@@ -1,285 +0,0 @@
-#!/usr/bin/env node
-/**
- * postinstall-patch-minimatch.mjs
- *
- * Upgrades vulnerable minimatch transitive installs in consumer node_modules.
- *
- * Context: bash-language-server@5.6.0 hard-pins editorconfig@2.0.1, which
- * hard-pins minimatch@10.0.1. npm/bun ignore overrides fields in published
- * packages, so the root overrides in this SDK cannot fix consumer trees.
- * This postinstall patcher reaches into the consumer's node_modules and
- * upgrades any minimatch in the vulnerable range >=10.0.0 <10.2.3 in place.
- *
- * Advisory IDs addressed:
- *   GHSA-3ppc-4f35-3m26, GHSA-7r86-cg39-jmmj, GHSA-23c5-xmqv-rm74
- *
- * Node stdlib only. No third-party dependencies. Requires Node 18+.
- */
-import { createGunzip } from 'node:zlib';
-import {
-  existsSync,
-  mkdirSync,
-  readdirSync,
-  readFileSync,
-  writeFileSync,
-} from 'node:fs';
-import { dirname, join, relative } from 'node:path';
-const PATCH_VERSION = '10.2.5';
-const REGISTRY_URL = `https://registry.npmjs.org/minimatch/-/minimatch-${PATCH_VERSION}.tgz`;
-/**
- * Parse semver string into major/minor/patch integers.
- * @param {string} v
- * @returns {{ major: number, minor: number, patch: number } | null}
- */
-function parseVersion(v) {
-  const m = /^(\d+)\.(\d+)\.(\d+)/.exec(v);
-  if (!m) return null;
-  return {
-    major: parseInt(m[1], 10),
-    minor: parseInt(m[2], 10),
-    patch: parseInt(m[3], 10),
-  };
-}
-/**
- * Returns true if version is in the vulnerable range: >=10.0.0 <10.2.3
- * @param {string} v
- * @returns {boolean}
- */
-function isVulnerable(v) {
-  const p = parseVersion(v);
-  if (!p) return false;
-  if (p.major !== 10) return false;
-  if (p.minor < 2) return true;
-  if (p.minor === 2 && p.patch < 3) return true;
-  return false;
-}
-/**
- * Minimal synchronous tar extractor. Handles ustar-compatible archives.
- * Supports regular files and directories. Strips the leading "package/"
- * prefix that npm tarballs use.
- *
- * @param {Buffer} tarball - raw (already gunzip-decoded) tar data
- * @param {string} destDir - destination directory (the minimatch package root)
- */
-function extractTar(tarball, destDir) {
-  const BLOCK = 512;
-  let offset = 0;
-  while (offset + BLOCK <= tarball.length) {
-    const header = tarball.subarray(offset, offset + BLOCK);
-    offset += BLOCK;
-    // End-of-archive: two consecutive zero blocks.
-    if (header.every((b) => b === 0)) break;
-    const nameRaw = header.subarray(0, 100).toString('utf8').replace(/\0.*$/, '');
-    if (!nameRaw) break;
-    const prefixRaw = header.subarray(345, 500).toString('utf8').replace(/\0.*$/, '');
-    const fullName = prefixRaw ? `${prefixRaw}/${nameRaw}` : nameRaw;
-    const sizeOctal = header.subarray(124, 136).toString('utf8').replace(/\0.*$/, '').trim();
-    const size = parseInt(sizeOctal, 8) || 0;
-    const typeFlag = String.fromCharCode(header[156]);
-    const isDir = typeFlag === '5';
-    const isFile = typeFlag === '0' || typeFlag === '\0';
-    const blocks = Math.ceil(size / BLOCK);
-    const fileData = isFile ? tarball.subarray(offset, offset + size) : null;
-    offset += blocks * BLOCK;
-    // Strip leading "package/" prefix (npm tarballs use "package/" as root).
-    let relPath = fullName;
-    if (relPath.startsWith('package/')) {
-      relPath = relPath.slice('package/'.length);
-    } else if (relPath === 'package') {
-      continue;
-    }
-    // Safety: reject absolute paths and path traversal.
-    if (!relPath || relPath.startsWith('/') || relPath.includes('..')) continue;
-    const destPath = join(destDir, relPath);
-    if (isDir || relPath.endsWith('/')) {
-      mkdirSync(destPath, { recursive: true });
-    } else if (isFile && fileData !== null) {
-      mkdirSync(dirname(destPath), { recursive: true });
-      writeFileSync(destPath, fileData);
-    }
-  }
-}
-/**
- * Download and gunzip the minimatch tgz from npm registry.
- * Returns the raw tar buffer (decompressed).
- * @returns {Promise<Buffer>}
- */
-async function fetchTarball() {
-  const resp = await fetch(REGISTRY_URL);
-  if (!resp.ok) {
-    throw new Error(`fetch ${REGISTRY_URL} → ${resp.status} ${resp.statusText}`);
-  }
-  const compressed = Buffer.from(await resp.arrayBuffer());
-  return new Promise((resolve, reject) => {
-    const gunzip = createGunzip();
-    /** @type {Buffer[]} */
-    const chunks = [];
-    gunzip.on('data', (chunk) => chunks.push(/** @type {Buffer} */ (chunk)));
-    gunzip.on('end', () => resolve(Buffer.concat(chunks)));
-    gunzip.on('error', reject);
-    gunzip.end(compressed);
-  });
-}
-/**
- * Walk node_modules and return paths to every minimatch/package.json found.
- * Covers three layouts:
- *   - flat:   node_modules/minimatch/package.json
- *   - nested: node_modules/foo/node_modules/minimatch/package.json
- *   - pnpm:   node_modules/.pnpm/minimatch@X/node_modules/minimatch/package.json
- *
- * @param {string} nodeModules - absolute path to the node_modules root
- * @returns {string[]}
- */
-function findMinimatchPaths(nodeModules) {
-  /** @type {string[]} */
-  const results = [];
-  /** @param {string} dir */
-  function scan(dir) {
-    /** @type {string[]} */
-    let entries;
-    try {
-      entries = readdirSync(dir);
-    } catch {
-      return;
-    }
-    for (const entry of entries) {
-      // Skip hidden dirs except .pnpm (pnpm virtual store).
-      if (entry.startsWith('.') && entry !== '.pnpm') continue;
-      const full = join(dir, entry);
-      if (entry === 'minimatch') {
-        const pkgJson = join(full, 'package.json');
-        if (existsSync(pkgJson)) results.push(pkgJson);
-        // Don't recurse into minimatch's own directory.
-        continue;
-      }
-      if (entry === '.pnpm') {
-        // pnpm isolated installs: .pnpm/<name@version>/node_modules/<name>
-        /** @type {string[]} */
-        let pnpmEntries;
-        try {
-          pnpmEntries = readdirSync(full);
-        } catch {
-          continue;
-        }
-        for (const pnpmEntry of pnpmEntries) {
-          // Check for minimatch directly in this pnpm store entry.
-          const pnpmMinimatch = join(full, pnpmEntry, 'node_modules', 'minimatch');
-          const pkgJson = join(pnpmMinimatch, 'package.json');
-          if (existsSync(pkgJson)) results.push(pkgJson);
-          // Also scan nested node_modules inside pnpm store entries.
-          const nested = join(full, pnpmEntry, 'node_modules');
-          if (existsSync(nested)) scan(nested);
-        }
-        continue;
-      }
-      // Scoped namespace (@scope) — recurse one level.
-      if (entry.startsWith('@')) {
-        scan(full);
-        continue;
-      }
-      // Regular package — check for nested node_modules.
-      const nested = join(full, 'node_modules');
-      if (existsSync(nested)) scan(nested);
-    }
-  }
-  scan(nodeModules);
-  return results;
-}
-async function main() {
-  // npm sets INIT_CWD to the consumer project root during postinstall.
-  // Fallback to process.cwd() which is the package root during npm install.
-  const consumerRoot = process.env.INIT_CWD ?? process.cwd();
-  const nodeModules = join(consumerRoot, 'node_modules');
-  if (!existsSync(nodeModules)) {
-    console.log('[pellux-patch] node_modules not found, skipping minimatch patch');
-    process.exit(0);
-  }
-  /** @type {string[]} */
-  let pkgJsonPaths;
-  try {
-    pkgJsonPaths = findMinimatchPaths(nodeModules);
-  } catch (err) {
-    console.warn(
-      `[pellux-patch] warning: failed to scan node_modules: ${/** @type {Error} */ (err)?.message ?? err}`,
-    );
-    process.exit(0);
-  }
-  /** @type {Array<{ pkgJsonPath: string, version: string, dir: string }>} */
-  const vulnerable = [];
-  for (const pkgJsonPath of pkgJsonPaths) {
-    try {
-      const pkg = JSON.parse(readFileSync(pkgJsonPath, 'utf8'));
-      const ver = /** @type {string} */ (pkg.version ?? '');
-      if (isVulnerable(ver)) {
-        vulnerable.push({ pkgJsonPath, version: ver, dir: dirname(pkgJsonPath) });
-      }
-    } catch {
-      // Unreadable package.json — skip silently.
-    }
-  }
-  if (vulnerable.length === 0) {
-    console.log('[pellux-patch] no vulnerable minimatch detected');
-    process.exit(0);
-  }
-  /** @type {Buffer | null} */
-  let tarball = null;
-  for (const { pkgJsonPath, version, dir } of vulnerable) {
-    const rel = relative(consumerRoot, pkgJsonPath);
-    try {
-      if (tarball === null) {
-        tarball = await fetchTarball();
-      }
-      extractTar(tarball, dir);
-      console.log(`[pellux-patch] upgraded minimatch at ${rel}: ${version} → ${PATCH_VERSION}`);
-    } catch (err) {
-      // Never fail the consumer's install — log and continue.
-      console.warn(
-        `[pellux-patch] warning: failed to patch ${rel}: ${/** @type {Error} */ (err)?.message ?? err}`,
-      );
-    }
-  }
-}
-main().catch((err) => {
-  // Belt-and-suspenders: catch any top-level unhandled rejection and warn,
-  // never propagate — postinstall must never break a consumer install.
-  console.warn(
-    `[pellux-patch] warning: postinstall patcher encountered an error: ${/** @type {Error} */ (err)?.message ?? err}`,
-  );
-  process.exit(0);
-});