@portel/photon 1.6.1 → 1.7.0

package/dist/shared/security.d.ts

@@ -0,0 +1,79 @@
+/**
+ * Central security helpers for Photon runtime.
+ * Covers path validation, request authentication, input sanitization,
+ * rate limiting, body size limits, and security headers.
+ */
+import type { IncomingMessage, ServerResponse } from 'http';
+/**
+ * Returns true if `candidate` resolves to a location within `root`.
+ * Uses realpath-style resolution and ensures trailing separator check
+ * to prevent prefix-matching attacks (e.g. /tmp/foo vs /tmp/foobar).
+ */
+export declare function isPathWithin(candidate: string, root: string): boolean;
+/**
+ * Validates that an asset path does not contain traversal sequences
+ * or absolute path components. Returns the sanitized path or throws.
+ */
+export declare function validateAssetPath(assetPath: string): string;
+/**
+ * Returns true if the request originates from localhost.
+ */
+export declare function isLocalRequest(req: IncomingMessage): boolean;
+/**
+ * Constant-time string comparison to prevent timing attacks.
+ */
+export declare function timingSafeEqual(a: string, b: string): boolean;
+export declare function validateNpmPackageName(input: string): boolean;
+/**
+ * Validates a URL string. Returns the parsed URL or throws on invalid/dangerous input.
+ */
+export declare function validateUrl(input: string): URL;
+/**
+ * Escapes HTML special characters to prevent XSS.
+ */
+export declare function escapeHtml(str: string): string;
+/**
+ * Returns a shallow copy of `obj` with dangerous prototype-pollution keys removed.
+ * Works recursively on nested objects.
+ */
+export declare function sanitizeObject<T extends Record<string, any>>(obj: T): T;
+/**
+ * Checks if a template expression contains forbidden identifiers
+ * that could be used for code injection. Returns the forbidden token or null.
+ */
+export declare function findForbiddenIdentifier(expr: string): string | null;
+/**
+ * Reads the request body with a size limit. Rejects if the body exceeds maxBytes.
+ */
+export declare function readBody(req: IncomingMessage, maxBytes?: number): Promise<string>;
+/**
+ * Sets standard security headers on an HTTP response.
+ */
+export declare function setSecurityHeaders(res: ServerResponse): void;
+/**
+ * Simple in-memory rate limiter using a sliding window.
+ */
+export declare class SimpleRateLimiter {
+    private readonly maxRequests;
+    private readonly windowMs;
+    private windows;
+    constructor(maxRequests?: number, windowMs?: number);
+    /**
+     * Returns true if the request is allowed, false if rate-limited.
+     */
+    isAllowed(key: string): boolean;
+    /**
+     * Resets the rate limiter for a specific key or all keys.
+     */
+    reset(key?: string): void;
+}
+/**
+ * Verifies that content matches an expected SHA-256 hash.
+ */
+export declare function verifyContentHash(content: string, expectedHash: string): boolean;
+/**
+ * Scans JavaScript/TypeScript source code for dangerous patterns.
+ * Returns a list of warnings (not blocking — informational only).
+ */
+export declare function warnIfDangerous(source: string): string[];
+//# sourceMappingURL=security.d.ts.map

package/dist/shared/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/shared/security.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAI5D;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAQrE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAW3D;AAID;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAQ5D;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAQ7D;AAWD,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE7D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,GAAG,CAM9C;AAYD;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE9C;AAMD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAcvE;AAqBD;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAOnE;AAMD;;GAEG;AACH,wBAAgB,QAAQ,CACtB,GAAG,EAAE,eAAe,EACpB,QAAQ,GAAE,MAA+B,GACxC,OAAO,CAAC,MAAM,CAAC,CAuBjB;AAID;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI,CAI5D;AAID;;GAEG;AACH,qBAAa,iBAAiB;IAI1B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAJ3B,OAAO,CAAC,OAAO,CAA+B;gBAG3B,WAAW,GAAE,MAAW,EACxB,QAAQ,GAAE,MAAe;IAG5C;;OAEG;IACH,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAuB/B;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI;CAO1B;AAID;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAGhF;AAaD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAQxD"}

package/dist/shared/security.js

@@ -0,0 +1,255 @@
+/**
+ * Central security helpers for Photon runtime.
+ * Covers path validation, request authentication, input sanitization,
+ * rate limiting, body size limits, and security headers.
+ */
+import * as path from 'path';
+import * as crypto from 'crypto';
+// ─── Path Validation ────────────────────────────────────────────────
+/**
+ * Returns true if `candidate` resolves to a location within `root`.
+ * Uses realpath-style resolution and ensures trailing separator check
+ * to prevent prefix-matching attacks (e.g. /tmp/foo vs /tmp/foobar).
+ */
+export function isPathWithin(candidate, root) {
+    const resolvedCandidate = path.resolve(candidate);
+    const resolvedRoot = path.resolve(root);
+    // Exact match or starts with root + separator
+    return (resolvedCandidate === resolvedRoot ||
+        resolvedCandidate.startsWith(resolvedRoot + path.sep));
+}
+/**
+ * Validates that an asset path does not contain traversal sequences
+ * or absolute path components. Returns the sanitized path or throws.
+ */
+export function validateAssetPath(assetPath) {
+    // Reject absolute paths
+    if (path.isAbsolute(assetPath)) {
+        throw new Error(`Absolute asset paths are not allowed: ${assetPath}`);
+    }
+    // Reject path traversal
+    const normalized = path.normalize(assetPath);
+    if (normalized.startsWith('..') || normalized.includes(`..${path.sep}`)) {
+        throw new Error(`Path traversal detected in asset path: ${assetPath}`);
+    }
+    return normalized;
+}
+// ─── Request Authentication ─────────────────────────────────────────
+/**
+ * Returns true if the request originates from localhost.
+ */
+export function isLocalRequest(req) {
+    const addr = req.socket?.remoteAddress;
+    if (!addr)
+        return false;
+    return (addr === '127.0.0.1' ||
+        addr === '::1' ||
+        addr === '::ffff:127.0.0.1');
+}
+/**
+ * Constant-time string comparison to prevent timing attacks.
+ */
+export function timingSafeEqual(a, b) {
+    if (a.length !== b.length) {
+        // Still do a comparison to avoid short-circuiting leaking length info
+        const buf = Buffer.from(a);
+        crypto.timingSafeEqual(buf, buf);
+        return false;
+    }
+    return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+}
+// ─── Input Validation ───────────────────────────────────────────────
+/**
+ * Validates an npm package name. Allows scoped packages and optional version specifier.
+ * Rejects any input that could be used for command injection.
+ */
+const NPM_PACKAGE_NAME_RE = /^(@[a-z0-9\-~][a-z0-9\-._~]*\/)?[a-z0-9\-~][a-z0-9\-._~]*(@[a-z0-9\-._^~>=<| ]+)?$/;
+export function validateNpmPackageName(input) {
+    return NPM_PACKAGE_NAME_RE.test(input);
+}
+/**
+ * Validates a URL string. Returns the parsed URL or throws on invalid/dangerous input.
+ */
+export function validateUrl(input) {
+    const url = new URL(input);
+    if (!['http:', 'https:'].includes(url.protocol)) {
+        throw new Error(`Invalid URL protocol: ${url.protocol}`);
+    }
+    return url;
+}
+// ─── HTML / XSS Prevention ──────────────────────────────────────────
+const HTML_ESCAPE_MAP = {
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#39;',
+};
+/**
+ * Escapes HTML special characters to prevent XSS.
+ */
+export function escapeHtml(str) {
+    return str.replace(/[&<>"']/g, (ch) => HTML_ESCAPE_MAP[ch]);
+}
+// ─── Prototype Pollution Prevention ─────────────────────────────────
+const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+/**
+ * Returns a shallow copy of `obj` with dangerous prototype-pollution keys removed.
+ * Works recursively on nested objects.
+ */
+export function sanitizeObject(obj) {
+    if (obj === null || typeof obj !== 'object' || Array.isArray(obj)) {
+        return obj;
+    }
+    const result = {};
+    for (const key of Object.keys(obj)) {
+        if (DANGEROUS_KEYS.has(key))
+            continue;
+        const val = obj[key];
+        result[key] = val !== null && typeof val === 'object' && !Array.isArray(val)
+            ? sanitizeObject(val)
+            : val;
+    }
+    return result;
+}
+// ─── Template Safety ────────────────────────────────────────────────
+const FORBIDDEN_IDENTIFIERS = new Set([
+    'process',
+    'require',
+    'eval',
+    'Function',
+    'globalThis',
+    'global',
+    'import',
+    'module',
+    'exports',
+    'child_process',
+    'execSync',
+    'exec',
+    'spawn',
+    'spawnSync',
+]);
+/**
+ * Checks if a template expression contains forbidden identifiers
+ * that could be used for code injection. Returns the forbidden token or null.
+ */
+export function findForbiddenIdentifier(expr) {
+    for (const id of FORBIDDEN_IDENTIFIERS) {
+        // Match as a word boundary to avoid false positives (e.g. "processing")
+        const re = new RegExp(`\\b${id}\\b`);
+        if (re.test(expr))
+            return id;
+    }
+    return null;
+}
+// ─── Body Size Limits ───────────────────────────────────────────────
+const DEFAULT_MAX_BODY_BYTES = 1024 * 1024; // 1 MB
+/**
+ * Reads the request body with a size limit. Rejects if the body exceeds maxBytes.
+ */
+export function readBody(req, maxBytes = DEFAULT_MAX_BODY_BYTES) {
+    return new Promise((resolve, reject) => {
+        let size = 0;
+        const chunks = [];
+        req.on('data', (chunk) => {
+            size += chunk.length;
+            if (size > maxBytes) {
+                req.destroy();
+                reject(new Error(`Request body too large (limit: ${maxBytes} bytes)`));
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.on('end', () => {
+            resolve(Buffer.concat(chunks).toString('utf-8'));
+        });
+        req.on('error', (err) => {
+            reject(err);
+        });
+    });
+}
+// ─── Security Headers ───────────────────────────────────────────────
+/**
+ * Sets standard security headers on an HTTP response.
+ */
+export function setSecurityHeaders(res) {
+    res.setHeader('X-Content-Type-Options', 'nosniff');
+    res.setHeader('X-Frame-Options', 'SAMEORIGIN');
+    res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
+}
+// ─── Rate Limiting ──────────────────────────────────────────────────
+/**
+ * Simple in-memory rate limiter using a sliding window.
+ */
+export class SimpleRateLimiter {
+    maxRequests;
+    windowMs;
+    windows = new Map();
+    constructor(maxRequests = 30, windowMs = 60_000) {
+        this.maxRequests = maxRequests;
+        this.windowMs = windowMs;
+    }
+    /**
+     * Returns true if the request is allowed, false if rate-limited.
+     */
+    isAllowed(key) {
+        const now = Date.now();
+        const cutoff = now - this.windowMs;
+        let timestamps = this.windows.get(key);
+        if (!timestamps) {
+            timestamps = [];
+            this.windows.set(key, timestamps);
+        }
+        // Remove expired entries
+        while (timestamps.length > 0 && timestamps[0] <= cutoff) {
+            timestamps.shift();
+        }
+        if (timestamps.length >= this.maxRequests) {
+            return false;
+        }
+        timestamps.push(now);
+        return true;
+    }
+    /**
+     * Resets the rate limiter for a specific key or all keys.
+     */
+    reset(key) {
+        if (key) {
+            this.windows.delete(key);
+        }
+        else {
+            this.windows.clear();
+        }
+    }
+}
+// ─── Content Integrity ──────────────────────────────────────────────
+/**
+ * Verifies that content matches an expected SHA-256 hash.
+ */
+export function verifyContentHash(content, expectedHash) {
+    const actual = crypto.createHash('sha256').update(content).digest('hex');
+    return timingSafeEqual(actual, expectedHash);
+}
+// ─── Dangerous Module Detection ─────────────────────────────────────
+const DANGEROUS_PATTERNS = [
+    /\brequire\s*\(\s*['"]child_process['"]\s*\)/,
+    /\bimport\s+.*['"]child_process['"]/,
+    /\beval\s*\(/,
+    /\bnew\s+Function\s*\(/,
+    /\bexecSync\s*\(/,
+    /\bspawnSync\s*\(/,
+];
+/**
+ * Scans JavaScript/TypeScript source code for dangerous patterns.
+ * Returns a list of warnings (not blocking — informational only).
+ */
+export function warnIfDangerous(source) {
+    const warnings = [];
+    for (const pattern of DANGEROUS_PATTERNS) {
+        if (pattern.test(source)) {
+            warnings.push(`Potentially dangerous pattern detected: ${pattern.source}`);
+        }
+    }
+    return warnings;
+}
+//# sourceMappingURL=security.js.map

package/dist/shared/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/shared/security.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAGjC,uEAAuE;AAEvE;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE,IAAY;IAC1D,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACxC,8CAA8C;IAC9C,OAAO,CACL,iBAAiB,KAAK,YAAY;QAClC,iBAAiB,CAAC,UAAU,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CACtD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,wBAAwB;IACxB,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,yCAAyC,SAAS,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,wBAAwB;IACxB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAC7C,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,KAAK,CAAC,0CAA0C,SAAS,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,uEAAuE;AAEvE;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,GAAoB;IACjD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC;IACvC,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,OAAO,CACL,IAAI,KAAK,WAAW;QACpB,IAAI,KAAK,KAAK;QACd,IAAI,KAAK,kBAAkB,CAC5B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,CAAS,EAAE,CAAS;IAClD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,sEAAsE;QACtE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,uEAAuE;AAEvE;;;GAGG;AACH,MAAM,mBAAmB,GACvB,oFAAoF,CAAC;AAEvF,MAAM,UAAU,sBAAsB,CAAC,KAAa;IAClD,OAAO,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3B,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,uEAAuE;AAEvE,MAAM,eAAe,GAA2B;IAC9C,GAAG,EAAE,OAAO;IACZ,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,OAAO;CACb,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED,uEAAuE;AAEvE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC;AAE1E;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAgC,GAAM;IAClE,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAClE,OAAO,GAAG,CAAC;IACb,CAAC;IAED,MAAM,MAAM,GAAwB,EAAE,CAAC;IACvC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACtC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;YAC1E,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC;YACrB,CAAC,CAAC,GAAG,CAAC;IACV,CAAC;IACD,OAAO,MAAW,CAAC;AACrB,CAAC;AAED,uEAAuE;AAEvE,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,SAAS;IACT,SAAS;IACT,MAAM;IACN,UAAU;IACV,YAAY;IACZ,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,eAAe;IACf,UAAU;IACV,MAAM;IACN,OAAO;IACP,WAAW;CACZ,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAY;IAClD,KAAK,MAAM,EAAE,IAAI,qBAAqB,EAAE,CAAC;QACvC,wEAAwE;QACxE,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACrC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAC;IAC/B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uEAAuE;AAEvE,MAAM,sBAAsB,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAEnD;;GAEG;AACH,MAAM,UAAU,QAAQ,CACtB,GAAoB,EACpB,WAAmB,sBAAsB;IAEzC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,IAAI,IAAI,KAAK,CAAC,MAAM,CAAC;YACrB,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;gBACpB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,kCAAkC,QAAQ,SAAS,CAAC,CAAC,CAAC;gBACvE,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACtB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,uEAAuE;AAEvE;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAmB;IACpD,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAC;IACnD,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;IAC/C,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,iCAAiC,CAAC,CAAC;AACtE,CAAC;AAED,uEAAuE;AAEvE;;GAEG;AACH,MAAM,OAAO,iBAAiB;IAIT;IACA;IAJX,OAAO,GAAG,IAAI,GAAG,EAAoB,CAAC;IAE9C,YACmB,cAAsB,EAAE,EACxB,WAAmB,MAAM;QADzB,gBAAW,GAAX,WAAW,CAAa;QACxB,aAAQ,GAAR,QAAQ,CAAiB;IACzC,CAAC;IAEJ;;OAEG;IACH,SAAS,CAAC,GAAW;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QAEnC,IAAI,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,UAAU,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACpC,CAAC;QAED,yBAAyB;QACzB,OAAO,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC;YACxD,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAY;QAChB,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;CACF;AAED,uEAAuE;AAEvE;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe,EAAE,YAAoB;IACrE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzE,OAAO,eAAe,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;AAC/C,CAAC;AAED,uEAAuE;AAEvE,MAAM,kBAAkB,GAAG;IACzB,6CAA6C;IAC7C,oCAAoC;IACpC,aAAa;IACb,uBAAuB;IACvB,iBAAiB;IACjB,kBAAkB;CACnB,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC,2CAA2C,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/template-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"template-manager.d.ts","sourceRoot":"","sources":["../src/template-manager.ts"],"names":[],"mappings":"AAgBA;;;;;GAKG;AACH,qBAAa,eAAe;IAQd,OAAO,CAAC,UAAU;IAP9B,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAS;IAGzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAW;gBAE/B,UAAU,EAAE,MAAM;IAMtC;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAetC;;OAEG;IACG,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlE;;OAEG;IACG,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAWtE;;;;;;OAMG;IACH,OAAO,CAAC,MAAM;IAiCd;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IA8CxB;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAWtB;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IA6BzB,OAAO,CAAC,UAAU;IAWlB,OAAO,CAAC,mBAAmB;IAgB3B;;OAEG;YACW,cAAc;IAqD5B;;OAEG;YACW,UAAU;IAaxB;;OAEG;YACW,UAAU;IAIxB;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAqQhC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAsFjC"}
+{"version":3,"file":"template-manager.d.ts","sourceRoot":"","sources":["../src/template-manager.ts"],"names":[],"mappings":"AAiBA;;;;;GAKG;AACH,qBAAa,eAAe;IAQd,OAAO,CAAC,UAAU;IAP9B,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAS;IAGzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAW;gBAE/B,UAAU,EAAE,MAAM;IAMtC;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAetC;;OAEG;IACG,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlE;;OAEG;IACG,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAWtE;;;;;;OAMG;IACH,OAAO,CAAC,MAAM;IAmCd;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IA8CxB;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAoBtB;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IA6BzB,OAAO,CAAC,UAAU;IAclB,OAAO,CAAC,mBAAmB;IAmB3B;;OAEG;YACW,cAAc;IAqD5B;;OAEG;YACW,UAAU;IAaxB;;OAEG;YACW,UAAU;IAIxB;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAqQhC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAsFjC"}

package/dist/template-manager.js

@@ -3,6 +3,7 @@ import * as fs from 'fs/promises';
 import * as path from 'path';
 import * as crypto from 'crypto';
 import { logger } from './shared/logger.js';
+import { findForbiddenIdentifier } from './shared/security.js';
 /**
  * Manages marketplace documentation templates
  *
@@ -144,11 +145,17 @@ export class TemplateManager {
      * raw backticks, escaped backticks are \`, interpolations are ${...}).
      */
     evalExpression(expr, context) {
+        // Security: block dangerous identifiers in template expressions
+        const forbidden = findForbiddenIdentifier(expr);
+        if (forbidden) {
+            throw new Error(`Forbidden identifier "${forbidden}" in template expression`);
+        }
         const keys = Object.keys(context);
-        const values = keys.map(k => context[k]);
+        const values = keys.map((k) => context[k]);
         try {
-            const fn = new Function(...keys, 'return (' + expr + ')');
-            return fn(...values);
+            // Shadow dangerous globals to prevent access even if identifiers sneak through
+            const fn = new Function(...keys, 'process', 'require', 'globalThis', 'global', 'return (' + expr + ')');
+            return fn(...values, undefined, undefined, undefined, undefined);
         }
         catch (error) {
             throw new Error(`${error.message}\n  Expression: ${expr.length > 200 ? expr.substring(0, 200) + '...' : expr}`);

package/dist/template-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"template-manager.js","sourceRoot":"","sources":["../src/template-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAChC,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAY5C;;;;;GAKG;AACH,MAAM,OAAO,eAAe;IAQN;IAPZ,cAAc,CAAS;IACvB,WAAW,CAAS;IACpB,QAAQ,CAAS;IAEzB,kEAAkE;IAC1D,MAAM,CAAU,gBAAgB,GAAG,OAAO,CAAC;IAEnD,YAAoB,UAAkB;QAAlB,eAAU,GAAV,UAAU,CAAQ;QACpC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC5D,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,uBAAuB,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,qBAAqB;QACrB,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtD,mCAAmC;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAEvC,iCAAiC;QACjC,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,IAAI,CAAC,wBAAwB,EAAE,EAAE,MAAM,CAAC,CAAC;QAChF,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,IAAI,CAAC,wBAAwB,EAAE,EAAE,MAAM,CAAC,CAAC;QAEhF,sBAAsB;QACtB,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CAAC,YAAoB;QAC7C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC,YAAY,CAAC,EAAE,UAAU,IAAI,KAAK,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,YAAoB,EAAE,IAAS;QAClD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QAE/D,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,uBAAuB,YAAY,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACrC,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,QAAgB,EAAE,IAAS;QACxC,MAAM,OAAO,GAAG;YACd,IAAI,EAAE,CAAI,KAAU,EAAE,EAAsC,EAAU,EAAE;gBACtE,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,GAAG,EAAE,CAAC,SAAkB,EAAE,MAAc,EAAE,KAAK,GAAG,EAAE,EAAU,EAAE;gBAC9D,OAAO,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YACpC,CAAC;YACD,QAAQ,EAAE,CAAC,KAAU,EAAE,YAAiB,EAAO,EAAE;gBAC/C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC;YACtF,CAAC;YACD,UAAU,EAAE,CAAC,IAAY,EAAE,YAAoB,EAAU,EAAE;gBACzD,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC9B,CAAC;gBACD,OAAO,YAAY;qBAChB,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;qBAC3D,IAAI,CAAC,GAAG,CAAC,CAAC;YACf,CAAC;YACD,SAAS,EAAE,CAAC,IAAY,EAAU,EAAE;gBAClC,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAC9E,CAAC;SACF,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,OAAO,GAAwB,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,CAAC,OAAO,qBAAqB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,gBAAgB,CAAC,QAAgB,EAAE,OAA4B;QACrE,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,CAAC,GAAG,CAAC,CAAC;QAEV,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC3B,2CAA2C;YAC3C,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC7B,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBAClD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAClB,CAAC,IAAI,CAAC,CAAC;oBACP,SAAS;gBACX,CAAC;gBACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;oBACjB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAClB,CAAC,IAAI,CAAC,CAAC;oBACP,SAAS;gBACX,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzB,CAAC,EAAE,CAAC;gBACJ,SAAS;YACX,CAAC;YAED,8BAA8B;YAC9B,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC9E,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,CAAC;gBACxB,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;gBAC5D,IAAI,OAAO,KAAK,CAAC,CAAC,EAAE,CAAC;oBACnB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;oBACzB,CAAC,EAAE,CAAC;oBACJ,SAAS;gBACX,CAAC;gBACD,MAAM,OAAO,GAAG,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBACvD,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACpD,MAAM,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBACxE,CAAC,GAAG,OAAO,GAAG,CAAC,CAAC;gBAChB,SAAS;YACX,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACzB,CAAC,EAAE,CAAC;QACN,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACK,cAAc,CAAC,IAAY,EAAE,OAA4B;QAC/D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,GAAG,IAAI,EAAE,UAAU,GAAG,IAAI,GAAG,GAAG,CAAC,CAAC;YAC1D,OAAO,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,CAAC,OAAO,mBAAmB,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAClH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,iBAAiB,CAAC,GAAW,EAAE,KAAa;QAClD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,GAAG,KAAK,CAAC;QAEd,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACnC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YAClB,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBAC7B,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBAC5B,SAAS;YACX,CAAC;YACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACf,CAAC,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBACrC,SAAS;YACX,CAAC;YACD,IAAI,EAAE,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;gBACtC,CAAC,IAAI,CAAC,CAAC;gBACP,SAAS;YACX,CAAC;YACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACf,KAAK,EAAE,CAAC;YACV,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACtB,KAAK,EAAE,CAAC;gBACR,IAAI,KAAK,KAAK,CAAC;oBAAE,OAAO,CAAC,CAAC;YAC5B,CAAC;YACD,CAAC,EAAE,CAAC;QACN,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;IACZ,CAAC;IAEO,UAAU,CAAC,GAAW,EAAE,KAAa;QAC3C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;QAClB,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;YACtB,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC1C,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,KAAK;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACnC,CAAC,EAAE,CAAC;QACN,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAEO,mBAAmB,CAAC,GAAW,EAAE,KAAa;QACpD,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;QAClB,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;YACtB,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC1C,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC/D,CAAC,IAAI,CAAC,CAAC;gBACP,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBAC3C,IAAI,GAAG,KAAK,CAAC,CAAC;oBAAE,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;gBAC5B,SAAS;YACX,CAAC;YACD,CAAC,EAAE,CAAC;QACN,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAC1B,IAAY,EACZ,cAAsB,EACtB,MAAsB;QAEtB,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACvD,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;QAEvD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9B,qCAAqC;YACrC,MAAM,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;YAC1D,MAAM,CAAC,IAAI,CAAC,GAAG;gBACb,OAAO,EAAE,eAAe,CAAC,gBAAgB;gBACzC,IAAI,EAAE,WAAW;gBACjB,UAAU,EAAE,KAAK;aAClB,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,kCAAkC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,MAAM,cAAc,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YAChE,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;YACvD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;YAE7B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,sCAAsC;gBACtC,MAAM,CAAC,IAAI,CAAC,GAAG;oBACb,OAAO,EAAE,eAAe,CAAC,gBAAgB;oBACzC,IAAI,EAAE,WAAW;oBACjB,UAAU,EAAE,IAAI;iBACjB,CAAC;YACJ,CAAC;iBAAM,IAAI,WAAW,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;gBACxC,2BAA2B;gBAC3B,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,WAAW,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;oBACxD,6DAA6D;oBAC7D,MAAM,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;oBAC1D,MAAM,CAAC,IAAI,CAAC,GAAG;wBACb,OAAO,EAAE,eAAe,CAAC,gBAAgB;wBACzC,IAAI,EAAE,WAAW;wBACjB,UAAU,EAAE,KAAK;qBAClB,CAAC;oBACF,MAAM,CAAC,IAAI,CAAC,kCAAkC,IAAI,gBAAgB,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,oCAAoC;gBACpC,MAAM,CAAC,IAAI,CAAC,GAAG;oBACb,GAAG,OAAO;oBACV,IAAI,EAAE,WAAW;oBACjB,UAAU,EAAE,IAAI;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,MAAsB;QAC7C,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAC9E,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,OAAe;QACnC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACK,wBAAwB;QAC9B,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiQV,CAAC;IACA,CAAC;IAED;;OAEG;IACK,wBAAwB;QAC9B,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmFV,CAAC;IACA,CAAC"}
+{"version":3,"file":"template-manager.js","sourceRoot":"","sources":["../src/template-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAChC,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAY/D;;;;;GAKG;AACH,MAAM,OAAO,eAAe;IAQN;IAPZ,cAAc,CAAS;IACvB,WAAW,CAAS;IACpB,QAAQ,CAAS;IAEzB,kEAAkE;IAC1D,MAAM,CAAU,gBAAgB,GAAG,OAAO,CAAC;IAEnD,YAAoB,UAAkB;QAAlB,eAAU,GAAV,UAAU,CAAQ;QACpC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC5D,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,uBAAuB,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,qBAAqB;QACrB,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtD,mCAAmC;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAEvC,iCAAiC;QACjC,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,IAAI,CAAC,wBAAwB,EAAE,EAAE,MAAM,CAAC,CAAC;QAChF,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,IAAI,CAAC,wBAAwB,EAAE,EAAE,MAAM,CAAC,CAAC;QAEhF,sBAAsB;QACtB,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CAAC,YAAoB;QAC7C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC,YAAY,CAAC,EAAE,UAAU,IAAI,KAAK,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,YAAoB,EAAE,IAAS;QAClD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QAE/D,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,uBAAuB,YAAY,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACrC,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,QAAgB,EAAE,IAAS;QACxC,MAAM,OAAO,GAAG;YACd,IAAI,EAAE,CAAI,KAAU,EAAE,EAAsC,EAAU,EAAE;gBACtE,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,GAAG,EAAE,CAAC,SAAkB,EAAE,MAAc,EAAE,KAAK,GAAG,EAAE,EAAU,EAAE;gBAC9D,OAAO,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YACpC,CAAC;YACD,QAAQ,EAAE,CAAC,KAAU,EAAE,YAAiB,EAAO,EAAE;gBAC/C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC;YACtF,CAAC;YACD,UAAU,EAAE,CAAC,IAAY,EAAE,YAAoB,EAAU,EAAE;gBACzD,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC9B,CAAC;gBACD,OAAO,YAAY;qBAChB,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;qBAC3D,IAAI,CAAC,GAAG,CAAC,CAAC;YACf,CAAC;YACD,SAAS,EAAE,CAAC,IAAY,EAAU,EAAE;gBAClC,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAC9E,CAAC;SACF,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,OAAO,GAAwB,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CACb,6BAA6B,KAAK,CAAC,OAAO,qBAAqB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC9F,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,gBAAgB,CAAC,QAAgB,EAAE,OAA4B;QACrE,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,CAAC,GAAG,CAAC,CAAC;QAEV,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC3B,2CAA2C;YAC3C,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC7B,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBAClD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAClB,CAAC,IAAI,CAAC,CAAC;oBACP,SAAS;gBACX,CAAC;gBACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;oBACjB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAClB,CAAC,IAAI,CAAC,CAAC;oBACP,SAAS;gBACX,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzB,CAAC,EAAE,CAAC;gBACJ,SAAS;YACX,CAAC;YAED,8BAA8B;YAC9B,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC9E,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,CAAC;gBACxB,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;gBAC5D,IAAI,OAAO,KAAK,CAAC,CAAC,EAAE,CAAC;oBACnB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;oBACzB,CAAC,EAAE,CAAC;oBACJ,SAAS;gBACX,CAAC;gBACD,MAAM,OAAO,GAAG,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBACvD,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACpD,MAAM,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBACxE,CAAC,GAAG,OAAO,GAAG,CAAC,CAAC;gBAChB,SAAS;YACX,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACzB,CAAC,EAAE,CAAC;QACN,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACK,cAAc,CAAC,IAAY,EAAE,OAA4B;QAC/D,gEAAgE;QAChE,MAAM,SAAS,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAChD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,yBAAyB,SAAS,0BAA0B,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAI,CAAC;YACH,+EAA+E;YAC/E,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,GAAG,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,GAAG,IAAI,GAAG,GAAG,CAAC,CAAC;YACxG,OAAO,EAAE,CAAC,GAAG,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACnE,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,CAAC,OAAO,mBAAmB,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAC/F,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,iBAAiB,CAAC,GAAW,EAAE,KAAa;QAClD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,GAAG,KAAK,CAAC;QAEd,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACnC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YAClB,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBAC7B,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBAC5B,SAAS;YACX,CAAC;YACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACf,CAAC,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBACrC,SAAS;YACX,CAAC;YACD,IAAI,EAAE,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;gBACtC,CAAC,IAAI,CAAC,CAAC;gBACP,SAAS;YACX,CAAC;YACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACf,KAAK,EAAE,CAAC;YACV,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACtB,KAAK,EAAE,CAAC;gBACR,IAAI,KAAK,KAAK,CAAC;oBAAE,OAAO,CAAC,CAAC;YAC5B,CAAC;YACD,CAAC,EAAE,CAAC;QACN,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;IACZ,CAAC;IAEO,UAAU,CAAC,GAAW,EAAE,KAAa;QAC3C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;QAClB,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;YACtB,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACpB,CAAC,IAAI,CAAC,CAAC;gBACP,SAAS;YACX,CAAC;YACD,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,KAAK;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACnC,CAAC,EAAE,CAAC;QACN,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAEO,mBAAmB,CAAC,GAAW,EAAE,KAAa;QACpD,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;QAClB,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;YACtB,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACpB,CAAC,IAAI,CAAC,CAAC;gBACP,SAAS;YACX,CAAC;YACD,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC/D,CAAC,IAAI,CAAC,CAAC;gBACP,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBAC3C,IAAI,GAAG,KAAK,CAAC,CAAC;oBAAE,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;gBAC5B,SAAS;YACX,CAAC;YACD,CAAC,EAAE,CAAC;QACN,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAC1B,IAAY,EACZ,cAAsB,EACtB,MAAsB;QAEtB,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACvD,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;QAEvD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9B,qCAAqC;YACrC,MAAM,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;YAC1D,MAAM,CAAC,IAAI,CAAC,GAAG;gBACb,OAAO,EAAE,eAAe,CAAC,gBAAgB;gBACzC,IAAI,EAAE,WAAW;gBACjB,UAAU,EAAE,KAAK;aAClB,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,kCAAkC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,MAAM,cAAc,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YAChE,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;YACvD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;YAE7B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,sCAAsC;gBACtC,MAAM,CAAC,IAAI,CAAC,GAAG;oBACb,OAAO,EAAE,eAAe,CAAC,gBAAgB;oBACzC,IAAI,EAAE,WAAW;oBACjB,UAAU,EAAE,IAAI;iBACjB,CAAC;YACJ,CAAC;iBAAM,IAAI,WAAW,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;gBACxC,2BAA2B;gBAC3B,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,WAAW,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;oBACxD,6DAA6D;oBAC7D,MAAM,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;oBAC1D,MAAM,CAAC,IAAI,CAAC,GAAG;wBACb,OAAO,EAAE,eAAe,CAAC,gBAAgB;wBACzC,IAAI,EAAE,WAAW;wBACjB,UAAU,EAAE,KAAK;qBAClB,CAAC;oBACF,MAAM,CAAC,IAAI,CAAC,kCAAkC,IAAI,gBAAgB,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,oCAAoC;gBACpC,MAAM,CAAC,IAAI,CAAC,GAAG;oBACb,GAAG,OAAO;oBACV,IAAI,EAAE,WAAW;oBACjB,UAAU,EAAE,IAAI;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,MAAsB;QAC7C,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAC9E,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,OAAe;QACnC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACK,wBAAwB;QAC9B,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiQV,CAAC;IACA,CAAC;IAED;;OAEG;IACK,wBAAwB;QAC9B,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmFV,CAAC;IACA,CAAC"}

package/dist/version.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,cAAc,EAAE,MAAoB,CAAC;AAClD,eAAO,MAAM,mBAAmB,EAAE,MAAuE,CAAC;AAE1G;;;;;GAKG;AACH,wBAAgB,4BAA4B,IAAI,MAAM,CAOrD"}
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,cAAc,EAAE,MAAoB,CAAC;AAClD,eAAO,MAAM,mBAAmB,EAAE,MAC8B,CAAC;AAEjE;;;;;GAKG;AACH,wBAAgB,4BAA4B,IAAI,MAAM,CAOrD"}

package/dist/version.js.map

@@ -1 +1 @@
-{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAEvC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,MAAM,CAAC,MAAM,cAAc,GAAW,GAAG,CAAC,OAAO,CAAC;AAClD,MAAM,CAAC,MAAM,mBAAmB,GAAW,GAAG,CAAC,YAAY,EAAE,CAAC,qBAAqB,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;AAE1G;;;;;GAKG;AACH,MAAM,UAAU,4BAA4B;IAC1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAC5D,OAAO,OAAO,CAAC,OAAO,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,mBAAmB,CAAC,CAAC,oBAAoB;IAClD,CAAC;AACH,CAAC"}
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAEvC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,MAAM,CAAC,MAAM,cAAc,GAAW,GAAG,CAAC,OAAO,CAAC;AAClD,MAAM,CAAC,MAAM,mBAAmB,GAC9B,GAAG,CAAC,YAAY,EAAE,CAAC,qBAAqB,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;AAEjE;;;;;GAKG;AACH,MAAM,UAAU,4BAA4B;IAC1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,OAAO,CAAC,kCAAkC,CAAC,CAAC;QAC5D,OAAO,OAAO,CAAC,OAAO,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,mBAAmB,CAAC,CAAC,oBAAoB;IAClD,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@portel/photon",
-  "version": "1.6.1",
+  "version": "1.7.0",
   "description": "You focus on the business logic. We'll enable the rest. Build MCP servers and CLI tools in a single TypeScript file.",
   "type": "module",
   "main": "dist/index.js",
@@ -24,7 +24,8 @@
     "dev:beam": "npm run build:beam && (tsx scripts/build-beam.ts --watch & tsx watch src/cli.ts beam)",
     "prepublishOnly": "node -e \"const p=require('./package.json'); if(JSON.stringify(p.dependencies).includes('file:')) { console.error('ERROR: file: dependency found. Update to npm version before publishing.'); process.exit(1); }\" && npm run build && npm run build:beam",
     "test": "npm run test:all",
-    "test:all": "npm run build && npm run test:schema && npm run test:marketplace && npm run test:loader && npm run test:server && npm run test:integration && npm run test:ui-resources && npm run test:zero-config && npm run test:mcp-config && npm run test:cli && npm run test:logger && npm run test:error-handler && npm run test:performance && npm run test:validation && npm run test:daemon-pubsub && npm run test:daemon-tools && npm run test:daemon-buffer && npm run test:readme",
+    "test:all": "npm run build && npm run test:security && npm run test:schema && npm run test:marketplace && npm run test:loader && npm run test:server && npm run test:integration && npm run test:ui-resources && npm run test:zero-config && npm run test:mcp-config && npm run test:cli && npm run test:logger && npm run test:error-handler && npm run test:performance && npm run test:validation && npm run test:daemon-pubsub && npm run test:daemon-tools && npm run test:daemon-buffer && npm run test:readme",
+    "test:security": "npx tsx tests/security.test.ts",
     "test:zero-config": "npx tsx tests/zero-config.test.ts",
     "test:mcp-config": "npx tsx tests/mcp-configuration.test.ts",
     "test:coverage": "npm run build && c8 --include='dist/**/*.js' --reporter=text --reporter=html npm run test:unit",
@@ -83,7 +84,7 @@
   "dependencies": {
     "@modelcontextprotocol/ext-apps": "^1.0.1",
     "@modelcontextprotocol/sdk": "^1.25.2",
-    "@portel/photon-core": "^2.6.0",
+    "@portel/photon-core": "^2.7.0",
     "chokidar": "^4.0.3",
     "cli-highlight": "^2.1.11",
     "commander": "^12.1.0",