@probelabs/probe 0.6.0-rc123 → 0.6.0-rc125
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/agent/index.js +105 -4
- package/build/agent/probeTool.js +20 -4
- package/cjs/agent/ProbeAgent.cjs +3915 -4283
- package/cjs/index.cjs +3917 -4285
- package/package.json +2 -2
- package/src/agent/probeTool.js +20 -4
package/build/agent/index.js
CHANGED
|
@@ -16001,15 +16001,16 @@ var init_probeTool = __esm({
|
|
|
16001
16001
|
const { directory = ".", workingDirectory } = params;
|
|
16002
16002
|
const baseCwd = workingDirectory || process.cwd();
|
|
16003
16003
|
const secureBaseDir = path6.resolve(baseCwd);
|
|
16004
|
+
const isDependencyPath = directory.startsWith("/dep/") || directory.startsWith("go:") || directory.startsWith("js:") || directory.startsWith("rust:");
|
|
16004
16005
|
let targetDir;
|
|
16005
16006
|
if (path6.isAbsolute(directory)) {
|
|
16006
16007
|
targetDir = path6.resolve(directory);
|
|
16007
|
-
if (!targetDir.startsWith(secureBaseDir + path6.sep) && targetDir !== secureBaseDir) {
|
|
16008
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path6.sep) && targetDir !== secureBaseDir) {
|
|
16008
16009
|
throw new Error(`Path traversal attempt detected. Cannot access directory outside workspace: ${directory}`);
|
|
16009
16010
|
}
|
|
16010
16011
|
} else {
|
|
16011
16012
|
targetDir = path6.resolve(secureBaseDir, directory);
|
|
16012
|
-
if (!targetDir.startsWith(secureBaseDir + path6.sep) && targetDir !== secureBaseDir) {
|
|
16013
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path6.sep) && targetDir !== secureBaseDir) {
|
|
16013
16014
|
throw new Error(`Path traversal attempt detected. Access denied: ${directory}`);
|
|
16014
16015
|
}
|
|
16015
16016
|
}
|
|
@@ -16073,15 +16074,16 @@ var init_probeTool = __esm({
|
|
|
16073
16074
|
}
|
|
16074
16075
|
const baseCwd = workingDirectory || process.cwd();
|
|
16075
16076
|
const secureBaseDir = path6.resolve(baseCwd);
|
|
16077
|
+
const isDependencyPath = directory.startsWith("/dep/") || directory.startsWith("go:") || directory.startsWith("js:") || directory.startsWith("rust:");
|
|
16076
16078
|
let targetDir;
|
|
16077
16079
|
if (path6.isAbsolute(directory)) {
|
|
16078
16080
|
targetDir = path6.resolve(directory);
|
|
16079
|
-
if (!targetDir.startsWith(secureBaseDir + path6.sep) && targetDir !== secureBaseDir) {
|
|
16081
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path6.sep) && targetDir !== secureBaseDir) {
|
|
16080
16082
|
throw new Error(`Path traversal attempt detected. Cannot access directory outside workspace: ${directory}`);
|
|
16081
16083
|
}
|
|
16082
16084
|
} else {
|
|
16083
16085
|
targetDir = path6.resolve(secureBaseDir, directory);
|
|
16084
|
-
if (!targetDir.startsWith(secureBaseDir + path6.sep) && targetDir !== secureBaseDir) {
|
|
16086
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path6.sep) && targetDir !== secureBaseDir) {
|
|
16085
16087
|
throw new Error(`Path traversal attempt detected. Access denied: ${directory}`);
|
|
16086
16088
|
}
|
|
16087
16089
|
}
|
|
@@ -28902,6 +28904,37 @@ var init_semantics = __esm({
|
|
|
28902
28904
|
}
|
|
28903
28905
|
}
|
|
28904
28906
|
}
|
|
28907
|
+
// Curly braces inside quoted label segments can be confusing because
|
|
28908
|
+
// braces also delimit decision/hexagon shapes. We allow them in quoted
|
|
28909
|
+
// text but suggest replacing with HTML entities so renderers remain stable.
|
|
28910
|
+
checkCurlyInQuoted(contentNodes) {
|
|
28911
|
+
if (!contentNodes)
|
|
28912
|
+
return;
|
|
28913
|
+
for (const cn of contentNodes) {
|
|
28914
|
+
const ch = cn.children || {};
|
|
28915
|
+
const qs = ch.QuotedString || [];
|
|
28916
|
+
for (const q of qs) {
|
|
28917
|
+
const raw = String(q.image || "");
|
|
28918
|
+
const inner = raw.length >= 2 && (raw.startsWith('"') || raw.startsWith("'")) ? raw.slice(1, -1) : raw;
|
|
28919
|
+
const i = inner.indexOf("{");
|
|
28920
|
+
const j = inner.indexOf("}");
|
|
28921
|
+
if (i >= 0 || j >= 0) {
|
|
28922
|
+
const rel = i >= 0 ? i : j;
|
|
28923
|
+
const col = (q.startColumn ?? 1) + 1 + Math.max(0, rel);
|
|
28924
|
+
this.ctx.errors.push({
|
|
28925
|
+
line: q.startLine ?? 1,
|
|
28926
|
+
column: col,
|
|
28927
|
+
severity: "warning",
|
|
28928
|
+
code: "FL-LABEL-CURLY-IN-QUOTED",
|
|
28929
|
+
message: "Curly braces inside quoted label text may be parsed as a shape by Mermaid. Replace { and } with HTML entities.",
|
|
28930
|
+
hint: 'Use { and } for { and } inside quoted text, e.g., "tyk-trace-{id}".',
|
|
28931
|
+
length: 1
|
|
28932
|
+
});
|
|
28933
|
+
break;
|
|
28934
|
+
}
|
|
28935
|
+
}
|
|
28936
|
+
}
|
|
28937
|
+
}
|
|
28905
28938
|
warnParensInUnquoted(contentNodes) {
|
|
28906
28939
|
if (!contentNodes)
|
|
28907
28940
|
return;
|
|
@@ -28953,6 +28986,7 @@ var init_semantics = __esm({
|
|
|
28953
28986
|
if (openTok) {
|
|
28954
28987
|
this.checkEmptyContent(openTok, contentNodes.length ? contentNodes : void 0);
|
|
28955
28988
|
this.checkDoubleInSingleQuoted(contentNodes);
|
|
28989
|
+
this.checkCurlyInQuoted(contentNodes);
|
|
28956
28990
|
this.checkBackticksInContent(contentNodes);
|
|
28957
28991
|
this.warnParensInUnquoted(contentNodes);
|
|
28958
28992
|
if (this.ctx.strict) {
|
|
@@ -32385,6 +32419,51 @@ function computeFixes(text, errors, level = "safe") {
|
|
|
32385
32419
|
edits.push(replaceRange(text, at(e), e.length ?? 1, ""));
|
|
32386
32420
|
continue;
|
|
32387
32421
|
}
|
|
32422
|
+
if (is("FL-LABEL-CURLY-IN-QUOTED", e)) {
|
|
32423
|
+
const lineText = lineTextAt(text, e.line);
|
|
32424
|
+
const caret0 = Math.max(0, e.column - 1);
|
|
32425
|
+
let qOpenIdx = -1;
|
|
32426
|
+
let qChar = null;
|
|
32427
|
+
for (let i = caret0; i >= 0; i--) {
|
|
32428
|
+
const ch2 = lineText[i];
|
|
32429
|
+
const code = ch2 ? ch2.charCodeAt(0) : -1;
|
|
32430
|
+
if (code === 34 || code === 39) {
|
|
32431
|
+
const bs = i > 0 && lineText[i - 1] === "\\";
|
|
32432
|
+
if (!bs) {
|
|
32433
|
+
qOpenIdx = i;
|
|
32434
|
+
qChar = ch2;
|
|
32435
|
+
break;
|
|
32436
|
+
}
|
|
32437
|
+
}
|
|
32438
|
+
}
|
|
32439
|
+
if (qOpenIdx !== -1 && qChar) {
|
|
32440
|
+
let qCloseIdx = -1;
|
|
32441
|
+
for (let j = qOpenIdx + 1; j < lineText.length; j++) {
|
|
32442
|
+
const ch2 = lineText[j];
|
|
32443
|
+
const code = ch2 ? ch2.charCodeAt(0) : -1;
|
|
32444
|
+
if (code === (qChar ? qChar.charCodeAt(0) : -1)) {
|
|
32445
|
+
const bs = lineText[j - 1] === "\\";
|
|
32446
|
+
if (!bs) {
|
|
32447
|
+
qCloseIdx = j;
|
|
32448
|
+
break;
|
|
32449
|
+
}
|
|
32450
|
+
}
|
|
32451
|
+
}
|
|
32452
|
+
if (qCloseIdx > qOpenIdx) {
|
|
32453
|
+
const inner = lineText.slice(qOpenIdx + 1, qCloseIdx);
|
|
32454
|
+
const replaced = inner.replace(/\{/g, "{").replace(/\}/g, "}");
|
|
32455
|
+
if (replaced !== inner) {
|
|
32456
|
+
edits.push({ start: { line: e.line, column: qOpenIdx + 2 }, end: { line: e.line, column: qCloseIdx + 1 }, newText: replaced });
|
|
32457
|
+
continue;
|
|
32458
|
+
}
|
|
32459
|
+
}
|
|
32460
|
+
}
|
|
32461
|
+
const ch = lineText[caret0] || "";
|
|
32462
|
+
const rep = ch === "{" ? "{" : ch === "}" ? "}" : ch;
|
|
32463
|
+
if (rep !== ch)
|
|
32464
|
+
edits.push(replaceRange(text, at(e), e.length ?? 1, rep));
|
|
32465
|
+
continue;
|
|
32466
|
+
}
|
|
32388
32467
|
if (is("FL-LABEL-DOUBLE-IN-DOUBLE", e)) {
|
|
32389
32468
|
const lineText = lineTextAt(text, e.line);
|
|
32390
32469
|
const caret0 = Math.max(0, e.column - 1);
|
|
@@ -32862,6 +32941,8 @@ function computeFixes(text, errors, level = "safe") {
|
|
|
32862
32941
|
const lineText = lineTextAt(text, e.line);
|
|
32863
32942
|
const mLR = /^(\s*)Note\s+(left|right)\s+of\s+(.+?)\s+(.+)$/.exec(lineText);
|
|
32864
32943
|
const mOver = /^(\s*)Note\s+over\s+(.+?)\s+(.+)$/.exec(lineText);
|
|
32944
|
+
const mLRml = /^(\s*)Note\s+(left|right)\s+of\s+([^:]+?)\s*$/.exec(lineText);
|
|
32945
|
+
const mOverml = /^(\s*)Note\s+over\s+([^:]+?)\s*$/.exec(lineText);
|
|
32865
32946
|
let insertCol = e.column;
|
|
32866
32947
|
if (mLR) {
|
|
32867
32948
|
const indent = mLR[1] || "";
|
|
@@ -32871,6 +32952,26 @@ function computeFixes(text, errors, level = "safe") {
|
|
|
32871
32952
|
const indent = mOver[1] || "";
|
|
32872
32953
|
const beforeHeader = `${indent}Note over ${mOver[2]}`;
|
|
32873
32954
|
insertCol = beforeHeader.length + 1;
|
|
32955
|
+
} else if (mLRml || mOverml) {
|
|
32956
|
+
const lines = text.split(/\r?\n/);
|
|
32957
|
+
const headerIdx = Math.max(0, e.line - 1);
|
|
32958
|
+
let endIdx = -1;
|
|
32959
|
+
for (let i = headerIdx + 1; i < lines.length; i++) {
|
|
32960
|
+
if (/^\s*end\s+note\s*$/i.test(lines[i] || "")) {
|
|
32961
|
+
endIdx = i;
|
|
32962
|
+
break;
|
|
32963
|
+
}
|
|
32964
|
+
}
|
|
32965
|
+
const indent = (mLRml ? mLRml[1] : mOverml[1]) || "";
|
|
32966
|
+
const beforeHeader = mLRml ? `${indent}Note ${mLRml[2]} of ${mLRml[3].trimEnd()}` : `${indent}Note over ${mOverml[2].trimEnd()}`;
|
|
32967
|
+
const body = endIdx !== -1 ? lines.slice(headerIdx + 1, endIdx).map((s) => s.trim()).join(" ") : "";
|
|
32968
|
+
const newHeader = `${beforeHeader} : ${body}`.replace(/\s+$/, "");
|
|
32969
|
+
const hdrLine = lineTextAt(text, e.line);
|
|
32970
|
+
edits.push({ start: { line: e.line, column: 1 }, end: { line: e.line, column: hdrLine.length + 1 }, newText: newHeader });
|
|
32971
|
+
if (endIdx !== -1) {
|
|
32972
|
+
edits.push({ start: { line: headerIdx + 2, column: 1 }, end: { line: endIdx + 2, column: 1 }, newText: "" });
|
|
32973
|
+
}
|
|
32974
|
+
continue;
|
|
32874
32975
|
}
|
|
32875
32976
|
const idx0 = Math.max(0, insertCol - 1);
|
|
32876
32977
|
const nextCh = lineText[idx0] || "";
|
package/build/agent/probeTool.js
CHANGED
|
@@ -224,19 +224,27 @@ export const listFilesTool = {
|
|
|
224
224
|
// Security: Validate path to prevent traversal attacks
|
|
225
225
|
const secureBaseDir = path.resolve(baseCwd);
|
|
226
226
|
|
|
227
|
+
// Check if this is a dependency path that should bypass workspace restrictions
|
|
228
|
+
const isDependencyPath = directory.startsWith('/dep/') ||
|
|
229
|
+
directory.startsWith('go:') ||
|
|
230
|
+
directory.startsWith('js:') ||
|
|
231
|
+
directory.startsWith('rust:');
|
|
232
|
+
|
|
227
233
|
// If directory is absolute, check if it's within the secure base directory
|
|
228
234
|
// If it's relative, resolve it against the secure base directory
|
|
229
235
|
let targetDir;
|
|
230
236
|
if (path.isAbsolute(directory)) {
|
|
231
237
|
targetDir = path.resolve(directory);
|
|
232
238
|
// Check if the absolute path is within the secure base directory
|
|
233
|
-
|
|
239
|
+
// Allow dependency paths to bypass this restriction
|
|
240
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
|
|
234
241
|
throw new Error(`Path traversal attempt detected. Cannot access directory outside workspace: ${directory}`);
|
|
235
242
|
}
|
|
236
243
|
} else {
|
|
237
244
|
targetDir = path.resolve(secureBaseDir, directory);
|
|
238
245
|
// Double-check the resolved path is still within the secure base directory
|
|
239
|
-
|
|
246
|
+
// Allow dependency paths to bypass this restriction
|
|
247
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
|
|
240
248
|
throw new Error(`Path traversal attempt detected. Access denied: ${directory}`);
|
|
241
249
|
}
|
|
242
250
|
}
|
|
@@ -323,19 +331,27 @@ export const searchFilesTool = {
|
|
|
323
331
|
const baseCwd = workingDirectory || process.cwd();
|
|
324
332
|
const secureBaseDir = path.resolve(baseCwd);
|
|
325
333
|
|
|
334
|
+
// Check if this is a dependency path that should bypass workspace restrictions
|
|
335
|
+
const isDependencyPath = directory.startsWith('/dep/') ||
|
|
336
|
+
directory.startsWith('go:') ||
|
|
337
|
+
directory.startsWith('js:') ||
|
|
338
|
+
directory.startsWith('rust:');
|
|
339
|
+
|
|
326
340
|
// If directory is absolute, check if it's within the secure base directory
|
|
327
341
|
// If it's relative, resolve it against the secure base directory
|
|
328
342
|
let targetDir;
|
|
329
343
|
if (path.isAbsolute(directory)) {
|
|
330
344
|
targetDir = path.resolve(directory);
|
|
331
345
|
// Check if the absolute path is within the secure base directory
|
|
332
|
-
|
|
346
|
+
// Allow dependency paths to bypass this restriction
|
|
347
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
|
|
333
348
|
throw new Error(`Path traversal attempt detected. Cannot access directory outside workspace: ${directory}`);
|
|
334
349
|
}
|
|
335
350
|
} else {
|
|
336
351
|
targetDir = path.resolve(secureBaseDir, directory);
|
|
337
352
|
// Double-check the resolved path is still within the secure base directory
|
|
338
|
-
|
|
353
|
+
// Allow dependency paths to bypass this restriction
|
|
354
|
+
if (!isDependencyPath && !targetDir.startsWith(secureBaseDir + path.sep) && targetDir !== secureBaseDir) {
|
|
339
355
|
throw new Error(`Path traversal attempt detected. Access denied: ${directory}`);
|
|
340
356
|
}
|
|
341
357
|
}
|