@probelabs/probe 0.6.0-rc231 → 0.6.0-rc233
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/binaries/probe-v0.6.0-rc233-aarch64-apple-darwin.tar.gz +0 -0
- package/bin/binaries/probe-v0.6.0-rc233-aarch64-unknown-linux-musl.tar.gz +0 -0
- package/bin/binaries/probe-v0.6.0-rc233-x86_64-apple-darwin.tar.gz +0 -0
- package/bin/binaries/probe-v0.6.0-rc233-x86_64-pc-windows-msvc.zip +0 -0
- package/bin/binaries/probe-v0.6.0-rc233-x86_64-unknown-linux-musl.tar.gz +0 -0
- package/build/agent/ProbeAgent.d.ts +2 -0
- package/build/agent/ProbeAgent.js +105 -12
- package/build/agent/dsl/agent-test.mjs +341 -0
- package/build/agent/dsl/analyze-test.mjs +237 -0
- package/build/agent/dsl/diag-test.mjs +78 -0
- package/build/agent/dsl/environment.js +387 -0
- package/build/agent/dsl/manual-test.mjs +662 -0
- package/build/agent/dsl/output-buffer-test.mjs +124 -0
- package/build/agent/dsl/pipeline-direct-test.mjs +147 -0
- package/build/agent/dsl/pipeline-test.mjs +223 -0
- package/build/agent/dsl/runtime.js +206 -0
- package/build/agent/dsl/sandbox-experiment.mjs +309 -0
- package/build/agent/dsl/transformer.js +156 -0
- package/build/agent/dsl/trigger-test.mjs +159 -0
- package/build/agent/dsl/validator.js +183 -0
- package/build/agent/index.js +18776 -7675
- package/build/agent/probeTool.js +9 -0
- package/build/agent/tools.js +9 -1
- package/build/delegate.js +12 -6
- package/build/index.js +5 -0
- package/build/tools/common.js +7 -0
- package/build/tools/executePlan.js +761 -0
- package/build/tools/index.js +4 -0
- package/cjs/agent/ProbeAgent.cjs +12891 -1797
- package/cjs/index.cjs +12395 -1292
- package/package.json +5 -1
- package/src/agent/ProbeAgent.d.ts +2 -0
- package/src/agent/ProbeAgent.js +105 -12
- package/src/agent/dsl/agent-test.mjs +341 -0
- package/src/agent/dsl/analyze-test.mjs +237 -0
- package/src/agent/dsl/diag-test.mjs +78 -0
- package/src/agent/dsl/environment.js +387 -0
- package/src/agent/dsl/manual-test.mjs +662 -0
- package/src/agent/dsl/output-buffer-test.mjs +124 -0
- package/src/agent/dsl/pipeline-direct-test.mjs +147 -0
- package/src/agent/dsl/pipeline-test.mjs +223 -0
- package/src/agent/dsl/runtime.js +206 -0
- package/src/agent/dsl/sandbox-experiment.mjs +309 -0
- package/src/agent/dsl/transformer.js +156 -0
- package/src/agent/dsl/trigger-test.mjs +159 -0
- package/src/agent/dsl/validator.js +183 -0
- package/src/agent/index.js +8 -0
- package/src/agent/probeTool.js +9 -0
- package/src/agent/tools.js +9 -1
- package/src/delegate.js +12 -6
- package/src/index.js +5 -0
- package/src/tools/common.js +7 -0
- package/src/tools/executePlan.js +761 -0
- package/src/tools/index.js +4 -0
- package/bin/binaries/probe-v0.6.0-rc231-aarch64-apple-darwin.tar.gz +0 -0
- package/bin/binaries/probe-v0.6.0-rc231-aarch64-unknown-linux-musl.tar.gz +0 -0
- package/bin/binaries/probe-v0.6.0-rc231-x86_64-apple-darwin.tar.gz +0 -0
- package/bin/binaries/probe-v0.6.0-rc231-x86_64-pc-windows-msvc.zip +0 -0
- package/bin/binaries/probe-v0.6.0-rc231-x86_64-unknown-linux-musl.tar.gz +0 -0
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* DSL Validator - AST whitelist validation for LLM-generated code.
|
|
3
|
+
*
|
|
4
|
+
* Parses code with Acorn and walks the AST, rejecting any node type
|
|
5
|
+
* not in the whitelist. This is an allow-list approach — unknown syntax
|
|
6
|
+
* is rejected by default.
|
|
7
|
+
*/
|
|
8
|
+
|
|
9
|
+
import * as acorn from 'acorn';
|
|
10
|
+
import * as walk from 'acorn-walk';
|
|
11
|
+
|
|
12
|
+
// Node types the LLM is allowed to generate
|
|
13
|
+
const ALLOWED_NODE_TYPES = new Set([
|
|
14
|
+
'Program',
|
|
15
|
+
'ExpressionStatement',
|
|
16
|
+
'BlockStatement',
|
|
17
|
+
'VariableDeclaration',
|
|
18
|
+
'VariableDeclarator',
|
|
19
|
+
'ArrowFunctionExpression',
|
|
20
|
+
'FunctionExpression',
|
|
21
|
+
'CallExpression',
|
|
22
|
+
'MemberExpression',
|
|
23
|
+
'Identifier',
|
|
24
|
+
'Literal',
|
|
25
|
+
'TemplateLiteral',
|
|
26
|
+
'TemplateElement',
|
|
27
|
+
'ArrayExpression',
|
|
28
|
+
'ObjectExpression',
|
|
29
|
+
'SpreadElement',
|
|
30
|
+
'IfStatement',
|
|
31
|
+
'ConditionalExpression',
|
|
32
|
+
'ForOfStatement',
|
|
33
|
+
'ForInStatement',
|
|
34
|
+
'ForStatement',
|
|
35
|
+
'WhileStatement',
|
|
36
|
+
'TryStatement',
|
|
37
|
+
'CatchClause',
|
|
38
|
+
'ThrowStatement',
|
|
39
|
+
'ReturnStatement',
|
|
40
|
+
'BreakStatement',
|
|
41
|
+
'ContinueStatement',
|
|
42
|
+
'AssignmentExpression',
|
|
43
|
+
'UpdateExpression',
|
|
44
|
+
'BinaryExpression',
|
|
45
|
+
'LogicalExpression',
|
|
46
|
+
'UnaryExpression',
|
|
47
|
+
'Property',
|
|
48
|
+
'SequenceExpression',
|
|
49
|
+
'ChainExpression',
|
|
50
|
+
]);
|
|
51
|
+
|
|
52
|
+
// Identifiers that are never allowed
|
|
53
|
+
const BLOCKED_IDENTIFIERS = new Set([
|
|
54
|
+
'eval',
|
|
55
|
+
'Function',
|
|
56
|
+
'require',
|
|
57
|
+
'process',
|
|
58
|
+
'globalThis',
|
|
59
|
+
'__proto__',
|
|
60
|
+
'constructor',
|
|
61
|
+
'prototype',
|
|
62
|
+
'import',
|
|
63
|
+
'exports',
|
|
64
|
+
'setTimeout',
|
|
65
|
+
'setInterval',
|
|
66
|
+
'setImmediate',
|
|
67
|
+
'queueMicrotask',
|
|
68
|
+
'Proxy',
|
|
69
|
+
'Reflect',
|
|
70
|
+
'Symbol',
|
|
71
|
+
]);
|
|
72
|
+
|
|
73
|
+
// Property names that are never allowed on member expressions
|
|
74
|
+
const BLOCKED_PROPERTIES = new Set([
|
|
75
|
+
'__proto__',
|
|
76
|
+
'constructor',
|
|
77
|
+
'prototype',
|
|
78
|
+
'__defineGetter__',
|
|
79
|
+
'__defineSetter__',
|
|
80
|
+
'__lookupGetter__',
|
|
81
|
+
'__lookupSetter__',
|
|
82
|
+
]);
|
|
83
|
+
|
|
84
|
+
/**
|
|
85
|
+
* Validate DSL code against the whitelist.
|
|
86
|
+
*
|
|
87
|
+
* @param {string} code - The LLM-generated code to validate
|
|
88
|
+
* @returns {{ valid: boolean, errors: string[] }}
|
|
89
|
+
*/
|
|
90
|
+
export function validateDSL(code) {
|
|
91
|
+
const errors = [];
|
|
92
|
+
|
|
93
|
+
// Step 1: Parse with Acorn
|
|
94
|
+
let ast;
|
|
95
|
+
try {
|
|
96
|
+
ast = acorn.parse(code, {
|
|
97
|
+
ecmaVersion: 2022,
|
|
98
|
+
sourceType: 'script',
|
|
99
|
+
allowReturnOutsideFunction: true,
|
|
100
|
+
});
|
|
101
|
+
} catch (e) {
|
|
102
|
+
return { valid: false, errors: [`Syntax error: ${e.message}`] };
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
// Step 2: Walk every node and validate
|
|
106
|
+
walk.full(ast, (node) => {
|
|
107
|
+
// Check node type against whitelist
|
|
108
|
+
if (!ALLOWED_NODE_TYPES.has(node.type)) {
|
|
109
|
+
errors.push(`Blocked node type: ${node.type} at position ${node.start}`);
|
|
110
|
+
return;
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
// Block async functions (LLM should not write async/await)
|
|
114
|
+
if (
|
|
115
|
+
(node.type === 'ArrowFunctionExpression' ||
|
|
116
|
+
node.type === 'FunctionExpression') &&
|
|
117
|
+
node.async
|
|
118
|
+
) {
|
|
119
|
+
errors.push(`Async functions are not allowed at position ${node.start}. Write synchronous code — the runtime handles async.`);
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
// Block generator functions
|
|
123
|
+
if (
|
|
124
|
+
(node.type === 'FunctionExpression') &&
|
|
125
|
+
node.generator
|
|
126
|
+
) {
|
|
127
|
+
errors.push(`Generator functions are not allowed at position ${node.start}`);
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
// Block regex literals — SandboxJS doesn't support them
|
|
131
|
+
if (node.type === 'Literal' && node.regex) {
|
|
132
|
+
errors.push(`Regex literals are not supported at position ${node.start}. Use String methods like indexOf(), includes(), startsWith() instead.`);
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
// Check identifiers against blocklist
|
|
136
|
+
if (node.type === 'Identifier' && BLOCKED_IDENTIFIERS.has(node.name)) {
|
|
137
|
+
errors.push(`Blocked identifier: '${node.name}' at position ${node.start}`);
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
// Check member expressions for blocked properties
|
|
141
|
+
if (node.type === 'MemberExpression' && !node.computed) {
|
|
142
|
+
if (node.property.type === 'Identifier' && BLOCKED_PROPERTIES.has(node.property.name)) {
|
|
143
|
+
errors.push(`Blocked property access: '.${node.property.name}' at position ${node.property.start}`);
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
|
|
147
|
+
// Block computed member expressions with blocked string literals
|
|
148
|
+
if (node.type === 'MemberExpression' && node.computed) {
|
|
149
|
+
if (node.property.type === 'Literal' && typeof node.property.value === 'string') {
|
|
150
|
+
if (BLOCKED_PROPERTIES.has(node.property.value) || BLOCKED_IDENTIFIERS.has(node.property.value)) {
|
|
151
|
+
errors.push(`Blocked computed property access: '["${node.property.value}"]' at position ${node.property.start}`);
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
// Block variable declarations named with blocked identifiers
|
|
157
|
+
if (node.type === 'VariableDeclarator' && node.id.type === 'Identifier') {
|
|
158
|
+
if (BLOCKED_IDENTIFIERS.has(node.id.name)) {
|
|
159
|
+
errors.push(`Cannot declare variable with blocked name: '${node.id.name}' at position ${node.id.start}`);
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
});
|
|
163
|
+
|
|
164
|
+
return {
|
|
165
|
+
valid: errors.length === 0,
|
|
166
|
+
errors,
|
|
167
|
+
};
|
|
168
|
+
}
|
|
169
|
+
|
|
170
|
+
/**
|
|
171
|
+
* Parse DSL code into an AST.
|
|
172
|
+
* Exported for use by the transformer.
|
|
173
|
+
*
|
|
174
|
+
* @param {string} code
|
|
175
|
+
* @returns {import('acorn').Node}
|
|
176
|
+
*/
|
|
177
|
+
export function parseDSL(code) {
|
|
178
|
+
return acorn.parse(code, {
|
|
179
|
+
ecmaVersion: 2022,
|
|
180
|
+
sourceType: 'script',
|
|
181
|
+
allowReturnOutsideFunction: true,
|
|
182
|
+
});
|
|
183
|
+
}
|