npm - @sparkleideas/plugins - Versions diffs - 3.0.0-alpha.10 - Mend

@sparkleideas/plugins 3.0.0-alpha.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/README.md +401 -0
package/__tests__/collection-manager.test.ts +332 -0
package/__tests__/dependency-graph.test.ts +434 -0
package/__tests__/enhanced-plugin-registry.test.ts +488 -0
package/__tests__/plugin-registry.test.ts +368 -0
package/__tests__/ruvector-bridge.test.ts +2429 -0
package/__tests__/ruvector-integration.test.ts +1602 -0
package/__tests__/ruvector-migrations.test.ts +1099 -0
package/__tests__/ruvector-quantization.test.ts +846 -0
package/__tests__/ruvector-streaming.test.ts +1088 -0
package/__tests__/sdk.test.ts +325 -0
package/__tests__/security.test.ts +348 -0
package/__tests__/utils/ruvector-test-utils.ts +860 -0
package/examples/plugin-creator/index.ts +636 -0
package/examples/plugin-creator/plugin-creator.test.ts +312 -0
package/examples/ruvector/README.md +288 -0
package/examples/ruvector/attention-patterns.ts +394 -0
package/examples/ruvector/basic-usage.ts +288 -0
package/examples/ruvector/docker-compose.yml +75 -0
package/examples/ruvector/gnn-analysis.ts +501 -0
package/examples/ruvector/hyperbolic-hierarchies.ts +557 -0
package/examples/ruvector/init-db.sql +119 -0
package/examples/ruvector/quantization.ts +680 -0
package/examples/ruvector/self-learning.ts +447 -0
package/examples/ruvector/semantic-search.ts +576 -0
package/examples/ruvector/streaming-large-data.ts +507 -0
package/examples/ruvector/transactions.ts +594 -0
package/examples/ruvector-plugins/hook-pattern-library.ts +486 -0
package/examples/ruvector-plugins/index.ts +79 -0
package/examples/ruvector-plugins/intent-router.ts +354 -0
package/examples/ruvector-plugins/mcp-tool-optimizer.ts +424 -0
package/examples/ruvector-plugins/reasoning-bank.ts +657 -0
package/examples/ruvector-plugins/ruvector-plugins.test.ts +518 -0
package/examples/ruvector-plugins/semantic-code-search.ts +498 -0
package/examples/ruvector-plugins/shared/index.ts +20 -0
package/examples/ruvector-plugins/shared/vector-utils.ts +257 -0
package/examples/ruvector-plugins/sona-learning.ts +445 -0
package/package.json +97 -0
package/src/collections/collection-manager.ts +661 -0
package/src/collections/index.ts +56 -0
package/src/collections/official/index.ts +1040 -0
package/src/core/base-plugin.ts +416 -0
package/src/core/plugin-interface.ts +215 -0
package/src/hooks/index.ts +685 -0
package/src/index.ts +378 -0
package/src/integrations/agentic-flow.ts +743 -0
package/src/integrations/index.ts +88 -0
package/src/integrations/ruvector/ARCHITECTURE.md +1245 -0
package/src/integrations/ruvector/attention-advanced.ts +1040 -0
package/src/integrations/ruvector/attention-executor.ts +782 -0
package/src/integrations/ruvector/attention-mechanisms.ts +757 -0
package/src/integrations/ruvector/attention.ts +1063 -0
package/src/integrations/ruvector/gnn.ts +3050 -0
package/src/integrations/ruvector/hyperbolic.ts +1948 -0
package/src/integrations/ruvector/index.ts +394 -0
package/src/integrations/ruvector/migrations/001_create_extension.sql +135 -0
package/src/integrations/ruvector/migrations/002_create_vector_tables.sql +259 -0
package/src/integrations/ruvector/migrations/003_create_indices.sql +328 -0
package/src/integrations/ruvector/migrations/004_create_functions.sql +598 -0
package/src/integrations/ruvector/migrations/005_create_attention_functions.sql +654 -0
package/src/integrations/ruvector/migrations/006_create_gnn_functions.sql +728 -0
package/src/integrations/ruvector/migrations/007_create_hyperbolic_functions.sql +762 -0
package/src/integrations/ruvector/migrations/index.ts +35 -0
package/src/integrations/ruvector/migrations/migrations.ts +647 -0
package/src/integrations/ruvector/quantization.ts +2036 -0
package/src/integrations/ruvector/ruvector-bridge.ts +2000 -0
package/src/integrations/ruvector/self-learning.ts +2376 -0
package/src/integrations/ruvector/streaming.ts +1737 -0
package/src/integrations/ruvector/types.ts +1945 -0
package/src/providers/index.ts +643 -0
package/src/registry/dependency-graph.ts +568 -0
package/src/registry/enhanced-plugin-registry.ts +994 -0
package/src/registry/plugin-registry.ts +604 -0
package/src/sdk/index.ts +563 -0
package/src/security/index.ts +594 -0
package/src/types/index.ts +446 -0
package/src/workers/index.ts +700 -0
package/tmp.json +0 -0
package/tsconfig.json +25 -0
package/vitest.config.ts +23 -0

package/src/security/index.ts ADDED Viewed

@@ -0,0 +1,594 @@
+/**
+ * Security Module
+ *
+ * Provides security utilities for plugin development.
+ * Implements best practices for input validation, sanitization, and safe operations.
+ */
+import * as path from 'path';
+import * as fs from 'fs/promises';
+import * as crypto from 'crypto';
+// ============================================================================
+// Input Validation
+// ============================================================================
+/**
+ * Validate and sanitize a string input.
+ */
+export function validateString(
+  input: unknown,
+  options?: {
+    minLength?: number;
+    maxLength?: number;
+    pattern?: RegExp;
+    trim?: boolean;
+    lowercase?: boolean;
+    uppercase?: boolean;
+  }
+): string | null {
+  if (typeof input !== 'string') return null;
+  let value = input;
+  if (options?.trim) value = value.trim();
+  if (options?.lowercase) value = value.toLowerCase();
+  if (options?.uppercase) value = value.toUpperCase();
+  if (options?.minLength !== undefined && value.length < options.minLength) return null;
+  if (options?.maxLength !== undefined && value.length > options.maxLength) return null;
+  if (options?.pattern && !options.pattern.test(value)) return null;
+  return value;
+}
+/**
+ * Validate a number input.
+ */
+export function validateNumber(
+  input: unknown,
+  options?: {
+    min?: number;
+    max?: number;
+    integer?: boolean;
+  }
+): number | null {
+  const num = typeof input === 'number' ? input : parseFloat(String(input));
+  if (isNaN(num) || !isFinite(num)) return null;
+  if (options?.min !== undefined && num < options.min) return null;
+  if (options?.max !== undefined && num > options.max) return null;
+  if (options?.integer && !Number.isInteger(num)) return null;
+  return num;
+}
+/**
+ * Validate a boolean input.
+ */
+export function validateBoolean(input: unknown): boolean | null {
+  if (typeof input === 'boolean') return input;
+  if (input === 'true' || input === '1' || input === 1) return true;
+  if (input === 'false' || input === '0' || input === 0) return false;
+  return null;
+}
+/**
+ * Validate an array input.
+ */
+export function validateArray<T>(
+  input: unknown,
+  itemValidator: (item: unknown) => T | null,
+  options?: {
+    minLength?: number;
+    maxLength?: number;
+    unique?: boolean;
+  }
+): T[] | null {
+  if (!Array.isArray(input)) return null;
+  if (options?.minLength !== undefined && input.length < options.minLength) return null;
+  if (options?.maxLength !== undefined && input.length > options.maxLength) return null;
+  const result: T[] = [];
+  for (const item of input) {
+    const validated = itemValidator(item);
+    if (validated === null) return null;
+    result.push(validated);
+  }
+  if (options?.unique) {
+    const uniqueSet = new Set(result.map(String));
+    if (uniqueSet.size !== result.length) return null;
+  }
+  return result;
+}
+/**
+ * Validate an enum value.
+ */
+export function validateEnum<T extends string>(
+  input: unknown,
+  allowedValues: readonly T[]
+): T | null {
+  if (typeof input !== 'string') return null;
+  if (!allowedValues.includes(input as T)) return null;
+  return input as T;
+}
+// ============================================================================
+// Path Security
+// ============================================================================
+const MAX_PATH_LENGTH = 4096;
+const BLOCKED_PATH_PATTERNS = [
+  /\.\./,  // Parent directory traversal
+  /^~/,    // Home directory expansion
+  /^\/etc\//i,
+  /^\/var\//i,
+  /^\/tmp\//i,
+  /^\/proc\//i,
+  /^\/sys\//i,
+  /^\/dev\//i,
+  /^C:\\Windows/i,
+  /^C:\\Program Files/i,
+];
+/**
+ * Validate a file path for safety.
+ */
+export function validatePath(
+  inputPath: unknown,
+  options?: {
+    allowedExtensions?: string[];
+    blockedPatterns?: RegExp[];
+    mustExist?: boolean;
+    allowAbsolute?: boolean;
+  }
+): string | null {
+  if (typeof inputPath !== 'string') return null;
+  if (inputPath.length === 0 || inputPath.length > MAX_PATH_LENGTH) return null;
+  // Normalize the path
+  const normalized = path.normalize(inputPath);
+  // Check blocked patterns
+  const blockedPatterns = [...BLOCKED_PATH_PATTERNS, ...(options?.blockedPatterns ?? [])];
+  for (const pattern of blockedPatterns) {
+    if (pattern.test(normalized)) return null;
+  }
+  // Check absolute path restriction
+  if (!options?.allowAbsolute && path.isAbsolute(normalized)) return null;
+  // Check extension
+  if (options?.allowedExtensions) {
+    const ext = path.extname(normalized).toLowerCase();
+    if (!options.allowedExtensions.includes(ext)) return null;
+  }
+  return normalized;
+}
+/**
+ * Create a safe path relative to a base directory.
+ * Prevents path traversal attacks.
+ */
+export function safePath(baseDir: string, ...segments: string[]): string {
+  const resolved = path.resolve(baseDir, ...segments);
+  const normalizedBase = path.normalize(baseDir);
+  if (!resolved.startsWith(normalizedBase + path.sep) && resolved !== normalizedBase) {
+    throw new Error(`Path traversal blocked: ${resolved}`);
+  }
+  return resolved;
+}
+/**
+ * Async version of safePath that uses realpath.
+ * More secure as it resolves symlinks.
+ */
+export async function safePathAsync(baseDir: string, ...segments: string[]): Promise<string> {
+  const resolved = path.resolve(baseDir, ...segments);
+  try {
+    const realResolved = await fs.realpath(resolved).catch(() => resolved);
+    const realBase = await fs.realpath(baseDir).catch(() => baseDir);
+    if (!realResolved.startsWith(realBase + path.sep) && realResolved !== realBase) {
+      throw new Error(`Path traversal blocked: ${realResolved}`);
+    }
+    return realResolved;
+  } catch (error) {
+    // Handle non-existent files
+    const normalizedBase = path.normalize(baseDir);
+    if (!resolved.startsWith(normalizedBase + path.sep) && resolved !== normalizedBase) {
+      throw new Error(`Path traversal blocked: ${resolved}`);
+    }
+    return resolved;
+  }
+}
+// ============================================================================
+// JSON Security
+// ============================================================================
+const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+/**
+ * Parse JSON safely, stripping dangerous keys.
+ */
+export function safeJsonParse<T = unknown>(content: string): T {
+  return JSON.parse(content, (key, value) => {
+    if (DANGEROUS_KEYS.has(key)) {
+      return undefined;
+    }
+    return value;
+  }) as T;
+}
+/**
+ * Stringify JSON with circular reference detection.
+ */
+export function safeJsonStringify(
+  value: unknown,
+  options?: {
+    space?: number;
+    maxDepth?: number;
+    replacer?: (key: string, value: unknown) => unknown;
+  }
+): string {
+  const seen = new WeakSet();
+  const maxDepth = options?.maxDepth ?? 100;
+  let currentDepth = 0;
+  const replacer = (key: string, val: unknown): unknown => {
+    // Apply custom replacer first
+    if (options?.replacer) {
+      val = options.replacer(key, val);
+    }
+    // Strip dangerous keys
+    if (DANGEROUS_KEYS.has(key)) {
+      return undefined;
+    }
+    // Handle circular references
+    if (val !== null && typeof val === 'object') {
+      if (seen.has(val)) {
+        return '[Circular]';
+      }
+      seen.add(val);
+    }
+    // Depth limiting
+    if (key !== '') {
+      currentDepth++;
+      if (currentDepth > maxDepth) {
+        return '[Max Depth Exceeded]';
+      }
+    }
+    return val;
+  };
+  return JSON.stringify(value, replacer, options?.space);
+}
+// ============================================================================
+// Command Security
+// ============================================================================
+const ALLOWED_COMMANDS = new Set([
+  'npm', 'npx', 'node', 'git', 'tsc', 'vitest', 'jest',
+  'prettier', 'eslint', 'ls', 'cat', 'grep', 'find',
+]);
+const BLOCKED_COMMANDS = new Set([
+  'rm', 'del', 'format', 'dd', 'mkfs', 'fdisk',
+  'shutdown', 'reboot', 'poweroff', 'halt',
+  'passwd', 'sudo', 'su', 'chmod', 'chown',
+  'curl', 'wget', 'nc', 'netcat',
+]);
+const SHELL_METACHARACTERS = /[|;&$`<>(){}[\]!\\]/;
+/**
+ * Validate a command for safe execution.
+ */
+export function validateCommand(
+  command: unknown,
+  options?: {
+    allowedCommands?: Set<string>;
+    blockedCommands?: Set<string>;
+    allowShellMetachars?: boolean;
+  }
+): { command: string; args: string[] } | null {
+  if (typeof command !== 'string') return null;
+  const trimmed = command.trim();
+  if (trimmed.length === 0) return null;
+  // Check for shell metacharacters
+  if (!options?.allowShellMetachars && SHELL_METACHARACTERS.test(trimmed)) {
+    return null;
+  }
+  // Parse command and args
+  const parts = trimmed.split(/\s+/);
+  const cmd = parts[0].toLowerCase();
+  const args = parts.slice(1);
+  // Check allowed/blocked lists
+  const allowed = options?.allowedCommands ?? ALLOWED_COMMANDS;
+  const blocked = options?.blockedCommands ?? BLOCKED_COMMANDS;
+  if (blocked.has(cmd)) return null;
+  if (!allowed.has(cmd) && allowed.size > 0) return null;
+  return { command: cmd, args };
+}
+/**
+ * Escape a string for safe shell argument use.
+ */
+export function escapeShellArg(arg: string): string {
+  // Empty string
+  if (arg.length === 0) return "''";
+  // If no special characters, return as-is
+  if (!/[^a-zA-Z0-9_\-=./:@]/.test(arg)) return arg;
+  // Single-quote the argument and escape any single quotes
+  return "'" + arg.replace(/'/g, "'\"'\"'") + "'";
+}
+// ============================================================================
+// Error Sanitization
+// ============================================================================
+const SENSITIVE_PATTERNS = [
+  /password[=:]\s*\S+/gi,
+  /api[_-]?key[=:]\s*\S+/gi,
+  /secret[=:]\s*\S+/gi,
+  /token[=:]\s*\S+/gi,
+  /auth[=:]\s*\S+/gi,
+  /bearer\s+\S+/gi,
+  /\/\/[^:]+:[^@]+@/g,  // Credentials in URLs
+];
+/**
+ * Sanitize error messages to remove sensitive data.
+ */
+export function sanitizeErrorMessage(error: unknown): string {
+  const message = error instanceof Error ? error.message : String(error);
+  let sanitized = message;
+  for (const pattern of SENSITIVE_PATTERNS) {
+    sanitized = sanitized.replace(pattern, '[REDACTED]');
+  }
+  // Truncate very long messages
+  if (sanitized.length > 1000) {
+    sanitized = sanitized.substring(0, 1000) + '... [truncated]';
+  }
+  return sanitized;
+}
+/**
+ * Create a safe error object for logging/transmission.
+ */
+export function sanitizeError(error: unknown): {
+  name: string;
+  message: string;
+  code?: string;
+} {
+  if (error instanceof Error) {
+    return {
+      name: error.name,
+      message: sanitizeErrorMessage(error),
+      code: (error as NodeJS.ErrnoException).code,
+    };
+  }
+  return {
+    name: 'Error',
+    message: sanitizeErrorMessage(error),
+  };
+}
+// ============================================================================
+// Rate Limiting
+// ============================================================================
+export interface RateLimiter {
+  tryAcquire(): boolean;
+  getRemaining(): number;
+  reset(): void;
+}
+/**
+ * Create a token bucket rate limiter.
+ */
+export function createRateLimiter(options: {
+  maxTokens: number;
+  refillRate: number;
+  refillInterval: number;
+}): RateLimiter {
+  let tokens = options.maxTokens;
+  let lastRefill = Date.now();
+  const refill = () => {
+    const now = Date.now();
+    const elapsed = now - lastRefill;
+    const refillCount = Math.floor(elapsed / options.refillInterval) * options.refillRate;
+    if (refillCount > 0) {
+      tokens = Math.min(options.maxTokens, tokens + refillCount);
+      lastRefill = now;
+    }
+  };
+  return {
+    tryAcquire(): boolean {
+      refill();
+      if (tokens > 0) {
+        tokens--;
+        return true;
+      }
+      return false;
+    },
+    getRemaining(): number {
+      refill();
+      return tokens;
+    },
+    reset(): void {
+      tokens = options.maxTokens;
+      lastRefill = Date.now();
+    },
+  };
+}
+// ============================================================================
+// Crypto Utilities
+// ============================================================================
+/**
+ * Generate a secure random ID.
+ */
+export function generateSecureId(length: number = 32): string {
+  return crypto.randomBytes(length).toString('hex');
+}
+/**
+ * Generate a secure random token (URL-safe).
+ */
+export function generateSecureToken(length: number = 32): string {
+  return crypto.randomBytes(length).toString('base64url');
+}
+/**
+ * Hash a string securely.
+ */
+export function hashString(input: string, algorithm: string = 'sha256'): string {
+  return crypto.createHash(algorithm).update(input).digest('hex');
+}
+/**
+ * Compare two strings in constant time.
+ */
+export function constantTimeCompare(a: string, b: string): boolean {
+  if (a.length !== b.length) return false;
+  const bufA = Buffer.from(a);
+  const bufB = Buffer.from(b);
+  return crypto.timingSafeEqual(bufA, bufB);
+}
+// ============================================================================
+// Resource Limits
+// ============================================================================
+export interface ResourceLimits {
+  maxMemoryMB: number;
+  maxCPUPercent: number;
+  maxFileSize: number;
+  maxOpenFiles: number;
+  maxExecutionTime: number;
+}
+const DEFAULT_LIMITS: ResourceLimits = {
+  maxMemoryMB: 512,
+  maxCPUPercent: 80,
+  maxFileSize: 10 * 1024 * 1024, // 10MB
+  maxOpenFiles: 100,
+  maxExecutionTime: 30000, // 30s
+};
+/**
+ * Create a resource limiter.
+ */
+export function createResourceLimiter(limits?: Partial<ResourceLimits>): {
+  check(): { ok: boolean; violations: string[] };
+  enforce<T>(fn: () => Promise<T>): Promise<T>;
+} {
+  const config = { ...DEFAULT_LIMITS, ...limits };
+  return {
+    check(): { ok: boolean; violations: string[] } {
+      const violations: string[] = [];
+      const memUsage = process.memoryUsage();
+      const memMB = memUsage.heapUsed / 1024 / 1024;
+      if (memMB > config.maxMemoryMB) {
+        violations.push(`Memory usage ${memMB.toFixed(1)}MB exceeds limit ${config.maxMemoryMB}MB`);
+      }
+      return {
+        ok: violations.length === 0,
+        violations,
+      };
+    },
+    async enforce<T>(fn: () => Promise<T>): Promise<T> {
+      const check = this.check();
+      if (!check.ok) {
+        throw new Error(`Resource limits exceeded: ${check.violations.join(', ')}`);
+      }
+      return Promise.race([
+        fn(),
+        new Promise<never>((_, reject) =>
+          setTimeout(() => reject(new Error('Execution time limit exceeded')), config.maxExecutionTime)
+        ),
+      ]);
+    },
+  };
+}
+// ============================================================================
+// Export All
+// ============================================================================
+export const Security = {
+  // Validation
+  validateString,
+  validateNumber,
+  validateBoolean,
+  validateArray,
+  validateEnum,
+  validatePath,
+  validateCommand,
+  // Path security
+  safePath,
+  safePathAsync,
+  // JSON security
+  safeJsonParse,
+  safeJsonStringify,
+  // Command security
+  escapeShellArg,
+  // Error sanitization
+  sanitizeError,
+  sanitizeErrorMessage,
+  // Rate limiting
+  createRateLimiter,
+  // Crypto
+  generateSecureId,
+  generateSecureToken,
+  hashString,
+  constantTimeCompare,
+  // Resource limits
+  createResourceLimiter,
+};