npm - @teneo-protocol/sdk - Versions diffs - 1.0.0 - Mend

@teneo-protocol/sdk 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (281) hide show

package/.dockerignore +14 -0
package/.env.test.example +14 -0
package/.eslintrc.json +26 -0
package/.github/workflows/claude-code-review.yml +78 -0
package/.github/workflows/claude-reviewer.yml +64 -0
package/.github/workflows/publish-npm.yml +38 -0
package/.github/workflows/push-to-main.yml +23 -0
package/.node-version +1 -0
package/.prettierrc +11 -0
package/Dockerfile +25 -0
package/LICENCE +661 -0
package/README.md +709 -0
package/dist/constants.d.ts +42 -0
package/dist/constants.d.ts.map +1 -0
package/dist/constants.js +45 -0
package/dist/constants.js.map +1 -0
package/dist/core/websocket-client.d.ts +261 -0
package/dist/core/websocket-client.d.ts.map +1 -0
package/dist/core/websocket-client.js +875 -0
package/dist/core/websocket-client.js.map +1 -0
package/dist/formatters/response-formatter.d.ts +354 -0
package/dist/formatters/response-formatter.d.ts.map +1 -0
package/dist/formatters/response-formatter.js +575 -0
package/dist/formatters/response-formatter.js.map +1 -0
package/dist/handlers/message-handler-registry.d.ts +155 -0
package/dist/handlers/message-handler-registry.d.ts.map +1 -0
package/dist/handlers/message-handler-registry.js +216 -0
package/dist/handlers/message-handler-registry.js.map +1 -0
package/dist/handlers/message-handlers/agent-selected-handler.d.ts +112 -0
package/dist/handlers/message-handlers/agent-selected-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/agent-selected-handler.js +40 -0
package/dist/handlers/message-handlers/agent-selected-handler.js.map +1 -0
package/dist/handlers/message-handlers/agents-list-handler.d.ts +14 -0
package/dist/handlers/message-handlers/agents-list-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/agents-list-handler.js +25 -0
package/dist/handlers/message-handlers/agents-list-handler.js.map +1 -0
package/dist/handlers/message-handlers/auth-error-handler.d.ts +71 -0
package/dist/handlers/message-handlers/auth-error-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/auth-error-handler.js +30 -0
package/dist/handlers/message-handlers/auth-error-handler.js.map +1 -0
package/dist/handlers/message-handlers/auth-message-handler.d.ts +18 -0
package/dist/handlers/message-handlers/auth-message-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/auth-message-handler.js +60 -0
package/dist/handlers/message-handlers/auth-message-handler.js.map +1 -0
package/dist/handlers/message-handlers/auth-required-handler.d.ts +76 -0
package/dist/handlers/message-handlers/auth-required-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/auth-required-handler.js +23 -0
package/dist/handlers/message-handlers/auth-required-handler.js.map +1 -0
package/dist/handlers/message-handlers/auth-success-handler.d.ts +18 -0
package/dist/handlers/message-handlers/auth-success-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/auth-success-handler.js +51 -0
package/dist/handlers/message-handlers/auth-success-handler.js.map +1 -0
package/dist/handlers/message-handlers/base-handler.d.ts +55 -0
package/dist/handlers/message-handlers/base-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/base-handler.js +83 -0
package/dist/handlers/message-handlers/base-handler.js.map +1 -0
package/dist/handlers/message-handlers/challenge-handler.d.ts +73 -0
package/dist/handlers/message-handlers/challenge-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/challenge-handler.js +47 -0
package/dist/handlers/message-handlers/challenge-handler.js.map +1 -0
package/dist/handlers/message-handlers/error-message-handler.d.ts +76 -0
package/dist/handlers/message-handlers/error-message-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/error-message-handler.js +29 -0
package/dist/handlers/message-handlers/error-message-handler.js.map +1 -0
package/dist/handlers/message-handlers/index.d.ts +28 -0
package/dist/handlers/message-handlers/index.d.ts.map +1 -0
package/dist/handlers/message-handlers/index.js +100 -0
package/dist/handlers/message-handlers/index.js.map +1 -0
package/dist/handlers/message-handlers/list-rooms-response-handler.d.ts +122 -0
package/dist/handlers/message-handlers/list-rooms-response-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/list-rooms-response-handler.js +30 -0
package/dist/handlers/message-handlers/list-rooms-response-handler.js.map +1 -0
package/dist/handlers/message-handlers/ping-pong-handler.d.ts +104 -0
package/dist/handlers/message-handlers/ping-pong-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/ping-pong-handler.js +36 -0
package/dist/handlers/message-handlers/ping-pong-handler.js.map +1 -0
package/dist/handlers/message-handlers/regular-message-handler.d.ts +56 -0
package/dist/handlers/message-handlers/regular-message-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/regular-message-handler.js +59 -0
package/dist/handlers/message-handlers/regular-message-handler.js.map +1 -0
package/dist/handlers/message-handlers/subscribe-response-handler.d.ts +81 -0
package/dist/handlers/message-handlers/subscribe-response-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/subscribe-response-handler.js +48 -0
package/dist/handlers/message-handlers/subscribe-response-handler.js.map +1 -0
package/dist/handlers/message-handlers/task-response-handler.d.ts +14 -0
package/dist/handlers/message-handlers/task-response-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/task-response-handler.js +44 -0
package/dist/handlers/message-handlers/task-response-handler.js.map +1 -0
package/dist/handlers/message-handlers/types.d.ts +51 -0
package/dist/handlers/message-handlers/types.d.ts.map +1 -0
package/dist/handlers/message-handlers/types.js +7 -0
package/dist/handlers/message-handlers/types.js.map +1 -0
package/dist/handlers/message-handlers/unsubscribe-response-handler.d.ts +81 -0
package/dist/handlers/message-handlers/unsubscribe-response-handler.d.ts.map +1 -0
package/dist/handlers/message-handlers/unsubscribe-response-handler.js +48 -0
package/dist/handlers/message-handlers/unsubscribe-response-handler.js.map +1 -0
package/dist/handlers/webhook-handler.d.ts +202 -0
package/dist/handlers/webhook-handler.d.ts.map +1 -0
package/dist/handlers/webhook-handler.js +511 -0
package/dist/handlers/webhook-handler.js.map +1 -0
package/dist/index.d.ts +71 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +217 -0
package/dist/index.js.map +1 -0
package/dist/managers/agent-registry.d.ts +173 -0
package/dist/managers/agent-registry.d.ts.map +1 -0
package/dist/managers/agent-registry.js +310 -0
package/dist/managers/agent-registry.js.map +1 -0
package/dist/managers/connection-manager.d.ts +134 -0
package/dist/managers/connection-manager.d.ts.map +1 -0
package/dist/managers/connection-manager.js +176 -0
package/dist/managers/connection-manager.js.map +1 -0
package/dist/managers/index.d.ts +9 -0
package/dist/managers/index.d.ts.map +1 -0
package/dist/managers/index.js +16 -0
package/dist/managers/index.js.map +1 -0
package/dist/managers/message-router.d.ts +112 -0
package/dist/managers/message-router.d.ts.map +1 -0
package/dist/managers/message-router.js +260 -0
package/dist/managers/message-router.js.map +1 -0
package/dist/managers/room-manager.d.ts +165 -0
package/dist/managers/room-manager.d.ts.map +1 -0
package/dist/managers/room-manager.js +227 -0
package/dist/managers/room-manager.js.map +1 -0
package/dist/teneo-sdk.d.ts +703 -0
package/dist/teneo-sdk.d.ts.map +1 -0
package/dist/teneo-sdk.js +907 -0
package/dist/teneo-sdk.js.map +1 -0
package/dist/types/config.d.ts +1047 -0
package/dist/types/config.d.ts.map +1 -0
package/dist/types/config.js +720 -0
package/dist/types/config.js.map +1 -0
package/dist/types/error-codes.d.ts +29 -0
package/dist/types/error-codes.d.ts.map +1 -0
package/dist/types/error-codes.js +41 -0
package/dist/types/error-codes.js.map +1 -0
package/dist/types/events.d.ts +616 -0
package/dist/types/events.d.ts.map +1 -0
package/dist/types/events.js +261 -0
package/dist/types/events.js.map +1 -0
package/dist/types/health.d.ts +40 -0
package/dist/types/health.d.ts.map +1 -0
package/dist/types/health.js +6 -0
package/dist/types/health.js.map +1 -0
package/dist/types/index.d.ts +10 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +123 -0
package/dist/types/index.js.map +1 -0
package/dist/types/messages.d.ts +3734 -0
package/dist/types/messages.d.ts.map +1 -0
package/dist/types/messages.js +482 -0
package/dist/types/messages.js.map +1 -0
package/dist/types/validation.d.ts +81 -0
package/dist/types/validation.d.ts.map +1 -0
package/dist/types/validation.js +115 -0
package/dist/types/validation.js.map +1 -0
package/dist/utils/bounded-queue.d.ts +127 -0
package/dist/utils/bounded-queue.d.ts.map +1 -0
package/dist/utils/bounded-queue.js +181 -0
package/dist/utils/bounded-queue.js.map +1 -0
package/dist/utils/circuit-breaker.d.ts +141 -0
package/dist/utils/circuit-breaker.d.ts.map +1 -0
package/dist/utils/circuit-breaker.js +215 -0
package/dist/utils/circuit-breaker.js.map +1 -0
package/dist/utils/deduplication-cache.d.ts +110 -0
package/dist/utils/deduplication-cache.d.ts.map +1 -0
package/dist/utils/deduplication-cache.js +177 -0
package/dist/utils/deduplication-cache.js.map +1 -0
package/dist/utils/event-waiter.d.ts +101 -0
package/dist/utils/event-waiter.d.ts.map +1 -0
package/dist/utils/event-waiter.js +118 -0
package/dist/utils/event-waiter.js.map +1 -0
package/dist/utils/index.d.ts +51 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +72 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +22 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +91 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/rate-limiter.d.ts +122 -0
package/dist/utils/rate-limiter.d.ts.map +1 -0
package/dist/utils/rate-limiter.js +190 -0
package/dist/utils/rate-limiter.js.map +1 -0
package/dist/utils/retry-policy.d.ts +191 -0
package/dist/utils/retry-policy.d.ts.map +1 -0
package/dist/utils/retry-policy.js +225 -0
package/dist/utils/retry-policy.js.map +1 -0
package/dist/utils/secure-private-key.d.ts +113 -0
package/dist/utils/secure-private-key.d.ts.map +1 -0
package/dist/utils/secure-private-key.js +188 -0
package/dist/utils/secure-private-key.js.map +1 -0
package/dist/utils/signature-verifier.d.ts +143 -0
package/dist/utils/signature-verifier.d.ts.map +1 -0
package/dist/utils/signature-verifier.js +238 -0
package/dist/utils/signature-verifier.js.map +1 -0
package/dist/utils/ssrf-validator.d.ts +36 -0
package/dist/utils/ssrf-validator.d.ts.map +1 -0
package/dist/utils/ssrf-validator.js +195 -0
package/dist/utils/ssrf-validator.js.map +1 -0
package/examples/.env.example +17 -0
package/examples/basic-usage.ts +211 -0
package/examples/production-dashboard/.env.example +153 -0
package/examples/production-dashboard/package.json +39 -0
package/examples/production-dashboard/public/dashboard.html +642 -0
package/examples/production-dashboard/server.ts +753 -0
package/examples/webhook-integration.ts +239 -0
package/examples/x-influencer-battle-redesign.html +1065 -0
package/examples/x-influencer-battle-server.ts +217 -0
package/examples/x-influencer-battle.html +787 -0
package/package.json +65 -0
package/src/constants.ts +43 -0
package/src/core/websocket-client.test.ts +512 -0
package/src/core/websocket-client.ts +1056 -0
package/src/formatters/response-formatter.test.ts +571 -0
package/src/formatters/response-formatter.ts +677 -0
package/src/handlers/message-handler-registry.ts +239 -0
package/src/handlers/message-handlers/agent-selected-handler.ts +40 -0
package/src/handlers/message-handlers/agents-list-handler.ts +26 -0
package/src/handlers/message-handlers/auth-error-handler.ts +31 -0
package/src/handlers/message-handlers/auth-message-handler.ts +66 -0
package/src/handlers/message-handlers/auth-required-handler.ts +23 -0
package/src/handlers/message-handlers/auth-success-handler.ts +57 -0
package/src/handlers/message-handlers/base-handler.ts +101 -0
package/src/handlers/message-handlers/challenge-handler.ts +57 -0
package/src/handlers/message-handlers/error-message-handler.ts +27 -0
package/src/handlers/message-handlers/index.ts +77 -0
package/src/handlers/message-handlers/list-rooms-response-handler.ts +28 -0
package/src/handlers/message-handlers/ping-pong-handler.ts +30 -0
package/src/handlers/message-handlers/regular-message-handler.ts +65 -0
package/src/handlers/message-handlers/subscribe-response-handler.ts +47 -0
package/src/handlers/message-handlers/task-response-handler.ts +45 -0
package/src/handlers/message-handlers/types.ts +77 -0
package/src/handlers/message-handlers/unsubscribe-response-handler.ts +47 -0
package/src/handlers/webhook-handler.test.ts +789 -0
package/src/handlers/webhook-handler.ts +576 -0
package/src/index.ts +269 -0
package/src/managers/agent-registry.test.ts +466 -0
package/src/managers/agent-registry.ts +347 -0
package/src/managers/connection-manager.ts +195 -0
package/src/managers/index.ts +9 -0
package/src/managers/message-router.ts +349 -0
package/src/managers/room-manager.ts +248 -0
package/src/teneo-sdk.ts +1022 -0
package/src/types/config.test.ts +325 -0
package/src/types/config.ts +799 -0
package/src/types/error-codes.ts +44 -0
package/src/types/events.test.ts +302 -0
package/src/types/events.ts +382 -0
package/src/types/health.ts +46 -0
package/src/types/index.ts +199 -0
package/src/types/messages.test.ts +660 -0
package/src/types/messages.ts +570 -0
package/src/types/validation.ts +123 -0
package/src/utils/bounded-queue.test.ts +356 -0
package/src/utils/bounded-queue.ts +205 -0
package/src/utils/circuit-breaker.test.ts +394 -0
package/src/utils/circuit-breaker.ts +262 -0
package/src/utils/deduplication-cache.test.ts +380 -0
package/src/utils/deduplication-cache.ts +198 -0
package/src/utils/event-waiter.test.ts +381 -0
package/src/utils/event-waiter.ts +172 -0
package/src/utils/index.ts +74 -0
package/src/utils/logger.ts +87 -0
package/src/utils/rate-limiter.test.ts +341 -0
package/src/utils/rate-limiter.ts +211 -0
package/src/utils/retry-policy.test.ts +558 -0
package/src/utils/retry-policy.ts +272 -0
package/src/utils/secure-private-key.test.ts +356 -0
package/src/utils/secure-private-key.ts +205 -0
package/src/utils/signature-verifier.test.ts +464 -0
package/src/utils/signature-verifier.ts +298 -0
package/src/utils/ssrf-validator.test.ts +372 -0
package/src/utils/ssrf-validator.ts +224 -0
package/tests/integration/real-server.test.ts +740 -0
package/tests/integration/websocket.test.ts +381 -0
package/tests/integration-setup.ts +16 -0
package/tests/setup.ts +34 -0
package/tsconfig.json +32 -0
package/vitest.config.ts +42 -0
package/vitest.integration.config.ts +23 -0

package/src/types/messages.ts ADDED Viewed

@@ -0,0 +1,570 @@
+/**
+ * Core message schemas for Teneo Protocol SDK using Zod
+ * Provides runtime validation and TypeScript type inference
+ */
+import { z } from "zod";
+/**
+ * Coerces string booleans to actual booleans with strict validation.
+ * The server sometimes sends "true"/"false" as strings instead of actual booleans.
+ *
+ * Accepts:
+ * - Booleans: true, false
+ * - Truthy strings (case-insensitive): "true", "1", "yes"
+ * - Falsy strings (case-insensitive): "false", "0", "no"
+ *
+ * Rejects: Any other string value (throws validation error)
+ *
+ * @throws {ZodError} If string value is not a recognized boolean representation
+ */
+const stringToBoolean = z
+  .union([
+    z.boolean(),
+    z.string().transform((val, ctx) => {
+      const normalized = val.toLowerCase().trim();
+      // Accept truthy values
+      if (normalized === "true" || normalized === "1" || normalized === "yes") {
+        return true;
+      }
+      // Accept falsy values
+      if (normalized === "false" || normalized === "0" || normalized === "no") {
+        return false;
+      }
+      // Reject invalid values
+      ctx.addIssue({
+        code: z.ZodIssueCode.custom,
+        message: `Invalid boolean value: "${val}". Expected: true/false, yes/no, 1/0 (case-insensitive)`
+      });
+      return z.NEVER;
+    })
+  ])
+  .pipe(z.boolean());
+// Enum schemas
+export const MessageTypeSchema = z.enum([
+  "request_challenge",
+  "challenge",
+  "check_cached_auth",
+  "auth",
+  "auth_required",
+  "auth_success",
+  "auth_error",
+  "register",
+  "registration_success",
+  "message",
+  "task",
+  "task_response",
+  "agent_selected",
+  "agents",
+  "error",
+  "ping",
+  "pong",
+  "capabilities",
+  "subscribe",
+  "unsubscribe",
+  "list_rooms"
+]);
+export const ContentTypeSchema = z.enum([
+  "text/plain",
+  "text/markdown",
+  "text/html",
+  "application/json",
+  "image/*",
+  "STRING",
+  "JSON",
+  "MD",
+  "ARRAY"
+]);
+export const ClientTypeSchema = z.enum(["user", "agent", "coordinator"]);
+export const AgentTypeSchema = z.enum(["command", "nlp", "mcp"]);
+export const AgentStatusSchema = z.enum(["online", "offline"]);
+// Supporting schemas
+export const CapabilitySchema = z.object({
+  name: z.string(),
+  description: z.string()
+});
+export const CommandSchema = z.object({
+  trigger: z.string(),
+  argument: z.string().optional(),
+  description: z.string()
+});
+export const RoomSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  description: z.string().optional(),
+  is_public: stringToBoolean,
+  is_active: stringToBoolean,
+  created_by: z.string(),
+  created_at: z.string(),
+  updated_at: z.string()
+});
+export const AgentSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  description: z.string().optional(),
+  room: z.string().optional(),
+  capabilities: z.array(CapabilitySchema).optional(),
+  commands: z.array(CommandSchema).optional(),
+  status: AgentStatusSchema,
+  image: z.string().optional(),
+  agentType: AgentTypeSchema.optional(),
+  nlpFallback: stringToBoolean.optional(),
+  webhookUrl: z.string().url().optional()
+});
+// Base message schema
+export const BaseMessageSchema = z.object({
+  type: MessageTypeSchema,
+  content: z.any().optional(),
+  content_type: ContentTypeSchema.optional(),
+  from: z.string().optional(),
+  to: z.string().optional(),
+  room: z.string().optional(),
+  timestamp: z.string().optional(),
+  data: z.record(z.any()).optional(),
+  signature: z.string().optional(),
+  publicKey: z.string().optional(),
+  reasoning: z.string().optional(),
+  task_id: z.string().optional(),
+  id: z.string().optional() // Added for message tracking
+});
+// Authentication message schemas
+export const RequestChallengeMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("request_challenge"),
+  data: z.object({
+    userType: ClientTypeSchema,
+    address: z.string().optional()
+  })
+});
+export const ChallengeMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("challenge"),
+  data: z.object({
+    challenge: z.string(),
+    timestamp: z.number()
+  })
+});
+export const CheckCachedAuthMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("check_cached_auth"),
+  data: z.object({
+    address: z.string()
+  })
+});
+export const AuthRequiredMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("auth_required"),
+  content: z.string().optional(),
+  from: z.literal("system").optional(),
+  data: z
+    .object({
+      cache_ttl_hours: z.number().optional(),
+      supported_auth_methods: z.array(z.string()).optional(),
+      supports_cache_check: z.boolean().optional()
+    })
+    .optional()
+});
+export const AuthMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("auth"),
+  data: z
+    .object({
+      address: z.string().optional(),
+      signature: z.string().optional(),
+      message: z.string().optional(),
+      userType: ClientTypeSchema.optional(),
+      agentName: z.string().optional(),
+      id: z.string().optional(),
+      type: ClientTypeSchema.optional(),
+      nft_verified: stringToBoolean.optional(),
+      is_whitelisted: stringToBoolean.optional(),
+      is_admin_whitelisted: stringToBoolean.optional(),
+      rooms: z.array(RoomSchema).optional(),
+      private_room_id: z.string().optional(),
+      cached_auth: stringToBoolean.optional()
+    })
+    .optional()
+});
+export const AuthSuccessMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("auth_success"),
+  data: z.object({
+    id: z.string(),
+    type: ClientTypeSchema,
+    address: z.string(),
+    nft_verified: stringToBoolean.optional(),
+    is_whitelisted: stringToBoolean.optional(),
+    is_admin_whitelisted: stringToBoolean.optional(),
+    rooms: z.array(RoomSchema).optional(),
+    private_room_id: z.string().optional(),
+    cached_auth: stringToBoolean.optional()
+  })
+});
+export const AuthErrorMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("auth_error"),
+  data: z.object({
+    error: z.string(),
+    code: z.number().optional()
+  })
+});
+// Registration message schemas
+export const RegisterMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("register"),
+  data: z.object({
+    name: z.string().optional(),
+    userType: ClientTypeSchema,
+    room: z.string(),
+    capabilities: z.array(CapabilitySchema).optional(),
+    commands: z.array(CommandSchema).optional(),
+    nft_token_id: z.string().optional(),
+    wallet_address: z.string().optional(),
+    challenge: z.string().optional(),
+    challenge_response: z.string().optional()
+  })
+});
+export const RegistrationSuccessMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("registration_success"),
+  data: z.object({
+    agent_id: z.string(),
+    name: z.string(),
+    room: z.string()
+  })
+});
+// Communication message schemas
+export const UserMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("message"),
+  content: z.string(),
+  room: z.string().optional()
+});
+export const TaskMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("task"),
+  content: z.string(),
+  from: z.literal("coordinator"),
+  to: z.string(),
+  room: z.string(),
+  data: z.object({
+    task_id: z.string(),
+    user_prompt: z.string(),
+    requesting_user_id: z.string(),
+    room_id: z.string()
+  })
+});
+export const TaskResponseMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("task_response"),
+  content: z.string(),
+  content_type: ContentTypeSchema,
+  from: z.string(),
+  data: z.object({
+    task_id: z.string(),
+    agent_name: z.string().optional(),
+    success: stringToBoolean.optional(),
+    error: z.string().optional()
+  })
+});
+export const AgentSelectedMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("agent_selected"),
+  content: z.string(),
+  from: z.literal("coordinator"),
+  reasoning: z.string(),
+  data: z.object({
+    agent_id: z.string(),
+    agent_name: z.string(),
+    capabilities: z.array(CapabilitySchema).optional(),
+    user_request: z.string(),
+    command: z.string().optional(),
+    command_reasoning: z.string().optional()
+  })
+});
+// System message schemas
+export const AgentsListMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("agents"),
+  from: z.literal("system"),
+  data: z.array(AgentSchema)
+});
+export const ErrorMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("error"),
+  content: z.string(),
+  from: z.literal("system"),
+  data: z.object({
+    code: z.number(),
+    message: z.string(),
+    details: z.any().optional()
+  })
+});
+export const PingMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("ping")
+});
+export const PongMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("pong")
+});
+// Room subscription schemas
+export const SubscribeMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("subscribe"),
+  data: z.object({
+    room_id: z.string()
+  })
+});
+export const UnsubscribeMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("unsubscribe"),
+  data: z.object({
+    room_id: z.string()
+  })
+});
+export const ListRoomsMessageSchema = BaseMessageSchema.extend({
+  type: z.literal("list_rooms")
+});
+export const SubscribeResponseSchema = BaseMessageSchema.extend({
+  type: z.literal("subscribe"),
+  data: z.object({
+    room_id: z.string(),
+    success: z.boolean(),
+    message: z.string(),
+    subscriptions: z.array(z.string()).optional()
+  })
+});
+export const UnsubscribeResponseSchema = BaseMessageSchema.extend({
+  type: z.literal("unsubscribe"),
+  data: z.object({
+    room_id: z.string(),
+    success: z.boolean(),
+    message: z.string(),
+    subscriptions: z.array(z.string()).optional()
+  })
+});
+export const RoomInfoSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  description: z.string().optional().nullable(),
+  is_public: z.boolean(),
+  created_at: z.string(),
+  updated_at: z.string(),
+  is_owner: z.boolean()
+});
+export const ListRoomsResponseSchema = BaseMessageSchema.extend({
+  type: z.literal("list_rooms"),
+  data: z.object({
+    rooms: z.array(RoomInfoSchema)
+  })
+});
+// Union of all INCOMING message schemas for validation
+// Note: Outgoing message schemas (Subscribe, Unsubscribe, ListRooms) are excluded
+// as they share the same type values with their response counterparts
+export const AnyMessageSchema = z.discriminatedUnion("type", [
+  RequestChallengeMessageSchema,
+  ChallengeMessageSchema,
+  CheckCachedAuthMessageSchema,
+  AuthRequiredMessageSchema,
+  AuthMessageSchema,
+  AuthSuccessMessageSchema,
+  AuthErrorMessageSchema,
+  RegisterMessageSchema,
+  RegistrationSuccessMessageSchema,
+  UserMessageSchema,
+  TaskMessageSchema,
+  TaskResponseMessageSchema,
+  AgentSelectedMessageSchema,
+  AgentsListMessageSchema,
+  ErrorMessageSchema,
+  PingMessageSchema,
+  PongMessageSchema,
+  // Only response schemas for room operations (not outgoing request schemas)
+  SubscribeResponseSchema,
+  UnsubscribeResponseSchema,
+  ListRoomsResponseSchema
+]);
+// Type inference from schemas
+export type MessageType = z.infer<typeof MessageTypeSchema>;
+export type ContentType = z.infer<typeof ContentTypeSchema>;
+export type ClientType = z.infer<typeof ClientTypeSchema>;
+export type AgentType = z.infer<typeof AgentTypeSchema>;
+export type AgentStatus = z.infer<typeof AgentStatusSchema>;
+export type Capability = z.infer<typeof CapabilitySchema>;
+export type Command = z.infer<typeof CommandSchema>;
+export type Room = z.infer<typeof RoomSchema>;
+export type Agent = z.infer<typeof AgentSchema>;
+export type BaseMessage = z.infer<typeof BaseMessageSchema>;
+export type RequestChallengeMessage = z.infer<typeof RequestChallengeMessageSchema>;
+export type ChallengeMessage = z.infer<typeof ChallengeMessageSchema>;
+export type CheckCachedAuthMessage = z.infer<typeof CheckCachedAuthMessageSchema>;
+export type AuthRequiredMessage = z.infer<typeof AuthRequiredMessageSchema>;
+export type AuthMessage = z.infer<typeof AuthMessageSchema>;
+export type AuthSuccessMessage = z.infer<typeof AuthSuccessMessageSchema>;
+export type AuthErrorMessage = z.infer<typeof AuthErrorMessageSchema>;
+export type RegisterMessage = z.infer<typeof RegisterMessageSchema>;
+export type RegistrationSuccessMessage = z.infer<typeof RegistrationSuccessMessageSchema>;
+export type UserMessage = z.infer<typeof UserMessageSchema>;
+export type TaskMessage = z.infer<typeof TaskMessageSchema>;
+export type TaskResponseMessage = z.infer<typeof TaskResponseMessageSchema>;
+export type AgentSelectedMessage = z.infer<typeof AgentSelectedMessageSchema>;
+export type AgentsListMessage = z.infer<typeof AgentsListMessageSchema>;
+export type ErrorMessage = z.infer<typeof ErrorMessageSchema>;
+export type PingMessage = z.infer<typeof PingMessageSchema>;
+export type PongMessage = z.infer<typeof PongMessageSchema>;
+export type SubscribeMessage = z.infer<typeof SubscribeMessageSchema>;
+export type UnsubscribeMessage = z.infer<typeof UnsubscribeMessageSchema>;
+export type ListRoomsMessage = z.infer<typeof ListRoomsMessageSchema>;
+export type SubscribeResponse = z.infer<typeof SubscribeResponseSchema>;
+export type UnsubscribeResponse = z.infer<typeof UnsubscribeResponseSchema>;
+export type RoomInfo = z.infer<typeof RoomInfoSchema>;
+export type ListRoomsResponse = z.infer<typeof ListRoomsResponseSchema>;
+export type AnyMessage = z.infer<typeof AnyMessageSchema>;
+// Type guards using Zod parse
+export function isAuthSuccess(msg: unknown): msg is AuthSuccessMessage {
+  return AuthSuccessMessageSchema.safeParse(msg).success;
+}
+export function isAuthError(msg: unknown): msg is AuthErrorMessage {
+  return AuthErrorMessageSchema.safeParse(msg).success;
+}
+export function isAuth(msg: unknown): msg is AuthMessage {
+  return AuthMessageSchema.safeParse(msg).success;
+}
+export function isChallenge(msg: unknown): msg is ChallengeMessage {
+  return ChallengeMessageSchema.safeParse(msg).success;
+}
+export function isAgentSelected(msg: unknown): msg is AgentSelectedMessage {
+  return AgentSelectedMessageSchema.safeParse(msg).success;
+}
+export function isTaskResponse(msg: unknown): msg is TaskResponseMessage {
+  return TaskResponseMessageSchema.safeParse(msg).success;
+}
+export function isError(msg: unknown): msg is ErrorMessage {
+  return ErrorMessageSchema.safeParse(msg).success;
+}
+export function isAgentsList(msg: unknown): msg is AgentsListMessage {
+  return AgentsListMessageSchema.safeParse(msg).success;
+}
+// Message factory functions with validation
+export function createRequestChallenge(
+  userType: ClientType = "user",
+  address?: string
+): RequestChallengeMessage {
+  return RequestChallengeMessageSchema.parse({
+    type: "request_challenge",
+    data: {
+      userType,
+      ...(address && { address })
+    }
+  });
+}
+export function createCheckCachedAuth(address: string): CheckCachedAuthMessage {
+  return CheckCachedAuthMessageSchema.parse({
+    type: "check_cached_auth",
+    data: { address }
+  });
+}
+export function createAuth(
+  address: string,
+  signature: string,
+  message: string,
+  userType: ClientType = "user"
+): AuthMessage {
+  return AuthMessageSchema.parse({
+    type: "auth",
+    data: {
+      address,
+      signature,
+      message,
+      userType
+    }
+  });
+}
+export function createUserMessage(content: string, room: string, from?: string): UserMessage {
+  return UserMessageSchema.parse({
+    type: "message",
+    content,
+    room,
+    ...(from && { from })
+  });
+}
+export function createPing(): PingMessage {
+  return PingMessageSchema.parse({
+    type: "ping"
+  });
+}
+export function createSubscribe(roomId: string): SubscribeMessage {
+  return SubscribeMessageSchema.parse({
+    type: "subscribe",
+    data: { room_id: roomId }
+  });
+}
+export function createUnsubscribe(roomId: string): UnsubscribeMessage {
+  return UnsubscribeMessageSchema.parse({
+    type: "unsubscribe",
+    data: { room_id: roomId }
+  });
+}
+export function createListRooms(): ListRoomsMessage {
+  return ListRoomsMessageSchema.parse({
+    type: "list_rooms"
+  });
+}
+// Validation helper
+export function validateMessage(message: unknown): AnyMessage {
+  return AnyMessageSchema.parse(message);
+}
+// Safe parse helper
+export function safeParseMessage(message: unknown): {
+  success: boolean;
+  data?: AnyMessage;
+  error?: z.ZodError;
+} {
+  const result = AnyMessageSchema.safeParse(message);
+  if (result.success) {
+    return { success: true, data: result.data };
+  }
+  return { success: false, error: result.error };
+}

package/src/types/validation.ts ADDED Viewed

@@ -0,0 +1,123 @@
+/**
+ * Validation schemas for user inputs
+ * Provides strict validation with length limits, character restrictions, and format requirements
+ */
+import { z } from "zod";
+/**
+ * Validates room IDs with strict constraints.
+ * - Must not be empty
+ * - Maximum 100 characters
+ * - Only alphanumeric characters, spaces, dashes, and underscores allowed
+ * - Automatically trims whitespace
+ *
+ * @example
+ * ```typescript
+ * const roomId = RoomIdSchema.parse('general-chat'); // OK
+ * const roomId = RoomIdSchema.parse('room_123'); // OK
+ * const roomId = RoomIdSchema.parse('Crawler Room'); // OK
+ * const roomId = RoomIdSchema.parse('invalid room!'); // Error: invalid characters
+ * ```
+ */
+export const RoomIdSchema = z
+  .string()
+  .min(1, "Room ID cannot be empty")
+  .max(100, "Room ID must be 100 characters or less")
+  .regex(/^[a-zA-Z0-9_\- ]+$/, "Room ID can only contain letters, numbers, spaces, dashes, and underscores")
+  .trim();
+/**
+ * Validates agent IDs with strict constraints.
+ * - Must not be empty
+ * - Maximum 100 characters
+ * - Only alphanumeric characters, dashes, and underscores allowed
+ * - Automatically trims whitespace
+ *
+ * @example
+ * ```typescript
+ * const agentId = AgentIdSchema.parse('agent-123'); // OK
+ * const agentId = AgentIdSchema.parse('my_agent'); // OK
+ * const agentId = AgentIdSchema.parse('invalid agent!'); // Error: invalid characters
+ * ```
+ */
+export const AgentIdSchema = z
+  .string()
+  .min(1, "Agent ID cannot be empty")
+  .max(100, "Agent ID must be 100 characters or less")
+  .regex(/^[a-zA-Z0-9_-]+$/, "Agent ID can only contain letters, numbers, dashes, and underscores")
+  .trim();
+/**
+ * Validates message content with strict constraints.
+ * - Must not be empty
+ * - Maximum 10,000 characters to prevent abuse
+ * - No control characters (except newline, tab, carriage return)
+ * - Automatically trims whitespace
+ *
+ * @example
+ * ```typescript
+ * const content = MessageContentSchema.parse('Hello, world!'); // OK
+ * const content = MessageContentSchema.parse('Multi\nline\nmessage'); // OK
+ * const content = MessageContentSchema.parse('\x00Bad content'); // Error: control characters
+ * ```
+ */
+export const MessageContentSchema = z
+  .string()
+  .trim()
+  .min(1, "Message content cannot be empty")
+  .max(10000, "Message content must be 10,000 characters or less")
+  .refine(
+    // eslint-disable-next-line no-control-regex -- Intentionally checking for control characters to prevent injection
+    (str) => !/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/.test(str),
+    "Message content cannot contain control characters"
+  );
+/**
+ * Validates agent command content (string) with strict constraints.
+ * - Must not be empty
+ * - Maximum 5,000 characters
+ * - No control characters (except newline, tab, carriage return)
+ * - Automatically trims whitespace
+ *
+ * @example
+ * ```typescript
+ * const command = AgentCommandContentSchema.parse('execute task'); // OK
+ * const command = AgentCommandContentSchema.parse('multi\nline\ncommand'); // OK
+ * const command = AgentCommandContentSchema.parse('\x00Bad'); // Error: control characters
+ * ```
+ */
+export const AgentCommandContentSchema = z
+  .string()
+  .trim()
+  .min(1, "Agent command cannot be empty")
+  .max(5000, "Agent command must be 5,000 characters or less")
+  .refine(
+    // eslint-disable-next-line no-control-regex -- Intentionally checking for control characters to prevent injection
+    (str) => !/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/.test(str),
+    "Agent command cannot contain control characters"
+  );
+/**
+ * Validates search queries with strict constraints.
+ * - Must not be empty
+ * - Maximum 200 characters (reasonable for search)
+ * - No control characters
+ * - Automatically trims whitespace
+ *
+ * @example
+ * ```typescript
+ * const query = SearchQuerySchema.parse('find agents'); // OK
+ * const query = SearchQuerySchema.parse('\x00Bad query'); // Error: control characters
+ * ```
+ */
+export const SearchQuerySchema = z
+  .string()
+  .trim()
+  .min(1, "Search query cannot be empty")
+  .max(200, "Search query must be 200 characters or less")
+  .refine(
+    // eslint-disable-next-line no-control-regex -- Intentionally checking for control characters to prevent injection
+    (str) => !/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/.test(str),
+    "Search query cannot contain control characters"
+  );