npm - @variojs/core - Versions diffs - 0.1.0 - Mend

@variojs/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/__tests__/README.md +101 -0
package/__tests__/errors.test.ts +139 -0
package/__tests__/expression/cache.test.ts +118 -0
package/__tests__/expression/compiler.test.ts +111 -0
package/__tests__/expression/evaluate.test.ts +95 -0
package/__tests__/expression/parser.test.ts +57 -0
package/__tests__/expression/whitelist.test.ts +59 -0
package/__tests__/performance.test.ts +379 -0
package/__tests__/runtime/create-context.test.ts +78 -0
package/__tests__/runtime/loop-context-pool.test.ts +74 -0
package/__tests__/runtime/path.test.ts +128 -0
package/__tests__/vm/executor-timeout.test.ts +117 -0
package/__tests__/vm/executor.test.ts +173 -0
package/__tests__/vm/handlers/array.test.ts +113 -0
package/__tests__/vm/handlers/call.test.ts +93 -0
package/dist/errors.d.ts +100 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +132 -0
package/dist/errors.js.map +1 -0
package/dist/expression/cache.d.ts +53 -0
package/dist/expression/cache.d.ts.map +1 -0
package/dist/expression/cache.js +158 -0
package/dist/expression/cache.js.map +1 -0
package/dist/expression/compiler.d.ts +34 -0
package/dist/expression/compiler.d.ts.map +1 -0
package/dist/expression/compiler.js +123 -0
package/dist/expression/compiler.js.map +1 -0
package/dist/expression/dependencies.d.ts +17 -0
package/dist/expression/dependencies.d.ts.map +1 -0
package/dist/expression/dependencies.js +106 -0
package/dist/expression/dependencies.js.map +1 -0
package/dist/expression/evaluate.d.ts +22 -0
package/dist/expression/evaluate.d.ts.map +1 -0
package/dist/expression/evaluate.js +75 -0
package/dist/expression/evaluate.js.map +1 -0
package/dist/expression/evaluator.d.ts +22 -0
package/dist/expression/evaluator.d.ts.map +1 -0
package/dist/expression/evaluator.js +506 -0
package/dist/expression/evaluator.js.map +1 -0
package/dist/expression/index.d.ts +12 -0
package/dist/expression/index.d.ts.map +1 -0
package/dist/expression/index.js +12 -0
package/dist/expression/index.js.map +1 -0
package/dist/expression/parser.d.ts +15 -0
package/dist/expression/parser.d.ts.map +1 -0
package/dist/expression/parser.js +42 -0
package/dist/expression/parser.js.map +1 -0
package/dist/expression/utils.d.ts +46 -0
package/dist/expression/utils.d.ts.map +1 -0
package/dist/expression/utils.js +78 -0
package/dist/expression/utils.js.map +1 -0
package/dist/expression/whitelist.d.ts +24 -0
package/dist/expression/whitelist.d.ts.map +1 -0
package/dist/expression/whitelist.js +198 -0
package/dist/expression/whitelist.js.map +1 -0
package/dist/index.d.ts +19 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +21 -0
package/dist/index.js.map +1 -0
package/dist/runtime/context.d.ts +8 -0
package/dist/runtime/context.d.ts.map +1 -0
package/dist/runtime/context.js +7 -0
package/dist/runtime/context.js.map +1 -0
package/dist/runtime/create-context.d.ts +50 -0
package/dist/runtime/create-context.d.ts.map +1 -0
package/dist/runtime/create-context.js +73 -0
package/dist/runtime/create-context.js.map +1 -0
package/dist/runtime/index.d.ts +10 -0
package/dist/runtime/index.d.ts.map +1 -0
package/dist/runtime/index.js +10 -0
package/dist/runtime/index.js.map +1 -0
package/dist/runtime/loop-context-pool.d.ts +58 -0
package/dist/runtime/loop-context-pool.d.ts.map +1 -0
package/dist/runtime/loop-context-pool.js +114 -0
package/dist/runtime/loop-context-pool.js.map +1 -0
package/dist/runtime/path.d.ts +114 -0
package/dist/runtime/path.d.ts.map +1 -0
package/dist/runtime/path.js +302 -0
package/dist/runtime/path.js.map +1 -0
package/dist/runtime/proxy.d.ts +18 -0
package/dist/runtime/proxy.d.ts.map +1 -0
package/dist/runtime/proxy.js +53 -0
package/dist/runtime/proxy.js.map +1 -0
package/dist/runtime/sandbox.d.ts +20 -0
package/dist/runtime/sandbox.d.ts.map +1 -0
package/dist/runtime/sandbox.js +32 -0
package/dist/runtime/sandbox.js.map +1 -0
package/dist/types.d.ts +175 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +22 -0
package/dist/types.js.map +1 -0
package/dist/vm/action.d.ts +11 -0
package/dist/vm/action.d.ts.map +1 -0
package/dist/vm/action.js +10 -0
package/dist/vm/action.js.map +1 -0
package/dist/vm/errors.d.ts +5 -0
package/dist/vm/errors.d.ts.map +1 -0
package/dist/vm/errors.js +5 -0
package/dist/vm/errors.js.map +1 -0
package/dist/vm/executor.d.ts +35 -0
package/dist/vm/executor.d.ts.map +1 -0
package/dist/vm/executor.js +137 -0
package/dist/vm/executor.js.map +1 -0
package/dist/vm/handlers/array/pop.d.ts +12 -0
package/dist/vm/handlers/array/pop.d.ts.map +1 -0
package/dist/vm/handlers/array/pop.js +28 -0
package/dist/vm/handlers/array/pop.js.map +1 -0
package/dist/vm/handlers/array/push.d.ts +13 -0
package/dist/vm/handlers/array/push.d.ts.map +1 -0
package/dist/vm/handlers/array/push.js +42 -0
package/dist/vm/handlers/array/push.js.map +1 -0
package/dist/vm/handlers/array/shift.d.ts +12 -0
package/dist/vm/handlers/array/shift.d.ts.map +1 -0
package/dist/vm/handlers/array/shift.js +28 -0
package/dist/vm/handlers/array/shift.js.map +1 -0
package/dist/vm/handlers/array/splice.d.ts +12 -0
package/dist/vm/handlers/array/splice.d.ts.map +1 -0
package/dist/vm/handlers/array/splice.js +59 -0
package/dist/vm/handlers/array/splice.js.map +1 -0
package/dist/vm/handlers/array/unshift.d.ts +13 -0
package/dist/vm/handlers/array/unshift.d.ts.map +1 -0
package/dist/vm/handlers/array/unshift.js +42 -0
package/dist/vm/handlers/array/unshift.js.map +1 -0
package/dist/vm/handlers/array/utils.d.ts +10 -0
package/dist/vm/handlers/array/utils.d.ts.map +1 -0
package/dist/vm/handlers/array/utils.js +33 -0
package/dist/vm/handlers/array/utils.js.map +1 -0
package/dist/vm/handlers/batch.d.ts +12 -0
package/dist/vm/handlers/batch.d.ts.map +1 -0
package/dist/vm/handlers/batch.js +40 -0
package/dist/vm/handlers/batch.js.map +1 -0
package/dist/vm/handlers/call.d.ts +14 -0
package/dist/vm/handlers/call.d.ts.map +1 -0
package/dist/vm/handlers/call.js +65 -0
package/dist/vm/handlers/call.js.map +1 -0
package/dist/vm/handlers/emit.d.ts +12 -0
package/dist/vm/handlers/emit.d.ts.map +1 -0
package/dist/vm/handlers/emit.js +26 -0
package/dist/vm/handlers/emit.js.map +1 -0
package/dist/vm/handlers/if.d.ts +13 -0
package/dist/vm/handlers/if.d.ts.map +1 -0
package/dist/vm/handlers/if.js +35 -0
package/dist/vm/handlers/if.js.map +1 -0
package/dist/vm/handlers/index.d.ts +11 -0
package/dist/vm/handlers/index.d.ts.map +1 -0
package/dist/vm/handlers/index.js +46 -0
package/dist/vm/handlers/index.js.map +1 -0
package/dist/vm/handlers/log.d.ts +12 -0
package/dist/vm/handlers/log.d.ts.map +1 -0
package/dist/vm/handlers/log.js +41 -0
package/dist/vm/handlers/log.js.map +1 -0
package/dist/vm/handlers/loop.d.ts +12 -0
package/dist/vm/handlers/loop.d.ts.map +1 -0
package/dist/vm/handlers/loop.js +71 -0
package/dist/vm/handlers/loop.js.map +1 -0
package/dist/vm/handlers/navigate.d.ts +12 -0
package/dist/vm/handlers/navigate.d.ts.map +1 -0
package/dist/vm/handlers/navigate.js +43 -0
package/dist/vm/handlers/navigate.js.map +1 -0
package/dist/vm/handlers/set.d.ts +15 -0
package/dist/vm/handlers/set.d.ts.map +1 -0
package/dist/vm/handlers/set.js +30 -0
package/dist/vm/handlers/set.js.map +1 -0
package/dist/vm/index.d.ts +8 -0
package/dist/vm/index.d.ts.map +1 -0
package/dist/vm/index.js +7 -0
package/dist/vm/index.js.map +1 -0
package/package.json +34 -0
package/src/errors.ts +194 -0
package/src/expression/README.md +192 -0
package/src/expression/cache.ts +199 -0
package/src/expression/compiler.ts +144 -0
package/src/expression/dependencies.ts +116 -0
package/src/expression/evaluate.ts +95 -0
package/src/expression/evaluator.ts +640 -0
package/src/expression/index.ts +27 -0
package/src/expression/parser.ts +54 -0
package/src/expression/utils.ts +89 -0
package/src/expression/whitelist.ts +224 -0
package/src/globals.d.ts +10 -0
package/src/index.ts +72 -0
package/src/runtime/context.ts +8 -0
package/src/runtime/create-context.ts +133 -0
package/src/runtime/index.ts +28 -0
package/src/runtime/loop-context-pool.ts +134 -0
package/src/runtime/path.ts +372 -0
package/src/runtime/proxy.ts +66 -0
package/src/runtime/sandbox.ts +43 -0
package/src/types.ts +177 -0
package/src/vm/errors.ts +10 -0
package/src/vm/executor.ts +210 -0
package/src/vm/handlers/array/pop.ts +47 -0
package/src/vm/handlers/array/push.ts +68 -0
package/src/vm/handlers/array/shift.ts +47 -0
package/src/vm/handlers/array/splice.ts +78 -0
package/src/vm/handlers/array/unshift.ts +68 -0
package/src/vm/handlers/array/utils.ts +41 -0
package/src/vm/handlers/batch.ts +57 -0
package/src/vm/handlers/call.ts +92 -0
package/src/vm/handlers/emit.ts +39 -0
package/src/vm/handlers/if.ts +48 -0
package/src/vm/handlers/index.ts +52 -0
package/src/vm/handlers/log.ts +54 -0
package/src/vm/handlers/loop.ts +102 -0
package/src/vm/handlers/navigate.ts +64 -0
package/src/vm/handlers/set.ts +43 -0
package/src/vm/index.ts +8 -0
package/tsconfig.json +17 -0
package/vitest.config.ts +30 -0

package/dist/expression/evaluate.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * 表达式求值入口函数
+ *
+ * 整合解析、验证、缓存、求值流程
+ */
+import type { RuntimeContext, ExpressionOptions } from '../types.js';
+/**
+ * 求值表达式（完整流程）
+ *
+ * @param expr 表达式字符串
+ * @param ctx 运行时上下文
+ * @returns 求值结果（类型无法静态推导，返回 unknown）
+ *
+ * 注意：表达式求值结果类型无法在编译时确定，因为：
+ * 1. 表达式是运行时字符串
+ * 2. 状态类型是动态的
+ * 3. 表达式可能返回任意类型
+ *
+ * 如果需要类型安全，应在使用结果时进行类型守卫或类型断言
+ */
+export declare function evaluate(expr: string, ctx: RuntimeContext, options?: ExpressionOptions): unknown;
+//# sourceMappingURL=evaluate.d.ts.map

package/dist/expression/evaluate.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/expression/evaluate.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAYpE;;;;;;;;;;;;;GAaG;AACH,wBAAgB,QAAQ,CACtB,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,cAAc,EACnB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CA0DT"}

package/dist/expression/evaluate.js ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * 表达式求值入口函数
+ *
+ * 整合解析、验证、缓存、求值流程
+ */
+import { ExpressionError, ErrorCodes } from '../errors.js';
+import { parseExpression } from './parser.js';
+import { validateAST } from './whitelist.js';
+import { evaluateExpression } from './evaluator.js';
+import { extractDependencies } from './dependencies.js';
+import { getCompiledExpression } from './compiler.js';
+import { getCachedExpression, setCachedExpression, } from './cache.js';
+/**
+ * 求值表达式（完整流程）
+ *
+ * @param expr 表达式字符串
+ * @param ctx 运行时上下文
+ * @returns 求值结果（类型无法静态推导，返回 unknown）
+ *
+ * 注意：表达式求值结果类型无法在编译时确定，因为：
+ * 1. 表达式是运行时字符串
+ * 2. 状态类型是动态的
+ * 3. 表达式可能返回任意类型
+ *
+ * 如果需要类型安全，应在使用结果时进行类型守卫或类型断言
+ */
+export function evaluate(expr, ctx, options = {}) {
+    try {
+        // 合并选项：ctx.$exprOptions 优先级低于直接传入的 options
+        const mergedOptions = {
+            ...ctx.$exprOptions,
+            ...options
+        };
+        // 1. 检查结果缓存
+        const cached = getCachedExpression(expr, ctx);
+        if (cached !== null) {
+            return cached;
+        }
+        // 2. 解析为 AST
+        const ast = parseExpression(expr);
+        // 3. AST 白名单校验（传递 allowGlobals 和 maxNestingDepth 选项）
+        validateAST(ast, {
+            allowGlobals: mergedOptions.allowGlobals,
+            maxNestingDepth: mergedOptions.maxNestingDepth
+        });
+        // 4. 尝试使用编译缓存（简单表达式）
+        const compiled = getCompiledExpression(expr, ast);
+        if (compiled) {
+            const result = compiled(ctx);
+            // 提取依赖并缓存结果
+            const dependencies = extractDependencies(ast);
+            setCachedExpression(expr, result, dependencies, ctx);
+            return result;
+        }
+        // 5. 复杂表达式，使用解释执行
+        const result = evaluateExpression(ast, ctx, mergedOptions);
+        // 6. 提取依赖并缓存
+        const dependencies = extractDependencies(ast);
+        setCachedExpression(expr, result, dependencies, ctx);
+        return result;
+    }
+    catch (error) {
+        if (error instanceof ExpressionError) {
+            throw error;
+        }
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        throw new ExpressionError(expr, `Expression evaluation failed: ${errorMessage}`, ErrorCodes.EXPRESSION_EVALUATION_ERROR, {
+            metadata: {
+                originalError: error instanceof Error ? error.name : 'Unknown',
+                stack: error instanceof Error ? error.stack?.split('\n').slice(0, 5) : undefined
+            }
+        });
+    }
+}
+//# sourceMappingURL=evaluate.js.map

package/dist/expression/evaluate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"evaluate.js","sourceRoot":"","sources":["../../src/expression/evaluate.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAA;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAA;AACrD,OAAO,EACL,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,YAAY,CAAA;AAEnB;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,QAAQ,CACtB,IAAY,EACZ,GAAmB,EACnB,UAA6B,EAAE;IAE/B,IAAI,CAAC;QACH,2CAA2C;QAC3C,MAAM,aAAa,GAAG;YACpB,GAAG,GAAG,CAAC,YAAY;YACnB,GAAG,OAAO;SACX,CAAA;QAED,YAAY;QACZ,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;QAC7C,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,MAAM,CAAA;QACf,CAAC;QAED,aAAa;QACb,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,CAAA;QAEjC,qDAAqD;QACrD,WAAW,CAAC,GAAG,EAAE;YACf,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC,CAAA;QAEF,qBAAqB;QACrB,MAAM,QAAQ,GAAG,qBAAqB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;QACjD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;YAC5B,YAAY;YACZ,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAA;YAC7C,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,CAAC,CAAA;YACpD,OAAO,MAAM,CAAA;QACf,CAAC;QAED,kBAAkB;QAClB,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,aAAa,CAAC,CAAA;QAE1D,aAAa;QACb,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAA;QAC7C,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,CAAC,CAAA;QAEpD,OAAO,MAAM,CAAA;IACf,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;YACrC,MAAM,KAAK,CAAA;QACb,CAAC;QACD,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC3E,MAAM,IAAI,eAAe,CACvB,IAAI,EACJ,iCAAiC,YAAY,EAAE,EAC/C,UAAU,CAAC,2BAA2B,EACtC;YACE,QAAQ,EAAE;gBACR,aAAa,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;gBAC9D,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;aACjF;SACF,CACF,CAAA;IACH,CAAC;AACH,CAAC"}

package/dist/expression/evaluator.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * 表达式求值器
+ *
+ * 功能：
+ * - 安全求值 AST
+ * - 支持白名单函数调用
+ * - 执行步数/时间限制
+ */
+import type * as ESTree from '@babel/types';
+import type { RuntimeContext, ExpressionOptions } from '../types.js';
+/**
+ * 安全求值 AST
+ *
+ * @param ast AST 节点
+ * @param ctx 运行时上下文
+ * @param options 求值选项
+ * @returns 求值结果（类型无法静态推导）
+ *
+ * 注意：表达式求值结果类型无法在编译时确定，返回 unknown
+ */
+export declare function evaluateExpression(ast: ESTree.Node, ctx: RuntimeContext, options?: ExpressionOptions): unknown;
+//# sourceMappingURL=evaluator.d.ts.map

package/dist/expression/evaluator.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"evaluator.d.ts","sourceRoot":"","sources":["../../src/expression/evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,KAAK,MAAM,MAAM,cAAc,CAAA;AAC3C,OAAO,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAoFpE;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,MAAM,CAAC,IAAI,EAChB,GAAG,EAAE,cAAc,EACnB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAmhBT"}

package/dist/expression/evaluator.js ADDED Viewed

@@ -0,0 +1,506 @@
+/**
+ * 表达式求值器
+ *
+ * 功能：
+ * - 安全求值 AST
+ * - 支持白名单函数调用
+ * - 执行步数/时间限制
+ */
+import { ExpressionError, ErrorCodes } from '../errors.js';
+import { isSafePropertyAccess } from '../runtime/sandbox.js';
+/**
+ * 白名单全局函数
+ */
+const WHITELISTED_GLOBALS = new Set([
+    'String', 'Number', 'Boolean', 'BigInt', 'Symbol',
+    'Array', 'Object', 'Math', 'Date',
+]);
+/**
+ * 白名单函数（带命名空间）
+ */
+const WHITELISTED_FUNCTIONS = new Set([
+    'Array.isArray',
+    'Object.is',
+    'Number.isFinite',
+    'Number.isInteger',
+    'Number.isNaN',
+    'Number.isSafeInteger',
+    'Math.abs',
+    'Math.round',
+    'Math.floor',
+    'Math.ceil',
+    'Math.random',
+    'Math.max',
+    'Math.min',
+    'Date.now',
+]);
+/**
+ * 安全的数组方法（只读或返回新数组，不修改原状态）
+ */
+const SAFE_ARRAY_METHODS = new Set([
+    // 返回新数组
+    'slice',
+    'concat',
+    'filter',
+    'map',
+    'flat',
+    'flatMap',
+    'toReversed', // ES2023 不修改原数组的 reverse
+    'toSorted', // ES2023 不修改原数组的 sort
+    'toSpliced', // ES2023 不修改原数组的 splice
+    'with', // ES2023 不修改原数组的索引赋值
+    // 只读方法
+    'indexOf',
+    'lastIndexOf',
+    'includes',
+    'find',
+    'findIndex',
+    'findLast',
+    'findLastIndex',
+    'every',
+    'some',
+    'at',
+    // 返回字符串
+    'join',
+    'toString',
+    'toLocaleString',
+    // 在链式调用中安全使用（如 slice().reverse()）
+    'reverse',
+    'sort',
+]);
+/**
+ * 运行时辅助函数
+ */
+const RUNTIME_HELPERS = {
+    '$truncate': (str, length) => {
+        if (typeof str !== 'string')
+            return str;
+        const len = typeof length === 'number' ? length : 0;
+        return str.length > len ? str.slice(0, len) + '...' : str;
+    },
+    '$format': (date, _format) => {
+        const d = typeof date === 'number' ? new Date(date) : date;
+        // 简单格式化，可根据需要扩展
+        // format 参数暂未实现，保留接口以便未来扩展
+        return d.toISOString();
+    },
+};
+/**
+ * 安全求值 AST
+ *
+ * @param ast AST 节点
+ * @param ctx 运行时上下文
+ * @param options 求值选项
+ * @returns 求值结果（类型无法静态推导）
+ *
+ * 注意：表达式求值结果类型无法在编译时确定，返回 unknown
+ */
+export function evaluateExpression(ast, ctx, options = {}) {
+    const mergedOptions = {
+        ...ctx.$exprOptions,
+        ...options
+    };
+    const allowGlobals = mergedOptions.allowGlobals === true;
+    const maxSteps = mergedOptions.maxSteps ?? 1000;
+    const timeout = mergedOptions.timeout ?? 100;
+    let stepCount = 0;
+    const startTime = Date.now();
+    function getGlobalValueByName(name) {
+        if (!allowGlobals)
+            return undefined;
+        // 只有在 allowGlobals 为 true 时才返回全局对象
+        if (name === 'globalThis')
+            return globalThis;
+        if (name === 'window' && typeof window !== 'undefined')
+            return window;
+        if (name === 'document' && typeof document !== 'undefined')
+            return document;
+        if (name === 'global' && typeof global !== 'undefined')
+            return global;
+        if (name === 'self' && typeof self !== 'undefined')
+            return self;
+        // 只有在 allowGlobals 为 true 时才访问 globalThis 的属性
+        return globalThis[name];
+    }
+    function isGlobalObjectName(name) {
+        return ['window', 'document', 'global', 'globalThis', 'self'].includes(name);
+    }
+    function checkLimits() {
+        stepCount++;
+        if (stepCount > maxSteps) {
+            throw new ExpressionError(JSON.stringify(ast), `Expression evaluation exceeded max steps (${maxSteps})`, ErrorCodes.EXPRESSION_MAX_STEPS_EXCEEDED, {
+                metadata: {
+                    maxSteps,
+                    currentSteps: stepCount
+                }
+            });
+        }
+        if (Date.now() - startTime > timeout) {
+            throw new ExpressionError(JSON.stringify(ast), `Expression evaluation exceeded timeout (${timeout}ms)`, ErrorCodes.EXPRESSION_TIMEOUT, {
+                metadata: {
+                    timeout,
+                    elapsedTime: Date.now() - startTime
+                }
+            });
+        }
+    }
+    function evaluate(node) {
+        checkLimits();
+        // 使用类型断言处理 node.type，因为 @babel/types 的类型定义可能不完整
+        // TypeScript 的严格类型检查可能不识别某些节点类型，使用类型断言绕过
+        const nodeType = node.type;
+        switch (nodeType) {
+            case 'NumericLiteral':
+            case 'StringLiteral':
+            case 'BooleanLiteral':
+            case 'BigIntLiteral':
+            case 'DecimalLiteral':
+            case 'RegExpLiteral': {
+                // 这些字面量类型都有 value 属性
+                return node.value;
+            }
+            case 'NullLiteral': {
+                return null;
+            }
+            case 'Literal': {
+                const literal = node;
+                // 处理不同类型的字面量
+                // @babel/types 的 Literal 类型包含多种字面量类型
+                // 使用类型守卫安全访问 value 属性
+                if ('value' in literal && literal.value !== undefined) {
+                    return literal.value;
+                }
+                // NullLiteral 或 BigIntLiteral 可能没有 value 属性，或 value 为 null
+                // 检查类型名称
+                const literalType = literal.type;
+                if (literalType === 'NullLiteral') {
+                    return null;
+                }
+                // 其他情况：尝试访问 value，如果不存在则返回 undefined
+                return literal.value ?? undefined;
+            }
+            case 'Identifier': {
+                const name = node.name;
+                // 检查是否为全局对象名称（无论是否存在，都应该被禁止，除非 allowGlobals）
+                // 必须在检查 ctx 之前，防止 ctx 中有同名属性绕过检查
+                if (isGlobalObjectName(name) && !allowGlobals) {
+                    throw new ExpressionError(name, `Access to global "${name}" is not allowed in expressions`, ErrorCodes.EXPRESSION_UNSAFE_ACCESS);
+                }
+                // 从上下文获取值（优先从 ctx，但全局对象名称已经被上面的检查拦截）
+                // 注意：即使 ctx 中有 window/document 等属性，也不应该访问（安全考虑）
+                if (name in ctx && !isGlobalObjectName(name)) {
+                    return ctx[name];
+                }
+                // 允许直接访问全局对象（由 allowGlobals 控制）
+                if (allowGlobals) {
+                    const globalValue = getGlobalValueByName(name);
+                    if (globalValue !== undefined) {
+                        return globalValue;
+                    }
+                }
+                // 如果是白名单全局函数，允许访问（但仅用于函数调用，这里返回 undefined）
+                if (WHITELISTED_GLOBALS.has(name)) {
+                    return globalThis[name];
+                }
+                // 未定义的标识符返回 undefined（而不是抛出错误，允许可选链等场景）
+                return undefined;
+            }
+            case 'MemberExpression': {
+                const member = node;
+                const object = evaluate(member.object);
+                // null/undefined 检查
+                if (object == null) {
+                    return undefined;
+                }
+                // 禁止访问全局对象（检查对象是否为全局对象）
+                if (!allowGlobals) {
+                    // 检查对象是否为全局对象
+                    const isGlobal = object === globalThis ||
+                        (typeof window !== 'undefined' && object === window) ||
+                        (typeof global !== 'undefined' && object === global) ||
+                        (typeof self !== 'undefined' && object === self);
+                    if (isGlobal) {
+                        throw new ExpressionError(JSON.stringify(node), 'Access to global object is not allowed in expressions', ErrorCodes.EXPRESSION_UNSAFE_ACCESS);
+                    }
+                }
+                if (member.computed) {
+                    // 计算属性：obj[key]
+                    const key = evaluate(member.property);
+                    return object[key];
+                }
+                else {
+                    // 静态属性：obj.prop
+                    const prop = member.property.name;
+                    return object[prop];
+                }
+            }
+            case 'OptionalMemberExpression': {
+                const member = node;
+                const object = evaluate(member.object);
+                // null/undefined 检查（可选链特性）
+                if (object == null) {
+                    return undefined;
+                }
+                // 禁止访问全局对象（检查对象是否为全局对象）
+                if (!allowGlobals) {
+                    // 检查对象是否为全局对象
+                    const isGlobal = object === globalThis ||
+                        (typeof window !== 'undefined' && object === window) ||
+                        (typeof global !== 'undefined' && object === global) ||
+                        (typeof self !== 'undefined' && object === self);
+                    if (isGlobal) {
+                        throw new ExpressionError(JSON.stringify(node), 'Access to global object is not allowed in expressions', ErrorCodes.EXPRESSION_UNSAFE_ACCESS);
+                    }
+                }
+                if (member.computed) {
+                    // 计算属性：obj?.[key]
+                    const key = evaluate(member.property);
+                    return object?.[key];
+                }
+                else {
+                    // 静态属性：obj?.prop
+                    const prop = member.property.name;
+                    return object?.[prop];
+                }
+            }
+            case 'BinaryExpression': {
+                const binary = node;
+                const left = evaluate(binary.left);
+                const right = evaluate(binary.right);
+                const operator = binary.operator;
+                // 类型安全的二元运算
+                switch (operator) {
+                    case '+': return left + right;
+                    case '-': return left - right;
+                    case '*': return left * right;
+                    case '/': return left / right;
+                    case '%': return left % right;
+                    case '**': return left ** right;
+                    case '==': return left == right;
+                    case '!=': return left != right;
+                    case '===': return left === right;
+                    case '!==': return left !== right;
+                    case '<': return left < right;
+                    case '<=': return left <= right;
+                    case '>': return left > right;
+                    case '>=': return left >= right;
+                    case '<<': return left << right;
+                    case '>>': return left >> right;
+                    case '>>>': return left >>> right;
+                    case '&': return left & right;
+                    case '|': return left | right;
+                    case '^': return left ^ right;
+                    case 'in': return left in right;
+                    case 'instanceof': {
+                        // instanceof 需要检查 right 是否为构造函数
+                        if (typeof right !== 'function' && typeof right !== 'object') {
+                            throw new ExpressionError(JSON.stringify(node), 'Right-hand side of instanceof must be a constructor', ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+                        }
+                        return left instanceof right;
+                    }
+                    default:
+                        throw new ExpressionError(JSON.stringify(node), `Unsupported binary operator: ${operator}`, ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+                }
+            }
+            case 'LogicalExpression': {
+                const logical = node;
+                const left = evaluate(logical.left);
+                const operator = logical.operator;
+                if (operator === '&&') {
+                    return left && evaluate(logical.right);
+                }
+                else if (operator === '||') {
+                    return left || evaluate(logical.right);
+                }
+                else if (operator === '??') {
+                    return left ?? evaluate(logical.right);
+                }
+                throw new ExpressionError(JSON.stringify(node), `Unsupported logical operator: ${operator}`, ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+            }
+            case 'UnaryExpression': {
+                const unary = node;
+                const argument = evaluate(unary.argument);
+                const operator = unary.operator;
+                switch (operator) {
+                    case '+': return +argument;
+                    case '-': return -argument;
+                    case '!': return !argument;
+                    case '~': return ~argument;
+                    case 'typeof': return typeof argument;
+                    case 'void': return void argument;
+                    case 'delete': throw new ExpressionError(JSON.stringify(node), 'delete operator is not allowed', ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+                    default:
+                        throw new ExpressionError(JSON.stringify(node), `Unsupported unary operator: ${operator}`, ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+                }
+            }
+            case 'ConditionalExpression': {
+                const conditional = node;
+                const test = evaluate(conditional.test);
+                return test ? evaluate(conditional.consequent) : evaluate(conditional.alternate);
+            }
+            // NullishCoalescingExpression 在 @babel/types 中可能不存在
+            // 使用 LogicalExpression 处理 ?? 运算符（operator === '??'）
+            // 如果类型系统支持，可以添加此 case
+            case 'CallExpression': {
+                const call = node;
+                const callee = call.callee;
+                // 获取函数名和对象
+                let funcName;
+                let funcObj;
+                let callContext = null; // 函数调用的上下文（this）
+                if (callee.type === 'Identifier') {
+                    // 直接函数调用：String(), Math.max()
+                    funcName = callee.name;
+                    // 检查是否为全局对象（禁止访问）
+                    if (!isSafePropertyAccess(funcName, ctx, { allowGlobals })) {
+                        throw new ExpressionError(funcName, `Access to global "${funcName}" is not allowed in expressions`, 'UNSAFE_ACCESS');
+                    }
+                    // 从上下文或全局获取函数
+                    funcObj = ctx[funcName] ?? globalThis[funcName];
+                    callContext = null; // 全局函数调用，this 为 null
+                }
+                else if (callee.type === 'MemberExpression') {
+                    // 成员函数调用：Math.max(), Array.isArray(), array.slice()
+                    const member = callee;
+                    const obj = evaluate(member.object);
+                    // null/undefined 检查
+                    if (obj == null) {
+                        throw new ExpressionError(JSON.stringify(node), `Cannot call method on ${obj === null ? 'null' : 'undefined'}`, ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+                    }
+                    // 检查对象是否为全局对象（禁止访问）
+                    if (!allowGlobals) {
+                        // 检查对象是否为全局对象
+                        const isGlobal = obj === globalThis ||
+                            (typeof window !== 'undefined' && obj === window) ||
+                            (typeof global !== 'undefined' && obj === global) ||
+                            (typeof self !== 'undefined' && obj === self);
+                        if (isGlobal) {
+                            throw new ExpressionError(JSON.stringify(node), 'Access to global object is not allowed in expressions', ErrorCodes.EXPRESSION_UNSAFE_ACCESS);
+                        }
+                    }
+                    // 检查是否是数组实例方法调用（安全的只读方法）
+                    if (Array.isArray(obj) && !member.computed && member.property.type === 'Identifier') {
+                        const methodName = member.property.name;
+                        if (SAFE_ARRAY_METHODS.has(methodName)) {
+                            // 这是安全的数组方法，直接使用
+                            funcObj = obj[methodName];
+                            funcName = `Array.${methodName}`; // 用于标识和错误信息
+                            callContext = obj; // 数组方法调用，this 为数组本身
+                        }
+                        else {
+                            // 不是安全的数组方法，需要检查白名单
+                            const objName = member.object.type === 'Identifier'
+                                ? member.object.name
+                                : String(obj);
+                            funcName = `${objName}.${methodName}`;
+                            funcObj = obj?.[methodName];
+                            callContext = obj;
+                        }
+                    }
+                    else {
+                        // 非数组对象，正常处理
+                        // 获取对象标识符名称（如果是 Identifier）
+                        let objName = '';
+                        if (member.object.type === 'Identifier') {
+                            objName = member.object.name;
+                        }
+                        else {
+                            // 对于其他情况，使用字符串表示，但可能不在白名单内
+                            objName = String(obj);
+                        }
+                        if (member.computed) {
+                            const prop = evaluate(member.property);
+                            funcName = `${objName}[${String(prop)}]`;
+                            funcObj = obj?.[prop];
+                            callContext = obj;
+                        }
+                        else {
+                            const prop = member.property.name;
+                            funcName = `${objName}.${prop}`;
+                            funcObj = obj?.[prop];
+                            callContext = obj;
+                        }
+                    }
+                }
+                else {
+                    throw new ExpressionError(JSON.stringify(node), 'Invalid function call: only Identifier and MemberExpression are allowed', ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+                }
+                // 检查白名单
+                // 如果是数组方法（funcName 以 Array. 开头且方法在安全列表中），则允许
+                const isArrayMethod = funcName.startsWith('Array.') && SAFE_ARRAY_METHODS.has(funcName.split('.')[1]);
+                const isWhitelisted = isArrayMethod ||
+                    WHITELISTED_FUNCTIONS.has(funcName) ||
+                    WHITELISTED_GLOBALS.has(funcName.split('.')[0]) ||
+                    RUNTIME_HELPERS[funcName] !== undefined;
+                if (!allowGlobals && !isWhitelisted) {
+                    throw new ExpressionError(funcName, `Function "${funcName}" is not in whitelist`, ErrorCodes.EXPRESSION_FUNCTION_NOT_WHITELISTED);
+                }
+                // 执行函数调用
+                const args = call.arguments.map(arg => {
+                    if (arg.type === 'SpreadElement') {
+                        throw new ExpressionError(JSON.stringify(node), 'Spread operator is not allowed', ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+                    }
+                    return evaluate(arg);
+                });
+                // 调用运行时辅助函数
+                if (RUNTIME_HELPERS[funcName]) {
+                    return RUNTIME_HELPERS[funcName](...args);
+                }
+                // 调用白名单全局函数或数组方法
+                if (typeof funcObj === 'function') {
+                    try {
+                        // 如果有上下文（如数组方法），使用 apply；否则直接调用
+                        return callContext !== null
+                            ? funcObj.apply(callContext, args)
+                            : funcObj(...args);
+                    }
+                    catch (error) {
+                        const errorMessage = error instanceof Error ? error.message : String(error);
+                        throw new ExpressionError(funcName, `Error calling "${funcName}": ${errorMessage}`, ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+                    }
+                }
+                throw new ExpressionError(funcName, `"${funcName}" is not a function${funcObj === undefined ? ' (undefined)' : funcObj === null ? ' (null)' : ''}`, ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+            }
+            case 'ArrayExpression': {
+                const array = node;
+                return array.elements.map(el => {
+                    if (el == null)
+                        return null;
+                    if (el.type === 'SpreadElement') {
+                        throw new ExpressionError(JSON.stringify(node), 'Spread operator is not allowed', ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+                    }
+                    return evaluate(el);
+                });
+            }
+            case 'ObjectExpression': {
+                const object = node;
+                const result = {};
+                for (const prop of object.properties) {
+                    if (prop.type === 'ObjectMethod' || prop.type === 'SpreadElement') {
+                        throw new ExpressionError(JSON.stringify(node), 'Object methods and spread are not allowed', ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+                    }
+                    const key = prop.key.type === 'Identifier'
+                        ? prop.key.name
+                        : String(evaluate(prop.key));
+                    result[key] = evaluate(prop.value);
+                }
+                return result;
+            }
+            case 'TemplateLiteral': {
+                const template = node;
+                let result = '';
+                for (let i = 0; i < template.quasis.length; i++) {
+                    result += template.quasis[i].value.cooked;
+                    if (i < template.expressions.length) {
+                        result += String(evaluate(template.expressions[i]));
+                    }
+                }
+                return result;
+            }
+            default:
+                throw new ExpressionError(JSON.stringify(node), `Unsupported node type: ${node.type}`, ErrorCodes.EXPRESSION_EVALUATION_ERROR);
+        }
+    }
+    return evaluate(ast);
+}
+//# sourceMappingURL=evaluator.js.map