@yangfei_93sky/biocli 0.2.0

package/dist/pipeline/steps/fetch.js

@@ -0,0 +1,160 @@
+/**
+ * Pipeline step: fetch — HTTP API requests for NCBI endpoints.
+ *
+ * Adapted from opencli:
+ * - No browser-related fetch paths (no page.evaluate, no fetchBatchInBrowser)
+ * - Always uses Node.js built-in fetch()
+ * - Automatic API key / email injection via HttpContext
+ * - Rate limiting integration via HttpContext.fetch() or standalone rate limiter
+ * - XML auto-detection: if Content-Type contains 'xml', auto-parse with parseXml()
+ * - Per-item fetch pattern (when data is array and URL contains `item`)
+ * - Configurable concurrency (default 5)
+ */
+import { CliError, getErrorMessage } from '../../errors.js';
+import { renderTemplate } from '../template.js';
+import { isRecord, mapConcurrent } from '../../utils.js';
+/**
+ * Check if a Content-Type header indicates XML.
+ */
+function isXmlContentType(contentType) {
+    if (!contentType)
+        return false;
+    return contentType.includes('xml');
+}
+/**
+ * Parse an XML string into a JS object using fast-xml-parser.
+ * Lazily imports to avoid top-level dependency issues.
+ */
+async function parseXmlResponse(text) {
+    const { XMLParser } = await import('fast-xml-parser');
+    const parser = new XMLParser({
+        ignoreAttributes: false,
+        attributeNamePrefix: '@_',
+        textNodeName: '#text',
+        isArray: (_name, _jpath, isLeafNode, isAttribute) => {
+            // Keep leaf text nodes as scalars; arrays only for repeated elements
+            if (isAttribute || isLeafNode)
+                return false;
+            return false;
+        },
+    });
+    return parser.parse(text);
+}
+/**
+ * Build a URL with query parameters appended.
+ */
+function appendQueryParams(url, params) {
+    if (Object.keys(params).length === 0)
+        return url;
+    const qs = new URLSearchParams(params).toString();
+    return `${url}${url.includes('?') ? '&' : '?'}${qs}`;
+}
+/**
+ * Inject NCBI API key and email into query params if available on the context.
+ */
+function injectNcbiParams(params, ctx) {
+    const result = { ...params };
+    if (ctx?.apiKey && !result.api_key) {
+        result.api_key = ctx.apiKey;
+    }
+    if (ctx?.email && !result.email) {
+        result.email = ctx.email;
+    }
+    return result;
+}
+/**
+ * Perform a single HTTP fetch with optional rate limiting via HttpContext.
+ * Auto-detects XML responses and parses them.
+ */
+async function fetchSingle(ctx, url, method, queryParams, headers) {
+    // Inject NCBI credentials
+    const mergedParams = injectNcbiParams(queryParams, ctx);
+    const finalUrl = appendQueryParams(url, mergedParams);
+    let resp;
+    if (ctx) {
+        // Use context's rate-limited fetch
+        resp = await ctx.fetch(finalUrl, {
+            method: method.toUpperCase(),
+            headers,
+        });
+    }
+    else {
+        // Direct fetch (no rate limiting)
+        resp = await fetch(finalUrl, {
+            method: method.toUpperCase(),
+            headers,
+        });
+    }
+    if (!resp.ok) {
+        throw new CliError('FETCH_ERROR', `HTTP ${resp.status} ${resp.statusText} from ${finalUrl}`);
+    }
+    // Auto-detect XML and parse accordingly
+    const contentType = resp.headers.get('content-type');
+    const text = await resp.text();
+    if (isXmlContentType(contentType)) {
+        return parseXmlResponse(text);
+    }
+    // Try JSON
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        // Return raw text if not parseable as JSON
+        return text;
+    }
+}
+/**
+ * Pipeline fetch step handler.
+ *
+ * Params can be:
+ * - A string (URL template)
+ * - An object with: url, method, params, headers, concurrency
+ */
+export async function handleFetch(ctx, params, data, args) {
+    const paramObject = isRecord(params) ? params : {};
+    const urlOrObj = typeof params === 'string' ? params : (paramObject.url ?? '');
+    const method = typeof paramObject.method === 'string' ? paramObject.method : 'GET';
+    const queryParams = isRecord(paramObject.params)
+        ? paramObject.params
+        : {};
+    const headers = isRecord(paramObject.headers)
+        ? paramObject.headers
+        : {};
+    const urlTemplate = String(urlOrObj);
+    // Per-item fetch when data is array and URL references item
+    if (Array.isArray(data) && urlTemplate.includes('item')) {
+        const concurrency = typeof paramObject.concurrency === 'number' ? paramObject.concurrency : 5;
+        // Render headers and query params once (they don't depend on item)
+        const renderedHeaders = {};
+        for (const [k, v] of Object.entries(headers)) {
+            renderedHeaders[k] = String(renderTemplate(v, { args, data }));
+        }
+        const renderedQueryParams = {};
+        for (const [k, v] of Object.entries(queryParams)) {
+            renderedQueryParams[k] = String(renderTemplate(v, { args, data }));
+        }
+        // Fetch each item concurrently with bounded concurrency
+        return mapConcurrent(data, async (item, index) => {
+            const itemUrl = String(renderTemplate(urlTemplate, { args, data, item, index }));
+            try {
+                return await fetchSingle(ctx, itemUrl, method, renderedQueryParams, renderedHeaders);
+            }
+            catch (error) {
+                const message = getErrorMessage(error);
+                return { error: message };
+            }
+        }, concurrency);
+    }
+    // Single fetch
+    const url = String(renderTemplate(urlOrObj, { args, data }));
+    // Render query params and headers with current context
+    const renderedQueryParams = {};
+    for (const [k, v] of Object.entries(queryParams)) {
+        renderedQueryParams[k] = String(renderTemplate(v, { args, data }));
+    }
+    const renderedHeaders = {};
+    for (const [k, v] of Object.entries(headers)) {
+        renderedHeaders[k] = String(renderTemplate(v, { args, data }));
+    }
+    return fetchSingle(ctx, url, method, renderedQueryParams, renderedHeaders);
+}

package/dist/pipeline/steps/transform.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Pipeline steps: data transforms — select, map, filter, sort, limit.
+ */
+import type { HttpContext } from '../../types.js';
+/**
+ * Navigate a nested path (e.g. `esearchresult.idlist`) within the current data.
+ */
+export declare function handleSelect(_ctx: HttpContext | null, params: unknown, data: unknown, args: Record<string, unknown>): Promise<unknown>;
+/**
+ * Transform array items using template expressions.
+ * Supports inline select via `{ map: { select: 'path', key: '${{ item.x }}' } }`.
+ */
+export declare function handleMap(_ctx: HttpContext | null, params: unknown, data: unknown, args: Record<string, unknown>): Promise<unknown>;
+/**
+ * Filter array items by a template expression that evaluates to truthy/falsy.
+ */
+export declare function handleFilter(_ctx: HttpContext | null, params: unknown, data: unknown, args: Record<string, unknown>): Promise<unknown>;
+/**
+ * Sort array items by a field, ascending or descending.
+ * Params can be a string (field name) or `{ by: 'field', order: 'desc' }`.
+ */
+export declare function handleSort(_ctx: HttpContext | null, params: unknown, data: unknown, _args: Record<string, unknown>): Promise<unknown>;
+/**
+ * Truncate an array to the first N items.
+ */
+export declare function handleLimit(_ctx: HttpContext | null, params: unknown, data: unknown, args: Record<string, unknown>): Promise<unknown>;

package/dist/pipeline/steps/transform.js

@@ -0,0 +1,92 @@
+/**
+ * Pipeline steps: data transforms — select, map, filter, sort, limit.
+ */
+import { renderTemplate, evalExpr } from '../template.js';
+import { isRecord } from '../../utils.js';
+/**
+ * Navigate a nested path (e.g. `esearchresult.idlist`) within the current data.
+ */
+export async function handleSelect(_ctx, params, data, args) {
+    const pathStr = String(renderTemplate(params, { args, data }));
+    if (data && typeof data === 'object') {
+        let current = data;
+        for (const part of pathStr.split('.')) {
+            if (isRecord(current)) {
+                current = current[part];
+            }
+            else if (Array.isArray(current) && /^\d+$/.test(part)) {
+                current = current[parseInt(part, 10)];
+            }
+            else {
+                return null;
+            }
+        }
+        return current;
+    }
+    return data;
+}
+/**
+ * Transform array items using template expressions.
+ * Supports inline select via `{ map: { select: 'path', key: '${{ item.x }}' } }`.
+ */
+export async function handleMap(_ctx, params, data, args) {
+    if (!data || typeof data !== 'object')
+        return data;
+    let source = data;
+    // Support inline select: { map: { select: 'path', key: '${{ item.x }}' } }
+    if (isRecord(params) && 'select' in params) {
+        source = await handleSelect(null, params.select, data, args);
+    }
+    if (!source || typeof source !== 'object')
+        return source;
+    let items = Array.isArray(source) ? source : [source];
+    if (isRecord(source) && Array.isArray(source.data))
+        items = source.data;
+    const result = [];
+    const templateParams = isRecord(params) ? params : {};
+    for (let i = 0; i < items.length; i++) {
+        const item = items[i];
+        const row = {};
+        for (const [key, template] of Object.entries(templateParams)) {
+            if (key === 'select')
+                continue;
+            row[key] = renderTemplate(template, { args, data: source, item, index: i });
+        }
+        result.push(row);
+    }
+    return result;
+}
+/**
+ * Filter array items by a template expression that evaluates to truthy/falsy.
+ */
+export async function handleFilter(_ctx, params, data, args) {
+    if (!Array.isArray(data))
+        return data;
+    return data.filter((item, i) => evalExpr(String(params), { args, item, index: i }));
+}
+/**
+ * Sort array items by a field, ascending or descending.
+ * Params can be a string (field name) or `{ by: 'field', order: 'desc' }`.
+ */
+export async function handleSort(_ctx, params, data, _args) {
+    if (!Array.isArray(data))
+        return data;
+    const key = isRecord(params) ? String(params.by ?? '') : String(params);
+    const reverse = isRecord(params) ? params.order === 'desc' : false;
+    return [...data].sort((a, b) => {
+        const left = isRecord(a) ? a[key] : undefined;
+        const right = isRecord(b) ? b[key] : undefined;
+        const cmp = String(left ?? '').localeCompare(String(right ?? ''), undefined, {
+            numeric: true,
+        });
+        return reverse ? -cmp : cmp;
+    });
+}
+/**
+ * Truncate an array to the first N items.
+ */
+export async function handleLimit(_ctx, params, data, args) {
+    if (!Array.isArray(data))
+        return data;
+    return data.slice(0, Number(renderTemplate(params, { args, data })));
+}

package/dist/pipeline/steps/xml-parse.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Pipeline step: xml-parse — parse XML strings into JSON objects.
+ *
+ * Uses fast-xml-parser (same as the fetch step's auto-detection path)
+ * for explicit XML parsing when the data hasn't been auto-parsed yet.
+ */
+import type { HttpContext } from '../../types.js';
+/**
+ * Parse an XML string into a JavaScript object.
+ * If data is already parsed (not a string), returns it unchanged.
+ */
+export declare function handleXmlParse(_ctx: HttpContext | null, _params: unknown, data: unknown, _args: Record<string, unknown>): Promise<unknown>;

package/dist/pipeline/steps/xml-parse.js

@@ -0,0 +1,27 @@
+/**
+ * Pipeline step: xml-parse — parse XML strings into JSON objects.
+ *
+ * Uses fast-xml-parser (same as the fetch step's auto-detection path)
+ * for explicit XML parsing when the data hasn't been auto-parsed yet.
+ */
+/**
+ * Parse an XML string into a JavaScript object.
+ * If data is already parsed (not a string), returns it unchanged.
+ */
+export async function handleXmlParse(_ctx, _params, data, _args) {
+    if (typeof data === 'string') {
+        const { XMLParser } = await import('fast-xml-parser');
+        const parser = new XMLParser({
+            ignoreAttributes: false,
+            attributeNamePrefix: '@_',
+            textNodeName: '#text',
+            isArray: (_name, _jpath, isLeafNode, isAttribute) => {
+                if (isAttribute || isLeafNode)
+                    return false;
+                return false;
+            },
+        });
+        return parser.parse(data);
+    }
+    return data; // already parsed
+}

package/dist/pipeline/template.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Pipeline template engine: ${{ ... }} expression rendering.
+ *
+ * Ported from opencli with all features intact:
+ * - ${{ expr }} syntax with interpolation
+ * - Dot-path resolution (fast path)
+ * - String/numeric literals (fast path)
+ * - Pipe filters: upper, lower, trim, truncate(n), replace(old,new),
+ *   join(sep), first, last, length, keys, json, default(val),
+ *   slugify, sanitize, urlencode, urldecode, ext, basename
+ * - VM-sandboxed JavaScript expressions fallback
+ * - LRU cache for compiled scripts
+ * - Security: forbidden pattern blocking
+ */
+export interface RenderContext {
+    args?: Record<string, unknown>;
+    data?: unknown;
+    item?: unknown;
+    index?: number;
+}
+/**
+ * Render a template string (or pass through non-strings unchanged).
+ *
+ * - If the entire string is a single `${{ ... }}`, the raw evaluated value
+ *   is returned (preserving type — number, array, object, etc.).
+ * - Otherwise embedded expressions are stringified and interpolated.
+ */
+export declare function renderTemplate(template: unknown, ctx: RenderContext): unknown;
+/**
+ * Recursively render all template strings inside a value (object / array / string).
+ * Non-string primitives are returned as-is.
+ */
+export declare function renderValue(value: unknown, ctx: RenderContext): unknown;
+export declare function evalExpr(expr: string, ctx: RenderContext): unknown;
+export declare function resolvePath(pathStr: string, ctx: RenderContext): unknown;

package/dist/pipeline/template.js

@@ -0,0 +1,312 @@
+/**
+ * Pipeline template engine: ${{ ... }} expression rendering.
+ *
+ * Ported from opencli with all features intact:
+ * - ${{ expr }} syntax with interpolation
+ * - Dot-path resolution (fast path)
+ * - String/numeric literals (fast path)
+ * - Pipe filters: upper, lower, trim, truncate(n), replace(old,new),
+ *   join(sep), first, last, length, keys, json, default(val),
+ *   slugify, sanitize, urlencode, urldecode, ext, basename
+ * - VM-sandboxed JavaScript expressions fallback
+ * - LRU cache for compiled scripts
+ * - Security: forbidden pattern blocking
+ */
+import vm from 'node:vm';
+import { isRecord } from '../utils.js';
+/**
+ * Render a template string (or pass through non-strings unchanged).
+ *
+ * - If the entire string is a single `${{ ... }}`, the raw evaluated value
+ *   is returned (preserving type — number, array, object, etc.).
+ * - Otherwise embedded expressions are stringified and interpolated.
+ */
+export function renderTemplate(template, ctx) {
+    if (typeof template !== 'string')
+        return template;
+    const trimmed = template.trim();
+    // Full expression: entire string is a single ${{ ... }}
+    // Use [^}] to prevent matching across }} boundaries (e.g. "${{ a }}-${{ b }}")
+    const fullMatch = trimmed.match(/^\$\{\{\s*([^}]*(?:\}[^}][^}]*)*)\s*\}\}$/);
+    if (fullMatch && !trimmed.includes('}}-') && !trimmed.includes('}}${{')) {
+        return evalExpr(fullMatch[1].trim(), ctx);
+    }
+    // Check if the entire string is a single expression (no other text around it)
+    const singleExpr = trimmed.match(/^\$\{\{\s*([\s\S]*?)\s*\}\}$/);
+    if (singleExpr) {
+        // Verify it's truly a single expression (no other ${{ inside)
+        const inner = singleExpr[1];
+        if (!inner.includes('${{'))
+            return evalExpr(inner.trim(), ctx);
+    }
+    return template.replace(/\$\{\{\s*(.*?)\s*\}\}/g, (_m, expr) => String(evalExpr(expr.trim(), ctx)));
+}
+/**
+ * Recursively render all template strings inside a value (object / array / string).
+ * Non-string primitives are returned as-is.
+ */
+export function renderValue(value, ctx) {
+    if (typeof value === 'string')
+        return renderTemplate(value, ctx);
+    if (Array.isArray(value))
+        return value.map((v) => renderValue(v, ctx));
+    if (isRecord(value)) {
+        const out = {};
+        for (const [k, v] of Object.entries(value)) {
+            out[k] = renderValue(v, ctx);
+        }
+        return out;
+    }
+    return value;
+}
+// ── Expression evaluator ────────────────────────────────────────────────────
+export function evalExpr(expr, ctx) {
+    const args = ctx.args ?? {};
+    const item = ctx.item ?? {};
+    const data = ctx.data;
+    const index = ctx.index ?? 0;
+    // ── Pipe filters: expr | filter1(arg) | filter2 ──
+    // Split on single | (not ||) so "item.a || item.b | upper" works correctly.
+    const pipeSegments = expr.split(/(?<!\|)\|(?!\|)/).map((s) => s.trim());
+    if (pipeSegments.length > 1) {
+        let result = evalExpr(pipeSegments[0], ctx);
+        for (let i = 1; i < pipeSegments.length; i++) {
+            result = applyFilter(pipeSegments[i], result);
+        }
+        return result;
+    }
+    // Fast path: quoted string literal — skip VM overhead
+    const strLit = expr.match(/^(['"])(.*)\1$/);
+    if (strLit)
+        return strLit[2];
+    // Fast path: numeric literal
+    if (/^\d+(\.\d+)?$/.test(expr))
+        return Number(expr);
+    // Try resolving as a simple dotted path (item.foo.bar, args.limit, index)
+    const resolved = resolvePath(expr, { args, item, data, index });
+    if (resolved !== null && resolved !== undefined)
+        return resolved;
+    // Fallback: evaluate as JS in a sandboxed VM.
+    // Handles ||, ??, arithmetic, ternary, method calls, etc. natively.
+    return evalJsExpr(expr, { args, item, data, index });
+}
+// ── Pipe filters ────────────────────────────────────────────────────────────
+/**
+ * Apply a named filter to a value.
+ * Supported filters:
+ *   default(val), join(sep), upper, lower, truncate(n), trim,
+ *   replace(old,new), keys, length, first, last, json,
+ *   slugify, sanitize, urlencode, urldecode, ext, basename
+ */
+function applyFilter(filterExpr, value) {
+    const match = filterExpr.match(/^(\w+)(?:\((.+)\))?$/);
+    if (!match)
+        return value;
+    const [, name, rawArgs] = match;
+    const filterArg = rawArgs?.replace(/^['"]|['"]$/g, '') ?? '';
+    switch (name) {
+        case 'default': {
+            if (value === null || value === undefined || value === '') {
+                const intVal = parseInt(filterArg, 10);
+                if (!Number.isNaN(intVal) && String(intVal) === filterArg.trim())
+                    return intVal;
+                return filterArg;
+            }
+            return value;
+        }
+        case 'join':
+            return Array.isArray(value) ? value.join(filterArg || ', ') : value;
+        case 'upper':
+            return typeof value === 'string' ? value.toUpperCase() : value;
+        case 'lower':
+            return typeof value === 'string' ? value.toLowerCase() : value;
+        case 'trim':
+            return typeof value === 'string' ? value.trim() : value;
+        case 'truncate': {
+            const n = parseInt(filterArg, 10) || 50;
+            return typeof value === 'string' && value.length > n
+                ? `${value.slice(0, n)}...`
+                : value;
+        }
+        case 'replace': {
+            if (typeof value !== 'string')
+                return value;
+            const parts = rawArgs?.split(',').map((s) => s.trim().replace(/^['"]|['"]$/g, '')) ?? [];
+            return parts.length >= 2 ? value.replaceAll(parts[0], parts[1]) : value;
+        }
+        case 'keys':
+            return value && typeof value === 'object' ? Object.keys(value) : value;
+        case 'length':
+            return Array.isArray(value)
+                ? value.length
+                : typeof value === 'string'
+                    ? value.length
+                    : value;
+        case 'first':
+            return Array.isArray(value) ? value[0] : value;
+        case 'last':
+            return Array.isArray(value) ? value[value.length - 1] : value;
+        case 'json':
+            return JSON.stringify(value ?? null);
+        case 'slugify':
+            // Convert to URL-safe slug
+            return typeof value === 'string'
+                ? value
+                    .toLowerCase()
+                    .replace(/[^\p{L}\p{N}]+/gu, '-')
+                    .replace(/^-|-$/g, '')
+                : value;
+        case 'sanitize':
+            // Remove invalid filename characters
+            return typeof value === 'string'
+                ? // biome-ignore lint/suspicious/noControlCharactersInRegex: intentional - strips C0 control chars from filenames
+                    value.replace(/[<>:"/\\|?*\x00-\x1f]/g, '_')
+                : value;
+        case 'ext': {
+            // Extract file extension from URL or path
+            if (typeof value !== 'string')
+                return value;
+            const lastDot = value.lastIndexOf('.');
+            const lastSlash = Math.max(value.lastIndexOf('/'), value.lastIndexOf('\\'));
+            return lastDot > lastSlash ? value.slice(lastDot) : '';
+        }
+        case 'basename': {
+            // Extract filename from URL or path
+            if (typeof value !== 'string')
+                return value;
+            const parts = value.split(/[/\\]/);
+            return parts[parts.length - 1] || value;
+        }
+        case 'urlencode':
+            return typeof value === 'string' ? encodeURIComponent(value) : value;
+        case 'urldecode':
+            return typeof value === 'string' ? decodeURIComponent(value) : value;
+        default:
+            return value;
+    }
+}
+// ── Dot-path resolution ─────────────────────────────────────────────────────
+export function resolvePath(pathStr, ctx) {
+    const args = ctx.args ?? {};
+    const item = ctx.item ?? {};
+    const data = ctx.data;
+    const index = ctx.index ?? 0;
+    const parts = pathStr.split('.');
+    const rootName = parts[0];
+    let obj;
+    let rest;
+    if (rootName === 'args') {
+        obj = args;
+        rest = parts.slice(1);
+    }
+    else if (rootName === 'item') {
+        obj = item;
+        rest = parts.slice(1);
+    }
+    else if (rootName === 'data') {
+        obj = data;
+        rest = parts.slice(1);
+    }
+    else if (rootName === 'index') {
+        return index;
+    }
+    else {
+        // Default: treat as item property
+        obj = item;
+        rest = parts;
+    }
+    for (const part of rest) {
+        if (isRecord(obj)) {
+            obj = obj[part];
+        }
+        else if (Array.isArray(obj) && /^\d+$/.test(part)) {
+            obj = obj[parseInt(part, 10)];
+        }
+        else {
+            return null;
+        }
+    }
+    return obj;
+}
+// ── Sandboxed JS evaluation ─────────────────────────────────────────────────
+/**
+ * Evaluate arbitrary JS expressions as a last-resort fallback.
+ * Runs inside a `node:vm` sandbox with dynamic code generation disabled.
+ *
+ * Compiled functions are cached by expression string to avoid re-creating
+ * VM contexts on every invocation — critical for loops where the same
+ * expression is evaluated hundreds of times.
+ */
+const FORBIDDEN_EXPR_PATTERNS = /\b(constructor|__proto__|prototype|globalThis|process|require|import|eval)\b/;
+/**
+ * Deep-copy plain data to sever prototype chains, preventing sandbox escape
+ * via `args.constructor.constructor('return process')()` etc.
+ */
+function sanitizeContext(obj) {
+    if (obj === null || obj === undefined)
+        return obj;
+    if (typeof obj !== 'object' && typeof obj !== 'function')
+        return obj;
+    try {
+        return JSON.parse(JSON.stringify(obj));
+    }
+    catch {
+        return {};
+    }
+}
+/** LRU-bounded cache for compiled VM scripts — prevents unbounded memory growth. */
+const MAX_VM_CACHE_SIZE = 256;
+const _vmCache = new Map();
+function getOrCompileScript(expr) {
+    let script = _vmCache.get(expr);
+    if (script)
+        return script;
+    // Evict oldest entry when cache is full
+    if (_vmCache.size >= MAX_VM_CACHE_SIZE) {
+        const firstKey = _vmCache.keys().next().value;
+        if (firstKey !== undefined)
+            _vmCache.delete(firstKey);
+    }
+    script = new vm.Script(`(${expr})`);
+    _vmCache.set(expr, script);
+    return script;
+}
+function evalJsExpr(expr, ctx) {
+    // Guard against absurdly long expressions that could indicate injection.
+    if (expr.length > 2000)
+        return undefined;
+    // Block obvious sandbox escape attempts.
+    if (FORBIDDEN_EXPR_PATTERNS.test(expr))
+        return undefined;
+    const args = sanitizeContext(ctx.args ?? {});
+    const item = sanitizeContext(ctx.item ?? {});
+    const data = sanitizeContext(ctx.data);
+    const index = ctx.index ?? 0;
+    try {
+        const script = getOrCompileScript(expr);
+        const sandbox = vm.createContext({
+            args,
+            item,
+            data,
+            index,
+            encodeURIComponent,
+            decodeURIComponent,
+            JSON,
+            Math,
+            Number,
+            String,
+            Boolean,
+            Array,
+            Date,
+        }, {
+            codeGeneration: {
+                strings: false,
+                wasm: false,
+            },
+        });
+        return script.runInContext(sandbox, { timeout: 50 });
+    }
+    catch {
+        return undefined;
+    }
+}