agentdb 2.0.0-alpha.2 → 2.0.0-alpha.2.2

package/dist/security/path-security.js

@@ -1,337 +0,0 @@
-/**
- * AgentDB v2 Path Security Utilities
- *
- * Prevents path traversal attacks and ensures safe file operations:
- * - Path validation and canonicalization
- * - Symlink detection and handling
- * - Safe file read/write operations
- * - Temporary file cleanup
- */
-import * as path from 'path';
-import * as fs from 'fs';
-import { SecurityError } from './limits.js';
-/**
- * Validate and sanitize file path
- * Prevents path traversal attacks
- */
-export function validatePath(filePath, baseDir) {
-    if (!filePath || typeof filePath !== 'string') {
-        throw new SecurityError('File path must be a non-empty string', 'INVALID_PATH');
-    }
-    if (!baseDir || typeof baseDir !== 'string') {
-        throw new SecurityError('Base directory must be a non-empty string', 'INVALID_BASE_DIR');
-    }
-    // Resolve to absolute paths
-    const resolvedBase = path.resolve(baseDir);
-    const resolvedPath = path.resolve(baseDir, filePath);
-    // Calculate relative path
-    const relativePath = path.relative(resolvedBase, resolvedPath);
-    // Check for path traversal attempts
-    if (relativePath.startsWith('..') || path.isAbsolute(relativePath)) {
-        throw new SecurityError(`Path traversal attempt detected: ${filePath}`, 'PATH_TRAVERSAL');
-    }
-    // Additional security checks
-    if (filePath.includes('\x00')) {
-        throw new SecurityError('Path contains null bytes', 'NULL_BYTE_IN_PATH');
-    }
-    return resolvedPath;
-}
-/**
- * Check if path is a symbolic link
- */
-export async function isSymbolicLink(filePath) {
-    try {
-        const stats = await fs.promises.lstat(filePath);
-        return stats.isSymbolicLink();
-    }
-    catch (error) {
-        // File doesn't exist
-        if (error.code === 'ENOENT') {
-            return false;
-        }
-        throw error;
-    }
-}
-/**
- * Secure file write operation
- * Prevents writing to symbolic links and validates paths
- */
-export async function secureWrite(filePath, data, baseDir, options) {
-    const safePath = validatePath(filePath, baseDir);
-    // Check if file exists and is a symlink
-    if (await isSymbolicLink(safePath)) {
-        throw new SecurityError('Cannot write to symbolic link', 'SYMLINK_WRITE_DENIED');
-    }
-    // Check if file exists and overwrite is not allowed
-    if (!options?.overwrite) {
-        try {
-            await fs.promises.access(safePath, fs.constants.F_OK);
-            throw new SecurityError('File already exists and overwrite is not allowed', 'FILE_EXISTS');
-        }
-        catch (error) {
-            // File doesn't exist, which is what we want
-            if (error.code !== 'ENOENT') {
-                throw error;
-            }
-        }
-    }
-    // Ensure directory exists
-    const dir = path.dirname(safePath);
-    await fs.promises.mkdir(dir, { recursive: true });
-    // Write file with atomic operation (write to temp, then rename)
-    const tempPath = `${safePath}.tmp.${Date.now()}`;
-    try {
-        if (options?.encoding && typeof data === 'string') {
-            await fs.promises.writeFile(tempPath, data, { encoding: options.encoding });
-        }
-        else {
-            await fs.promises.writeFile(tempPath, data);
-        }
-        // Atomic rename
-        await fs.promises.rename(tempPath, safePath);
-    }
-    catch (error) {
-        // Clean up temp file on error
-        try {
-            await fs.promises.unlink(tempPath);
-        }
-        catch {
-            // Ignore cleanup errors
-        }
-        throw error;
-    }
-}
-/**
- * Secure file read operation
- * Validates paths and prevents symlink attacks
- */
-export async function secureRead(filePath, baseDir, options) {
-    const safePath = validatePath(filePath, baseDir);
-    // Check for symlinks if not allowed
-    if (!options?.followSymlinks && await isSymbolicLink(safePath)) {
-        throw new SecurityError('Cannot read symbolic link', 'SYMLINK_READ_DENIED');
-    }
-    // Verify file exists and is readable
-    try {
-        await fs.promises.access(safePath, fs.constants.R_OK);
-    }
-    catch (error) {
-        throw new SecurityError(`File not found or not readable: ${path.basename(filePath)}`, 'FILE_NOT_READABLE');
-    }
-    // Read file
-    if (options?.encoding) {
-        return await fs.promises.readFile(safePath, { encoding: options.encoding });
-    }
-    else {
-        return await fs.promises.readFile(safePath);
-    }
-}
-/**
- * Secure directory listing
- * Prevents path traversal and filters out sensitive files
- */
-export async function secureListDir(dirPath, baseDir, options) {
-    const safeDir = validatePath(dirPath, baseDir);
-    // Verify directory exists
-    try {
-        const stats = await fs.promises.stat(safeDir);
-        if (!stats.isDirectory()) {
-            throw new SecurityError('Path is not a directory', 'NOT_A_DIRECTORY');
-        }
-    }
-    catch (error) {
-        if (error.code === 'ENOENT') {
-            throw new SecurityError('Directory not found', 'DIRECTORY_NOT_FOUND');
-        }
-        throw error;
-    }
-    const entries = await fs.promises.readdir(safeDir, { withFileTypes: true });
-    const files = [];
-    for (const entry of entries) {
-        // Skip dot files unless explicitly included
-        if (!options?.includeDotFiles && entry.name.startsWith('.')) {
-            continue;
-        }
-        const fullPath = path.join(dirPath, entry.name);
-        if (entry.isFile()) {
-            files.push(fullPath);
-        }
-        else if (entry.isDirectory() && options?.recursive) {
-            const subFiles = await secureListDir(fullPath, baseDir, options);
-            files.push(...subFiles);
-        }
-    }
-    return files;
-}
-/**
- * Secure file deletion
- * Validates paths and prevents symlink attacks
- */
-export async function secureDelete(filePath, baseDir, options) {
-    const safePath = validatePath(filePath, baseDir);
-    // Check if file is a symlink
-    if (await isSymbolicLink(safePath)) {
-        if (!options?.force) {
-            throw new SecurityError('Cannot delete symbolic link without force option', 'SYMLINK_DELETE_DENIED');
-        }
-        // Delete the symlink itself, not the target
-        await fs.promises.unlink(safePath);
-        return;
-    }
-    // Delete file
-    try {
-        await fs.promises.unlink(safePath);
-    }
-    catch (error) {
-        if (error.code === 'ENOENT') {
-            // File doesn't exist, which is fine
-            return;
-        }
-        throw error;
-    }
-}
-/**
- * Temporary file manager with automatic cleanup
- */
-export class TempFileManager {
-    tempFiles = new Set();
-    tempDir;
-    cleanupScheduled = false;
-    constructor(baseDir) {
-        this.tempDir = path.join(baseDir, '.tmp');
-    }
-    /**
-     * Initialize temp directory
-     */
-    async init() {
-        await fs.promises.mkdir(this.tempDir, { recursive: true });
-        // Schedule cleanup on process exit
-        if (!this.cleanupScheduled) {
-            process.on('exit', () => this.cleanupSync());
-            process.on('SIGINT', () => {
-                this.cleanupSync();
-                process.exit(0);
-            });
-            process.on('SIGTERM', () => {
-                this.cleanupSync();
-                process.exit(0);
-            });
-            this.cleanupScheduled = true;
-        }
-    }
-    /**
-     * Create a temporary file
-     */
-    async createTempFile(prefix = 'agentdb') {
-        await this.init();
-        const filename = `${prefix}-${Date.now()}-${Math.random().toString(36).substring(7)}`;
-        const tempPath = path.join(this.tempDir, filename);
-        this.tempFiles.add(tempPath);
-        return tempPath;
-    }
-    /**
-     * Write to temporary file
-     */
-    async writeTempFile(data, prefix = 'agentdb') {
-        const tempPath = await this.createTempFile(prefix);
-        await fs.promises.writeFile(tempPath, data);
-        return tempPath;
-    }
-    /**
-     * Delete a specific temp file
-     */
-    async deleteTempFile(tempPath) {
-        if (!this.tempFiles.has(tempPath)) {
-            throw new SecurityError('File is not managed by this temp file manager', 'NOT_TEMP_FILE');
-        }
-        try {
-            await fs.promises.unlink(tempPath);
-            this.tempFiles.delete(tempPath);
-        }
-        catch (error) {
-            if (error.code !== 'ENOENT') {
-                throw error;
-            }
-        }
-    }
-    /**
-     * Clean up all temporary files
-     */
-    async cleanup() {
-        const deletePromises = Array.from(this.tempFiles).map(async (tempPath) => {
-            try {
-                await fs.promises.unlink(tempPath);
-            }
-            catch (error) {
-                // Ignore errors during cleanup
-                console.warn(`Failed to delete temp file: ${tempPath}`, error);
-            }
-        });
-        await Promise.all(deletePromises);
-        this.tempFiles.clear();
-        // Try to remove temp directory if empty
-        try {
-            await fs.promises.rmdir(this.tempDir);
-        }
-        catch {
-            // Directory not empty or doesn't exist, which is fine
-        }
-    }
-    /**
-     * Synchronous cleanup for process exit
-     */
-    cleanupSync() {
-        for (const tempPath of this.tempFiles) {
-            try {
-                fs.unlinkSync(tempPath);
-            }
-            catch {
-                // Ignore errors during cleanup
-            }
-        }
-        try {
-            fs.rmdirSync(this.tempDir);
-        }
-        catch {
-            // Directory not empty or doesn't exist
-        }
-    }
-    /**
-     * Get list of managed temp files
-     */
-    getTempFiles() {
-        return Array.from(this.tempFiles);
-    }
-}
-/**
- * Ensure directory exists with safe permissions
- */
-export async function ensureDir(dirPath, baseDir) {
-    const safeDir = validatePath(dirPath, baseDir);
-    await fs.promises.mkdir(safeDir, {
-        recursive: true,
-        mode: 0o755, // rwxr-xr-x
-    });
-    return safeDir;
-}
-/**
- * Get safe file stats without following symlinks
- */
-export async function safeStats(filePath, baseDir) {
-    const safePath = validatePath(filePath, baseDir);
-    return await fs.promises.lstat(safePath);
-}
-/**
- * Check if path exists within base directory
- */
-export async function pathExists(filePath, baseDir) {
-    try {
-        const safePath = validatePath(filePath, baseDir);
-        await fs.promises.access(safePath, fs.constants.F_OK);
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
-//# sourceMappingURL=path-security.js.map

package/dist/security/path-security.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"path-security.js","sourceRoot":"","sources":["../../src/security/path-security.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAe;IAC5D,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,aAAa,CACrB,sCAAsC,EACtC,cAAc,CACf,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,aAAa,CACrB,2CAA2C,EAC3C,kBAAkB,CACnB,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAErD,0BAA0B;IAC1B,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAE/D,oCAAoC;IACpC,IAAI,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,aAAa,CACrB,oCAAoC,QAAQ,EAAE,EAC9C,gBAAgB,CACjB,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,aAAa,CACrB,0BAA0B,EAC1B,mBAAmB,CACpB,CAAC;IACJ,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAAgB;IACnD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAChD,OAAO,KAAK,CAAC,cAAc,EAAE,CAAC;IAChC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,qBAAqB;QACrB,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAAgB,EAChB,IAAqB,EACrB,OAAe,EACf,OAA4D;IAE5D,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEjD,wCAAwC;IACxC,IAAI,MAAM,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,aAAa,CACrB,+BAA+B,EAC/B,sBAAsB,CACvB,CAAC;IACJ,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACtD,MAAM,IAAI,aAAa,CACrB,kDAAkD,EAClD,aAAa,CACd,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,4CAA4C;YAC5C,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACvD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAElD,gEAAgE;IAChE,MAAM,QAAQ,GAAG,GAAG,QAAQ,QAAQ,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAEjD,IAAI,CAAC;QACH,IAAI,OAAO,EAAE,QAAQ,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAClD,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9E,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC9C,CAAC;QAED,gBAAgB;QAChB,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,8BAA8B;QAC9B,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,OAAe,EACf,OAAiE;IAEjE,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEjD,oCAAoC;IACpC,IAAI,CAAC,OAAO,EAAE,cAAc,IAAI,MAAM,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,aAAa,CACrB,2BAA2B,EAC3B,qBAAqB,CACtB,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,aAAa,CACrB,mCAAmC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAC5D,mBAAmB,CACpB,CAAC;IACJ,CAAC;IAED,YAAY;IACZ,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;QACtB,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC9E,CAAC;SAAM,CAAC;QACN,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAe,EACf,OAAe,EACf,OAA4D;IAE5D,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAE/C,0BAA0B;IAC1B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,aAAa,CACrB,yBAAyB,EACzB,iBAAiB,CAClB,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACvD,MAAM,IAAI,aAAa,CACrB,qBAAqB,EACrB,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,4CAA4C;QAC5C,IAAI,CAAC,OAAO,EAAE,eAAe,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5D,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEhD,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;aAAM,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;YACrD,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YACjE,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAgB,EAChB,OAAe,EACf,OAA6B;IAE7B,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEjD,6BAA6B;IAC7B,IAAI,MAAM,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;YACpB,MAAM,IAAI,aAAa,CACrB,kDAAkD,EAClD,uBAAuB,CACxB,CAAC;QACJ,CAAC;QACD,4CAA4C;QAC5C,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACnC,OAAO;IACT,CAAC;IAED,cAAc;IACd,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACvD,oCAAoC;YACpC,OAAO;QACT,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,eAAe;IAClB,SAAS,GAAgB,IAAI,GAAG,EAAE,CAAC;IACnC,OAAO,CAAS;IAChB,gBAAgB,GAAY,KAAK,CAAC;IAE1C,YAAY,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3D,mCAAmC;QACnC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACxB,IAAI,CAAC,WAAW,EAAE,CAAC;gBACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACzB,IAAI,CAAC,WAAW,EAAE,CAAC;gBACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC/B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,SAAiB,SAAS;QAC7C,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,QAAQ,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;QACtF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEnD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,IAAqB,EACrB,SAAiB,SAAS;QAE1B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC5C,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB;QACnC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,aAAa,CACrB,+CAA+C,EAC/C,eAAe,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACvD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;YACvE,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,+BAA+B;gBAC/B,OAAO,CAAC,IAAI,CAAC,+BAA+B,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC;YACjE,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QAEvB,wCAAwC;QACxC,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,sDAAsD;QACxD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,WAAW;QACjB,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC;gBACP,+BAA+B;YACjC,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,uCAAuC;QACzC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,OAAe,EACf,OAAe;IAEf,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAE/C,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE;QAC/B,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,KAAK,EAAE,YAAY;KAC1B,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAgB,EAChB,OAAe;IAEf,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACjD,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/security/validation.d.ts

@@ -1,95 +0,0 @@
-/**
- * AgentDB v2 Security Validation
- *
- * Comprehensive input validation for RuVector integration:
- * - Vector dimension and value validation (NaN/Infinity prevention)
- * - ID sanitization (path traversal prevention)
- * - Search options validation (bounds checking)
- * - Cypher query parameter validation (injection prevention)
- * - Metadata sanitization (sensitive data protection)
- */
-/**
- * Security limits for AgentDB v2
- */
-export declare const SECURITY_LIMITS: {
-    readonly MAX_VECTORS: 10000000;
-    readonly MAX_DIMENSION: 4096;
-    readonly MAX_BATCH_SIZE: 10000;
-    readonly MAX_K: 10000;
-    readonly QUERY_TIMEOUT_MS: 30000;
-    readonly MAX_MEMORY_MB: 16384;
-    readonly MAX_ID_LENGTH: 256;
-    readonly MAX_METADATA_SIZE: 65536;
-    readonly MAX_LABEL_LENGTH: 128;
-    readonly MAX_PROPERTY_KEY_LENGTH: 128;
-    readonly MAX_CYPHER_PARAMS: 100;
-    readonly MIN_DIMENSION: 1;
-    readonly MIN_K: 1;
-    readonly MIN_THRESHOLD: 0;
-    readonly MAX_THRESHOLD: 1;
-    readonly MIN_EF_SEARCH: 1;
-    readonly MAX_EF_SEARCH: 1000;
-    readonly MIN_EF_CONSTRUCTION: 4;
-    readonly MAX_EF_CONSTRUCTION: 500;
-    readonly MAX_M: 64;
-    readonly MIN_M: 2;
-};
-/**
- * Validate vector embedding data
- * Prevents NaN, Infinity, and dimension mismatches
- */
-export declare function validateVector(embedding: Float32Array | number[], expectedDim: number, fieldName?: string): void;
-/**
- * Validate vector ID
- * Prevents path traversal, excessive length, and malicious characters
- */
-export declare function validateVectorId(id: string, fieldName?: string): string;
-/**
- * Validate search options
- * Ensures k, threshold, and other parameters are within safe bounds
- */
-export interface SearchOptions {
-    k?: number;
-    threshold?: number;
-    efSearch?: number;
-    filter?: Record<string, any>;
-    includeMetadata?: boolean;
-    includeVectors?: boolean;
-}
-export declare function validateSearchOptions(options: SearchOptions): SearchOptions;
-/**
- * Validate HNSW index parameters
- */
-export interface HNSWParams {
-    M?: number;
-    efConstruction?: number;
-    efSearch?: number;
-}
-export declare function validateHNSWParams(params: HNSWParams): HNSWParams;
-/**
- * Sanitize metadata to prevent sensitive data exposure
- * Removes fields that commonly contain secrets or PII
- */
-export declare function sanitizeMetadata(metadata: Record<string, any>): Record<string, any>;
-/**
- * Validate Cypher query parameters for graph operations
- * Prevents Cypher injection attacks
- */
-export declare function validateCypherParams(params: Record<string, any>): Record<string, any>;
-/**
- * Validate graph node label
- */
-export declare function validateLabel(label: string): string;
-/**
- * Validate batch size for bulk operations
- */
-export declare function validateBatchSize(batchSize: number): number;
-/**
- * Validate vector count doesn't exceed limits
- */
-export declare function validateVectorCount(count: number): void;
-/**
- * Safe logging that doesn't expose vectors or sensitive data
- */
-export declare function safeLog(message: string, data?: any): void;
-//# sourceMappingURL=validation.d.ts.map

package/dist/security/validation.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/security/validation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;CAsBlB,CAAC;AAEX;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,SAAS,EAAE,YAAY,GAAG,MAAM,EAAE,EAClC,WAAW,EAAE,MAAM,EACnB,SAAS,GAAE,MAAiB,GAC3B,IAAI,CAiDN;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,GAAE,MAAa,GAAG,MAAM,CAsD7E;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,CAmG3E;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,UAAU,GAAG,UAAU,CAkDjE;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC5B,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAqDrB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC1B,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CA+CrB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAmCnD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAkB3D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAQvD;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,GAAG,IAAI,CA0BzD"}