agentic-flow 2.0.1-alpha.4 → 2.0.1-alpha.8

package/dist/utils/input-validator.js

@@ -0,0 +1,299 @@
+/**
+ * Input Validation Utilities
+ *
+ * Provides secure input validation for RuVector integration:
+ * - Task description validation
+ * - Configuration validation
+ * - Injection attack prevention
+ * - Resource exhaustion prevention
+ */
+export class ValidationError extends Error {
+    field;
+    constructor(message, field) {
+        super(message);
+        this.field = field;
+        this.name = 'ValidationError';
+    }
+}
+/**
+ * Input Validator
+ *
+ * Validates all external inputs to prevent:
+ * - Injection attacks (XSS, SQL injection, prompt injection)
+ * - Resource exhaustion (excessive length, recursion)
+ * - Malicious content (scripts, control characters)
+ */
+export class InputValidator {
+    // Suspicious patterns that could indicate attacks
+    static SUSPICIOUS_PATTERNS = [
+        /<script/i, // XSS attempt
+        /javascript:/i, // JavaScript protocol
+        /data:text\/html/i, // Data URI XSS
+        /on\w+\s*=/i, // Event handlers
+        /\beval\s*\(/i, // eval() calls
+        /\bFunction\s*\(/i, // Function constructor
+        /__proto__/, // Prototype pollution
+        /\.\.\//, // Path traversal
+        /[;\x00]/, // SQL injection chars
+    ];
+    // Control characters that should be removed
+    static CONTROL_CHARS_REGEX = /[\x00-\x1F\x7F]/g;
+    /**
+     * Validate task description
+     *
+     * @param taskDescription - User-provided task description
+     * @param options - Validation options
+     * @returns Sanitized task description
+     * @throws ValidationError if invalid
+     */
+    static validateTaskDescription(taskDescription, options) {
+        const opts = {
+            maxLength: options?.maxLength ?? 10000,
+            minLength: options?.minLength ?? 1,
+            allowEmpty: options?.allowEmpty ?? false,
+            sanitize: options?.sanitize ?? true,
+        };
+        // Check for null/undefined
+        if (taskDescription === null || taskDescription === undefined) {
+            throw new ValidationError('Task description is required', 'taskDescription');
+        }
+        // Check type
+        if (typeof taskDescription !== 'string') {
+            throw new ValidationError(`Task description must be a string, got ${typeof taskDescription}`, 'taskDescription');
+        }
+        // Check empty
+        if (!opts.allowEmpty && taskDescription.trim().length === 0) {
+            throw new ValidationError('Task description cannot be empty', 'taskDescription');
+        }
+        // Check length
+        if (taskDescription.length < opts.minLength) {
+            throw new ValidationError(`Task description too short (min ${opts.minLength} chars)`, 'taskDescription');
+        }
+        if (taskDescription.length > opts.maxLength) {
+            throw new ValidationError(`Task description too long (max ${opts.maxLength} chars)`, 'taskDescription');
+        }
+        // Sanitize if requested
+        let sanitized = taskDescription;
+        if (opts.sanitize) {
+            // Remove control characters
+            sanitized = sanitized.replace(InputValidator.CONTROL_CHARS_REGEX, '');
+            // Check for suspicious patterns
+            for (const pattern of InputValidator.SUSPICIOUS_PATTERNS) {
+                if (pattern.test(sanitized)) {
+                    throw new ValidationError('Task description contains suspicious content', 'taskDescription');
+                }
+            }
+        }
+        return sanitized.trim();
+    }
+    /**
+     * Validate agent name
+     *
+     * @param agentName - Agent identifier
+     * @returns Sanitized agent name
+     * @throws ValidationError if invalid
+     */
+    static validateAgentName(agentName) {
+        if (!agentName || typeof agentName !== 'string') {
+            throw new ValidationError('Agent name is required', 'agentName');
+        }
+        if (agentName.length < 1 || agentName.length > 100) {
+            throw new ValidationError('Agent name must be between 1-100 characters', 'agentName');
+        }
+        // Only allow alphanumeric, dash, underscore
+        if (!/^[a-zA-Z0-9_-]+$/.test(agentName)) {
+            throw new ValidationError('Agent name can only contain letters, numbers, dash, and underscore', 'agentName');
+        }
+        return agentName.toLowerCase();
+    }
+    /**
+     * Validate confidence score
+     *
+     * @param confidence - Confidence score (0-1)
+     * @returns Validated confidence
+     * @throws ValidationError if invalid
+     */
+    static validateConfidence(confidence) {
+        if (typeof confidence !== 'number') {
+            throw new ValidationError(`Confidence must be a number, got ${typeof confidence}`, 'confidence');
+        }
+        if (Number.isNaN(confidence) || !Number.isFinite(confidence)) {
+            throw new ValidationError('Confidence must be a valid number', 'confidence');
+        }
+        if (confidence < 0 || confidence > 1) {
+            throw new ValidationError('Confidence must be between 0 and 1', 'confidence');
+        }
+        return confidence;
+    }
+    /**
+     * Validate timeout value
+     *
+     * @param timeout - Timeout in milliseconds
+     * @param min - Minimum allowed timeout (default: 100ms)
+     * @param max - Maximum allowed timeout (default: 5 minutes)
+     * @returns Validated timeout
+     * @throws ValidationError if invalid
+     */
+    static validateTimeout(timeout, min = 100, max = 300000) {
+        if (typeof timeout !== 'number') {
+            throw new ValidationError(`Timeout must be a number, got ${typeof timeout}`, 'timeout');
+        }
+        if (Number.isNaN(timeout) || !Number.isFinite(timeout)) {
+            throw new ValidationError('Timeout must be a valid number', 'timeout');
+        }
+        if (timeout < min) {
+            throw new ValidationError(`Timeout too short (min ${min}ms)`, 'timeout');
+        }
+        if (timeout > max) {
+            throw new ValidationError(`Timeout too long (max ${max}ms)`, 'timeout');
+        }
+        return Math.floor(timeout);
+    }
+    /**
+     * Validate array of strings
+     *
+     * @param array - Array to validate
+     * @param fieldName - Field name for error messages
+     * @param maxItems - Maximum number of items
+     * @param maxLength - Maximum length per item
+     * @returns Validated array
+     * @throws ValidationError if invalid
+     */
+    static validateStringArray(array, fieldName, maxItems = 100, maxLength = 1000) {
+        if (!Array.isArray(array)) {
+            throw new ValidationError(`${fieldName} must be an array`, fieldName);
+        }
+        if (array.length > maxItems) {
+            throw new ValidationError(`${fieldName} has too many items (max ${maxItems})`, fieldName);
+        }
+        const validated = [];
+        for (let i = 0; i < array.length; i++) {
+            const item = array[i];
+            if (typeof item !== 'string') {
+                throw new ValidationError(`${fieldName}[${i}] must be a string`, fieldName);
+            }
+            if (item.length > maxLength) {
+                throw new ValidationError(`${fieldName}[${i}] too long (max ${maxLength} chars)`, fieldName);
+            }
+            validated.push(item);
+        }
+        return validated;
+    }
+    /**
+     * Validate configuration object
+     *
+     * @param config - Configuration to validate
+     * @param schema - Validation schema
+     * @returns Validated configuration
+     * @throws ValidationError if invalid
+     */
+    static validateConfig(config, schema) {
+        if (!config || typeof config !== 'object') {
+            throw new ValidationError('Configuration must be an object', 'config');
+        }
+        const validated = {};
+        const configObj = config;
+        for (const [key, rules] of Object.entries(schema)) {
+            const value = configObj[key];
+            // Check required
+            if (rules.required && (value === undefined || value === null)) {
+                throw new ValidationError(`Configuration field '${key}' is required`, key);
+            }
+            // Skip if optional and not provided
+            if (!rules.required && (value === undefined || value === null)) {
+                continue;
+            }
+            // Check type
+            if (typeof value !== rules.type) {
+                throw new ValidationError(`Configuration field '${key}' must be ${rules.type}, got ${typeof value}`, key);
+            }
+            // Validate numbers
+            if (rules.type === 'number') {
+                if (Number.isNaN(value) || !Number.isFinite(value)) {
+                    throw new ValidationError(`Configuration field '${key}' must be a valid number`, key);
+                }
+                if (rules.min !== undefined && value < rules.min) {
+                    throw new ValidationError(`Configuration field '${key}' must be >= ${rules.min}`, key);
+                }
+                if (rules.max !== undefined && value > rules.max) {
+                    throw new ValidationError(`Configuration field '${key}' must be <= ${rules.max}`, key);
+                }
+            }
+            // Custom validator
+            if (rules.validator && !rules.validator(value)) {
+                throw new ValidationError(`Configuration field '${key}' failed validation`, key);
+            }
+            validated[key] = value;
+        }
+        return validated;
+    }
+    /**
+     * Sanitize HTML to prevent XSS
+     *
+     * @param html - HTML string to sanitize
+     * @returns Sanitized HTML (text only)
+     */
+    static sanitizeHtml(html) {
+        if (typeof html !== 'string') {
+            return '';
+        }
+        // Strip all HTML tags, keep text only
+        return html
+            .replace(/<[^>]*>/g, '')
+            .replace(/&lt;/g, '<')
+            .replace(/&gt;/g, '>')
+            .replace(/&amp;/g, '&')
+            .replace(/&quot;/g, '"')
+            .replace(/&#x27;/g, "'");
+    }
+    /**
+     * Validate email address
+     *
+     * @param email - Email to validate
+     * @returns Normalized email
+     * @throws ValidationError if invalid
+     */
+    static validateEmail(email) {
+        if (!email || typeof email !== 'string') {
+            throw new ValidationError('Email is required', 'email');
+        }
+        // Basic email regex
+        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+        if (!emailRegex.test(email)) {
+            throw new ValidationError('Invalid email format', 'email');
+        }
+        if (email.length > 254) {
+            throw new ValidationError('Email too long (max 254 chars)', 'email');
+        }
+        return email.toLowerCase().trim();
+    }
+}
+/**
+ * Validation middleware factory
+ *
+ * Creates validation middleware for Express/Fastify routes
+ */
+export function createValidationMiddleware(validator) {
+    return async (req, res, next) => {
+        try {
+            await validator(req);
+            next();
+        }
+        catch (error) {
+            if (error instanceof ValidationError) {
+                res.status(400).json({
+                    error: 'Validation Error',
+                    message: error.message,
+                    field: error.field,
+                });
+            }
+            else {
+                res.status(500).json({
+                    error: 'Internal Server Error',
+                    message: 'Validation failed',
+                });
+            }
+        }
+    };
+}
+//# sourceMappingURL=input-validator.js.map

package/dist/utils/input-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"input-validator.js","sourceRoot":"","sources":["../../src/utils/input-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AASH,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACJ;IAApC,YAAY,OAAe,EAAS,KAAc;QAChD,KAAK,CAAC,OAAO,CAAC,CAAC;QADmB,UAAK,GAAL,KAAK,CAAS;QAEhD,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED;;;;;;;GAOG;AACH,MAAM,OAAO,cAAc;IACzB,kDAAkD;IAC1C,MAAM,CAAU,mBAAmB,GAAG;QAC5C,UAAU,EAAqB,cAAc;QAC7C,cAAc,EAAiB,sBAAsB;QACrD,kBAAkB,EAAa,eAAe;QAC9C,YAAY,EAAmB,iBAAiB;QAChD,cAAc,EAAiB,eAAe;QAC9C,kBAAkB,EAAa,uBAAuB;QACtD,WAAW,EAAoB,sBAAsB;QACrD,QAAQ,EAAuB,iBAAiB;QAChD,SAAS,EAAsB,sBAAsB;KACtD,CAAC;IAEF,4CAA4C;IACpC,MAAM,CAAU,mBAAmB,GAAG,kBAAkB,CAAC;IAEjE;;;;;;;OAOG;IACH,MAAM,CAAC,uBAAuB,CAC5B,eAAuB,EACvB,OAA2B;QAE3B,MAAM,IAAI,GAAG;YACX,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,KAAK;YACtC,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,CAAC;YAClC,UAAU,EAAE,OAAO,EAAE,UAAU,IAAI,KAAK;YACxC,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,IAAI;SACpC,CAAC;QAEF,2BAA2B;QAC3B,IAAI,eAAe,KAAK,IAAI,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;YAC9D,MAAM,IAAI,eAAe,CAAC,8BAA8B,EAAE,iBAAiB,CAAC,CAAC;QAC/E,CAAC;QAED,aAAa;QACb,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,IAAI,eAAe,CACvB,0CAA0C,OAAO,eAAe,EAAE,EAClE,iBAAiB,CAClB,CAAC;QACJ,CAAC;QAED,cAAc;QACd,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,eAAe,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,eAAe,CAAC,kCAAkC,EAAE,iBAAiB,CAAC,CAAC;QACnF,CAAC;QAED,eAAe;QACf,IAAI,eAAe,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5C,MAAM,IAAI,eAAe,CACvB,mCAAmC,IAAI,CAAC,SAAS,SAAS,EAC1D,iBAAiB,CAClB,CAAC;QACJ,CAAC;QAED,IAAI,eAAe,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5C,MAAM,IAAI,eAAe,CACvB,kCAAkC,IAAI,CAAC,SAAS,SAAS,EACzD,iBAAiB,CAClB,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,IAAI,SAAS,GAAG,eAAe,CAAC;QAChC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,4BAA4B;YAC5B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAC;YAEtE,gCAAgC;YAChC,KAAK,MAAM,OAAO,IAAI,cAAc,CAAC,mBAAmB,EAAE,CAAC;gBACzD,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC5B,MAAM,IAAI,eAAe,CACvB,8CAA8C,EAC9C,iBAAiB,CAClB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,iBAAiB,CAAC,SAAiB;QACxC,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,eAAe,CAAC,wBAAwB,EAAE,WAAW,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACnD,MAAM,IAAI,eAAe,CACvB,6CAA6C,EAC7C,WAAW,CACZ,CAAC;QACJ,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,eAAe,CACvB,oEAAoE,EACpE,WAAW,CACZ,CAAC;QACJ,CAAC;QAED,OAAO,SAAS,CAAC,WAAW,EAAE,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,kBAAkB,CAAC,UAAkB;QAC1C,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,IAAI,eAAe,CACvB,oCAAoC,OAAO,UAAU,EAAE,EACvD,YAAY,CACb,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,eAAe,CAAC,mCAAmC,EAAE,YAAY,CAAC,CAAC;QAC/E,CAAC;QAED,IAAI,UAAU,GAAG,CAAC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,eAAe,CAAC,oCAAoC,EAAE,YAAY,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,eAAe,CACpB,OAAe,EACf,MAAc,GAAG,EACjB,MAAc,MAAM;QAEpB,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,IAAI,eAAe,CACvB,iCAAiC,OAAO,OAAO,EAAE,EACjD,SAAS,CACV,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,eAAe,CAAC,gCAAgC,EAAE,SAAS,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YAClB,MAAM,IAAI,eAAe,CAAC,0BAA0B,GAAG,KAAK,EAAE,SAAS,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YAClB,MAAM,IAAI,eAAe,CAAC,yBAAyB,GAAG,KAAK,EAAE,SAAS,CAAC,CAAC;QAC1E,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,mBAAmB,CACxB,KAAc,EACd,SAAiB,EACjB,WAAmB,GAAG,EACtB,YAAoB,IAAI;QAExB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,eAAe,CAAC,GAAG,SAAS,mBAAmB,EAAE,SAAS,CAAC,CAAC;QACxE,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,eAAe,CACvB,GAAG,SAAS,4BAA4B,QAAQ,GAAG,EACnD,SAAS,CACV,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAEtB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,MAAM,IAAI,eAAe,CACvB,GAAG,SAAS,IAAI,CAAC,oBAAoB,EACrC,SAAS,CACV,CAAC;YACJ,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;gBAC5B,MAAM,IAAI,eAAe,CACvB,GAAG,SAAS,IAAI,CAAC,mBAAmB,SAAS,SAAS,EACtD,SAAS,CACV,CAAC;YACJ,CAAC;YAED,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,cAAc,CACnB,MAAe,EACf,MAQC;QAED,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,IAAI,eAAe,CAAC,iCAAiC,EAAE,QAAQ,CAAC,CAAC;QACzE,CAAC;QAED,MAAM,SAAS,GAAQ,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,MAA6B,CAAC;QAEhD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE7B,iBAAiB;YACjB,IAAI,KAAK,CAAC,QAAQ,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC,EAAE,CAAC;gBAC9D,MAAM,IAAI,eAAe,CAAC,wBAAwB,GAAG,eAAe,EAAE,GAAG,CAAC,CAAC;YAC7E,CAAC;YAED,oCAAoC;YACpC,IAAI,CAAC,KAAK,CAAC,QAAQ,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC,EAAE,CAAC;gBAC/D,SAAS;YACX,CAAC;YAED,aAAa;YACb,IAAI,OAAO,KAAK,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC;gBAChC,MAAM,IAAI,eAAe,CACvB,wBAAwB,GAAG,aAAa,KAAK,CAAC,IAAI,SAAS,OAAO,KAAK,EAAE,EACzE,GAAG,CACJ,CAAC;YACJ,CAAC;YAED,mBAAmB;YACnB,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC5B,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACnD,MAAM,IAAI,eAAe,CACvB,wBAAwB,GAAG,0BAA0B,EACrD,GAAG,CACJ,CAAC;gBACJ,CAAC;gBAED,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,IAAI,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;oBACjD,MAAM,IAAI,eAAe,CACvB,wBAAwB,GAAG,gBAAgB,KAAK,CAAC,GAAG,EAAE,EACtD,GAAG,CACJ,CAAC;gBACJ,CAAC;gBAED,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,IAAI,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;oBACjD,MAAM,IAAI,eAAe,CACvB,wBAAwB,GAAG,gBAAgB,KAAK,CAAC,GAAG,EAAE,EACtD,GAAG,CACJ,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,mBAAmB;YACnB,IAAI,KAAK,CAAC,SAAS,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/C,MAAM,IAAI,eAAe,CACvB,wBAAwB,GAAG,qBAAqB,EAChD,GAAG,CACJ,CAAC;YACJ,CAAC;YAED,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;QAED,OAAO,SAAc,CAAC;IACxB,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,YAAY,CAAC,IAAY;QAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,sCAAsC;QACtC,OAAO,IAAI;aACR,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;aACvB,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;aACrB,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;aACrB,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC;aACtB,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC;aACvB,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,aAAa,CAAC,KAAa;QAChC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,IAAI,eAAe,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;QAC1D,CAAC;QAED,oBAAoB;QACpB,MAAM,UAAU,GAAG,4BAA4B,CAAC;QAChD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,eAAe,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,eAAe,CAAC,gCAAgC,EAAE,OAAO,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IACpC,CAAC;;AAGH;;;;GAIG;AACH,MAAM,UAAU,0BAA0B,CACxC,SAA6C;IAE7C,OAAO,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;QAC7C,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;YACrB,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;gBACrC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,kBAAkB;oBACzB,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,KAAK,EAAE,KAAK,CAAC,KAAK;iBACnB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,uBAAuB;oBAC9B,OAAO,EAAE,mBAAmB;iBAC7B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Input Validation Utilities\n *\n * Provides secure input validation for RuVector integration:\n * - Task description validation\n * - Configuration validation\n * - Injection attack prevention\n * - Resource exhaustion prevention\n */\n\nexport interface ValidationOptions {\n  maxLength?: number;\n  minLength?: number;\n  allowEmpty?: boolean;\n  sanitize?: boolean;\n}\n\nexport class ValidationError extends Error {\n  constructor(message: string, public field?: string) {\n    super(message);\n    this.name = 'ValidationError';\n  }\n}\n\n/**\n * Input Validator\n *\n * Validates all external inputs to prevent:\n * - Injection attacks (XSS, SQL injection, prompt injection)\n * - Resource exhaustion (excessive length, recursion)\n * - Malicious content (scripts, control characters)\n */\nexport class InputValidator {\n  // Suspicious patterns that could indicate attacks\n  private static readonly SUSPICIOUS_PATTERNS = [\n    /<script/i,                    // XSS attempt\n    /javascript:/i,                // JavaScript protocol\n    /data:text\\/html/i,            // Data URI XSS\n    /on\\w+\\s*=/i,                  // Event handlers\n    /\\beval\\s*\\(/i,                // eval() calls\n    /\\bFunction\\s*\\(/i,            // Function constructor\n    /__proto__/,                   // Prototype pollution\n    /\\.\\.\\//,                      // Path traversal\n    /[;\\x00]/,                     // SQL injection chars\n  ];\n\n  // Control characters that should be removed\n  private static readonly CONTROL_CHARS_REGEX = /[\\x00-\\x1F\\x7F]/g;\n\n  /**\n   * Validate task description\n   *\n   * @param taskDescription - User-provided task description\n   * @param options - Validation options\n   * @returns Sanitized task description\n   * @throws ValidationError if invalid\n   */\n  static validateTaskDescription(\n    taskDescription: string,\n    options?: ValidationOptions\n  ): string {\n    const opts = {\n      maxLength: options?.maxLength ?? 10000,\n      minLength: options?.minLength ?? 1,\n      allowEmpty: options?.allowEmpty ?? false,\n      sanitize: options?.sanitize ?? true,\n    };\n\n    // Check for null/undefined\n    if (taskDescription === null || taskDescription === undefined) {\n      throw new ValidationError('Task description is required', 'taskDescription');\n    }\n\n    // Check type\n    if (typeof taskDescription !== 'string') {\n      throw new ValidationError(\n        `Task description must be a string, got ${typeof taskDescription}`,\n        'taskDescription'\n      );\n    }\n\n    // Check empty\n    if (!opts.allowEmpty && taskDescription.trim().length === 0) {\n      throw new ValidationError('Task description cannot be empty', 'taskDescription');\n    }\n\n    // Check length\n    if (taskDescription.length < opts.minLength) {\n      throw new ValidationError(\n        `Task description too short (min ${opts.minLength} chars)`,\n        'taskDescription'\n      );\n    }\n\n    if (taskDescription.length > opts.maxLength) {\n      throw new ValidationError(\n        `Task description too long (max ${opts.maxLength} chars)`,\n        'taskDescription'\n      );\n    }\n\n    // Sanitize if requested\n    let sanitized = taskDescription;\n    if (opts.sanitize) {\n      // Remove control characters\n      sanitized = sanitized.replace(InputValidator.CONTROL_CHARS_REGEX, '');\n\n      // Check for suspicious patterns\n      for (const pattern of InputValidator.SUSPICIOUS_PATTERNS) {\n        if (pattern.test(sanitized)) {\n          throw new ValidationError(\n            'Task description contains suspicious content',\n            'taskDescription'\n          );\n        }\n      }\n    }\n\n    return sanitized.trim();\n  }\n\n  /**\n   * Validate agent name\n   *\n   * @param agentName - Agent identifier\n   * @returns Sanitized agent name\n   * @throws ValidationError if invalid\n   */\n  static validateAgentName(agentName: string): string {\n    if (!agentName || typeof agentName !== 'string') {\n      throw new ValidationError('Agent name is required', 'agentName');\n    }\n\n    if (agentName.length < 1 || agentName.length > 100) {\n      throw new ValidationError(\n        'Agent name must be between 1-100 characters',\n        'agentName'\n      );\n    }\n\n    // Only allow alphanumeric, dash, underscore\n    if (!/^[a-zA-Z0-9_-]+$/.test(agentName)) {\n      throw new ValidationError(\n        'Agent name can only contain letters, numbers, dash, and underscore',\n        'agentName'\n      );\n    }\n\n    return agentName.toLowerCase();\n  }\n\n  /**\n   * Validate confidence score\n   *\n   * @param confidence - Confidence score (0-1)\n   * @returns Validated confidence\n   * @throws ValidationError if invalid\n   */\n  static validateConfidence(confidence: number): number {\n    if (typeof confidence !== 'number') {\n      throw new ValidationError(\n        `Confidence must be a number, got ${typeof confidence}`,\n        'confidence'\n      );\n    }\n\n    if (Number.isNaN(confidence) || !Number.isFinite(confidence)) {\n      throw new ValidationError('Confidence must be a valid number', 'confidence');\n    }\n\n    if (confidence < 0 || confidence > 1) {\n      throw new ValidationError('Confidence must be between 0 and 1', 'confidence');\n    }\n\n    return confidence;\n  }\n\n  /**\n   * Validate timeout value\n   *\n   * @param timeout - Timeout in milliseconds\n   * @param min - Minimum allowed timeout (default: 100ms)\n   * @param max - Maximum allowed timeout (default: 5 minutes)\n   * @returns Validated timeout\n   * @throws ValidationError if invalid\n   */\n  static validateTimeout(\n    timeout: number,\n    min: number = 100,\n    max: number = 300000\n  ): number {\n    if (typeof timeout !== 'number') {\n      throw new ValidationError(\n        `Timeout must be a number, got ${typeof timeout}`,\n        'timeout'\n      );\n    }\n\n    if (Number.isNaN(timeout) || !Number.isFinite(timeout)) {\n      throw new ValidationError('Timeout must be a valid number', 'timeout');\n    }\n\n    if (timeout < min) {\n      throw new ValidationError(`Timeout too short (min ${min}ms)`, 'timeout');\n    }\n\n    if (timeout > max) {\n      throw new ValidationError(`Timeout too long (max ${max}ms)`, 'timeout');\n    }\n\n    return Math.floor(timeout);\n  }\n\n  /**\n   * Validate array of strings\n   *\n   * @param array - Array to validate\n   * @param fieldName - Field name for error messages\n   * @param maxItems - Maximum number of items\n   * @param maxLength - Maximum length per item\n   * @returns Validated array\n   * @throws ValidationError if invalid\n   */\n  static validateStringArray(\n    array: unknown,\n    fieldName: string,\n    maxItems: number = 100,\n    maxLength: number = 1000\n  ): string[] {\n    if (!Array.isArray(array)) {\n      throw new ValidationError(`${fieldName} must be an array`, fieldName);\n    }\n\n    if (array.length > maxItems) {\n      throw new ValidationError(\n        `${fieldName} has too many items (max ${maxItems})`,\n        fieldName\n      );\n    }\n\n    const validated: string[] = [];\n    for (let i = 0; i < array.length; i++) {\n      const item = array[i];\n\n      if (typeof item !== 'string') {\n        throw new ValidationError(\n          `${fieldName}[${i}] must be a string`,\n          fieldName\n        );\n      }\n\n      if (item.length > maxLength) {\n        throw new ValidationError(\n          `${fieldName}[${i}] too long (max ${maxLength} chars)`,\n          fieldName\n        );\n      }\n\n      validated.push(item);\n    }\n\n    return validated;\n  }\n\n  /**\n   * Validate configuration object\n   *\n   * @param config - Configuration to validate\n   * @param schema - Validation schema\n   * @returns Validated configuration\n   * @throws ValidationError if invalid\n   */\n  static validateConfig<T extends Record<string, any>>(\n    config: unknown,\n    schema: {\n      [K in keyof T]: {\n        type: 'string' | 'number' | 'boolean' | 'object';\n        required?: boolean;\n        min?: number;\n        max?: number;\n        validator?: (value: any) => boolean;\n      };\n    }\n  ): T {\n    if (!config || typeof config !== 'object') {\n      throw new ValidationError('Configuration must be an object', 'config');\n    }\n\n    const validated: any = {};\n    const configObj = config as Record<string, any>;\n\n    for (const [key, rules] of Object.entries(schema)) {\n      const value = configObj[key];\n\n      // Check required\n      if (rules.required && (value === undefined || value === null)) {\n        throw new ValidationError(`Configuration field '${key}' is required`, key);\n      }\n\n      // Skip if optional and not provided\n      if (!rules.required && (value === undefined || value === null)) {\n        continue;\n      }\n\n      // Check type\n      if (typeof value !== rules.type) {\n        throw new ValidationError(\n          `Configuration field '${key}' must be ${rules.type}, got ${typeof value}`,\n          key\n        );\n      }\n\n      // Validate numbers\n      if (rules.type === 'number') {\n        if (Number.isNaN(value) || !Number.isFinite(value)) {\n          throw new ValidationError(\n            `Configuration field '${key}' must be a valid number`,\n            key\n          );\n        }\n\n        if (rules.min !== undefined && value < rules.min) {\n          throw new ValidationError(\n            `Configuration field '${key}' must be >= ${rules.min}`,\n            key\n          );\n        }\n\n        if (rules.max !== undefined && value > rules.max) {\n          throw new ValidationError(\n            `Configuration field '${key}' must be <= ${rules.max}`,\n            key\n          );\n        }\n      }\n\n      // Custom validator\n      if (rules.validator && !rules.validator(value)) {\n        throw new ValidationError(\n          `Configuration field '${key}' failed validation`,\n          key\n        );\n      }\n\n      validated[key] = value;\n    }\n\n    return validated as T;\n  }\n\n  /**\n   * Sanitize HTML to prevent XSS\n   *\n   * @param html - HTML string to sanitize\n   * @returns Sanitized HTML (text only)\n   */\n  static sanitizeHtml(html: string): string {\n    if (typeof html !== 'string') {\n      return '';\n    }\n\n    // Strip all HTML tags, keep text only\n    return html\n      .replace(/<[^>]*>/g, '')\n      .replace(/&lt;/g, '<')\n      .replace(/&gt;/g, '>')\n      .replace(/&amp;/g, '&')\n      .replace(/&quot;/g, '\"')\n      .replace(/&#x27;/g, \"'\");\n  }\n\n  /**\n   * Validate email address\n   *\n   * @param email - Email to validate\n   * @returns Normalized email\n   * @throws ValidationError if invalid\n   */\n  static validateEmail(email: string): string {\n    if (!email || typeof email !== 'string') {\n      throw new ValidationError('Email is required', 'email');\n    }\n\n    // Basic email regex\n    const emailRegex = /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/;\n    if (!emailRegex.test(email)) {\n      throw new ValidationError('Invalid email format', 'email');\n    }\n\n    if (email.length > 254) {\n      throw new ValidationError('Email too long (max 254 chars)', 'email');\n    }\n\n    return email.toLowerCase().trim();\n  }\n}\n\n/**\n * Validation middleware factory\n *\n * Creates validation middleware for Express/Fastify routes\n */\nexport function createValidationMiddleware(\n  validator: (req: any) => void | Promise<void>\n) {\n  return async (req: any, res: any, next: any) => {\n    try {\n      await validator(req);\n      next();\n    } catch (error) {\n      if (error instanceof ValidationError) {\n        res.status(400).json({\n          error: 'Validation Error',\n          message: error.message,\n          field: error.field,\n        });\n      } else {\n        res.status(500).json({\n          error: 'Internal Server Error',\n          message: 'Validation failed',\n        });\n      }\n    }\n  };\n}\n"]}

package/dist/utils/rate-limiter.js

@@ -10,11 +10,11 @@ export class RateLimiter {
         // Cleanup expired entries every minute
         this.cleanupInterval = setInterval(() => {
             const now = Date.now();
-            for (const [key, record] of this.clients.entries()) {
+            this.clients.forEach((record, key) => {
                 if (record.resetTime < now && (!record.blockedUntil || record.blockedUntil < now)) {
                     this.clients.delete(key);
                 }
-            }
+            });
         }, 60000);
     }
     async consume(key) {

package/dist/utils/rate-limiter.js.map

@@ -1 +1 @@
-{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../src/utils/rate-limiter.ts"],"names":[],"mappings":"AAAA;;GAEG;AAcH,MAAM,OAAO,WAAW;IACd,MAAM,CAAoB;IAC1B,OAAO,GAA8B,IAAI,GAAG,EAAE,CAAC;IAC/C,eAAe,CAAiB;IAExC,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,uCAAuC;QACvC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;gBACnD,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,GAAG,GAAG,CAAC,EAAE,CAAC;oBAClF,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC;QACH,CAAC,EAAE,KAAK,CAAC,CAAC;IACZ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAW;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAErC,6BAA6B;QAC7B,IAAI,MAAM,EAAE,YAAY,IAAI,MAAM,CAAC,YAAY,GAAG,GAAG,EAAE,CAAC;YACtD,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,GAAG,GAAG,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,qCAAqC,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAChG,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;YACtC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;gBACpB,KAAK,EAAE,CAAC;gBACR,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG,IAAI;aAC7C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,kBAAkB;QAClB,MAAM,CAAC,KAAK,EAAE,CAAC;QAEf,0BAA0B;QAC1B,IAAI,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACtC,MAAM,CAAC,YAAY,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,CAAC,MAAM,CAAC,MAAM,iBAAiB,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;QACvG,CAAC;IACH,CAAC;IAED,OAAO;QACL,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF","sourcesContent":["/**\n * Simple in-memory rate limiter for proxy protection\n */\n\nexport interface RateLimiterConfig {\n  points: number; // Number of requests\n  duration: number; // Time window in seconds\n  blockDuration: number; // Block duration in seconds when exceeded\n}\n\ninterface ClientRecord {\n  count: number;\n  resetTime: number;\n  blockedUntil?: number;\n}\n\nexport class RateLimiter {\n  private config: RateLimiterConfig;\n  private clients: Map<string, ClientRecord> = new Map();\n  private cleanupInterval: NodeJS.Timeout;\n\n  constructor(config: RateLimiterConfig) {\n    this.config = config;\n\n    // Cleanup expired entries every minute\n    this.cleanupInterval = setInterval(() => {\n      const now = Date.now();\n      for (const [key, record] of this.clients.entries()) {\n        if (record.resetTime < now && (!record.blockedUntil || record.blockedUntil < now)) {\n          this.clients.delete(key);\n        }\n      }\n    }, 60000);\n  }\n\n  async consume(key: string): Promise<void> {\n    const now = Date.now();\n    const record = this.clients.get(key);\n\n    // Check if client is blocked\n    if (record?.blockedUntil && record.blockedUntil > now) {\n      const remainingMs = record.blockedUntil - now;\n      throw new Error(`Rate limit exceeded. Try again in ${Math.ceil(remainingMs / 1000)} seconds`);\n    }\n\n    // Initialize or reset record\n    if (!record || record.resetTime < now) {\n      this.clients.set(key, {\n        count: 1,\n        resetTime: now + this.config.duration * 1000\n      });\n      return;\n    }\n\n    // Increment count\n    record.count++;\n\n    // Check if limit exceeded\n    if (record.count > this.config.points) {\n      record.blockedUntil = now + this.config.blockDuration * 1000;\n      throw new Error(`Rate limit exceeded (${this.config.points} requests per ${this.config.duration}s)`);\n    }\n  }\n\n  destroy(): void {\n    clearInterval(this.cleanupInterval);\n    this.clients.clear();\n  }\n}\n"]}
+{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../src/utils/rate-limiter.ts"],"names":[],"mappings":"AAAA;;GAEG;AAcH,MAAM,OAAO,WAAW;IACd,MAAM,CAAoB;IAC1B,OAAO,GAA8B,IAAI,GAAG,EAAE,CAAC;IAC/C,eAAe,CAAiB;IAExC,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,uCAAuC;QACvC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;gBACnC,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,GAAG,GAAG,CAAC,EAAE,CAAC;oBAClF,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,EAAE,KAAK,CAAC,CAAC;IACZ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAW;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAErC,6BAA6B;QAC7B,IAAI,MAAM,EAAE,YAAY,IAAI,MAAM,CAAC,YAAY,GAAG,GAAG,EAAE,CAAC;YACtD,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,GAAG,GAAG,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,qCAAqC,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAChG,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;YACtC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;gBACpB,KAAK,EAAE,CAAC;gBACR,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG,IAAI;aAC7C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,kBAAkB;QAClB,MAAM,CAAC,KAAK,EAAE,CAAC;QAEf,0BAA0B;QAC1B,IAAI,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACtC,MAAM,CAAC,YAAY,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,CAAC,MAAM,CAAC,MAAM,iBAAiB,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;QACvG,CAAC;IACH,CAAC;IAED,OAAO;QACL,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF","sourcesContent":["/**\n * Simple in-memory rate limiter for proxy protection\n */\n\nexport interface RateLimiterConfig {\n  points: number; // Number of requests\n  duration: number; // Time window in seconds\n  blockDuration: number; // Block duration in seconds when exceeded\n}\n\ninterface ClientRecord {\n  count: number;\n  resetTime: number;\n  blockedUntil?: number;\n}\n\nexport class RateLimiter {\n  private config: RateLimiterConfig;\n  private clients: Map<string, ClientRecord> = new Map();\n  private cleanupInterval: NodeJS.Timeout;\n\n  constructor(config: RateLimiterConfig) {\n    this.config = config;\n\n    // Cleanup expired entries every minute\n    this.cleanupInterval = setInterval(() => {\n      const now = Date.now();\n      this.clients.forEach((record, key) => {\n        if (record.resetTime < now && (!record.blockedUntil || record.blockedUntil < now)) {\n          this.clients.delete(key);\n        }\n      });\n    }, 60000);\n  }\n\n  async consume(key: string): Promise<void> {\n    const now = Date.now();\n    const record = this.clients.get(key);\n\n    // Check if client is blocked\n    if (record?.blockedUntil && record.blockedUntil > now) {\n      const remainingMs = record.blockedUntil - now;\n      throw new Error(`Rate limit exceeded. Try again in ${Math.ceil(remainingMs / 1000)} seconds`);\n    }\n\n    // Initialize or reset record\n    if (!record || record.resetTime < now) {\n      this.clients.set(key, {\n        count: 1,\n        resetTime: now + this.config.duration * 1000\n      });\n      return;\n    }\n\n    // Increment count\n    record.count++;\n\n    // Check if limit exceeded\n    if (record.count > this.config.points) {\n      record.blockedUntil = now + this.config.blockDuration * 1000;\n      throw new Error(`Rate limit exceeded (${this.config.points} requests per ${this.config.duration}s)`);\n    }\n  }\n\n  destroy(): void {\n    clearInterval(this.cleanupInterval);\n    this.clients.clear();\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentic-flow",
-  "version": "2.0.1-alpha.4",
+  "version": "2.0.1-alpha.8",
   "description": "Production-ready AI agent orchestration platform with 66 specialized agents, 213 MCP tools, ReasoningBank learning memory, and autonomous multi-agent swarms. Built by @ruvnet with Claude Agent SDK, neural networks, memory persistence, GitHub integration, and distributed consensus protocols.",
   "type": "module",
   "main": "dist/index.js",
@@ -143,10 +143,13 @@
     "@anthropic-ai/claude-agent-sdk": "^0.1.5",
     "@anthropic-ai/sdk": "^0.65.0",
     "@google/genai": "^1.22.0",
+    "@ruvector/router": "^0.1.25",
+    "@ruvector/ruvllm": "^0.2.3",
+    "@ruvector/tiny-dancer": "^0.1.15",
     "@supabase/supabase-js": "^2.78.0",
     "@xenova/transformers": "^2.17.2",
     "agent-booster": "file:../packages/agent-booster",
-    "agentdb": "^1.4.3",
+    "agentdb": "^2.0.0-alpha.2.20",
     "axios": "^1.12.2",
     "better-sqlite3": "^11.10.0",
     "dotenv": "^16.4.5",

package/wasm/reasoningbank/reasoningbank_wasm_bg.js

@@ -258,7 +258,7 @@ export function log(message) {
     wasm.log(ptr0, len0);
 }
 
-function __wbg_adapter_4(arg0, arg1, arg2) {
+function __wbg_adapter_6(arg0, arg1, arg2) {
     wasm.__wbindgen_export_5(arg0, arg1, addHeapObject(arg2));
 }
 
@@ -540,7 +540,7 @@ export function __wbindgen_cast_2241b6af4c4b2941(arg0, arg1) {
 
 export function __wbindgen_cast_8eb6fd44e7238d11(arg0, arg1) {
     // Cast intrinsic for `Closure(Closure { dtor_idx: 62, function: Function { arguments: [Externref], shim_idx: 63, ret: Unit, inner_ret: Some(Unit) }, mutable: true }) -> Externref`.
-    const ret = makeMutClosure(arg0, arg1, 62, __wbg_adapter_4);
+    const ret = makeMutClosure(arg0, arg1, 62, __wbg_adapter_6);
     return addHeapObject(ret);
 };