agentic-qe 3.3.0 → 3.3.2

package/v3/dist/mcp/security/validators/interfaces.d.ts

@@ -0,0 +1,164 @@
+/**
+ * Agentic QE v3 - MCP Security: Validation Strategy Interfaces
+ * Defines the Strategy Pattern interfaces for security validators
+ */
+/**
+ * Risk level classification for security validation
+ */
+export type RiskLevel = 'none' | 'low' | 'medium' | 'high' | 'critical';
+/**
+ * Base validation result returned by all validators
+ */
+export interface ValidationResult {
+    valid: boolean;
+    error?: string;
+    riskLevel: RiskLevel;
+}
+/**
+ * Path validation result with normalized path
+ */
+export interface PathValidationResult extends ValidationResult {
+    normalizedPath?: string;
+}
+/**
+ * Regex safety result with pattern analysis
+ */
+export interface RegexSafetyResult {
+    safe: boolean;
+    pattern?: string;
+    escapedPattern?: string;
+    error?: string;
+    riskyPatterns: string[];
+}
+/**
+ * Command validation result with sanitized command
+ */
+export interface CommandValidationResult extends ValidationResult {
+    sanitizedCommand?: string;
+    blockedPatterns: string[];
+}
+/**
+ * Input sanitization options
+ */
+export interface SanitizationOptions {
+    maxLength?: number;
+    allowedChars?: RegExp;
+    stripHtml?: boolean;
+    stripSql?: boolean;
+    escapeShell?: boolean;
+    trim?: boolean;
+    /** Strip dangerous control characters (null bytes, escape sequences, etc.) - default: true */
+    stripControlChars?: boolean;
+}
+/**
+ * Path validation options
+ */
+export interface PathValidationOptions {
+    basePath?: string;
+    allowAbsolute?: boolean;
+    allowedExtensions?: string[];
+    deniedExtensions?: string[];
+    maxDepth?: number;
+    maxLength?: number;
+}
+/**
+ * Regex validation options
+ */
+export interface RegexValidationOptions {
+    maxLength?: number;
+    maxComplexity?: number;
+}
+/**
+ * Command validation options
+ */
+export interface CommandValidationOptions {
+    allowedCommands?: string[];
+}
+/**
+ * Base interface for all validation strategies
+ * Implements the Strategy Pattern for modular security validation
+ */
+export interface IValidationStrategy<TInput = unknown, TOptions = unknown, TResult extends ValidationResult = ValidationResult> {
+    /**
+     * Unique name identifier for this validator
+     */
+    readonly name: string;
+    /**
+     * Validate the input according to this strategy
+     * @param input - The input to validate
+     * @param options - Optional validation options
+     * @returns The validation result
+     */
+    validate(input: TInput, options?: TOptions): TResult;
+    /**
+     * Get the risk level this validator typically addresses
+     * @returns The primary risk level category
+     */
+    getRiskLevel(): RiskLevel;
+}
+/**
+ * Path traversal validation strategy interface
+ */
+export interface IPathValidationStrategy extends IValidationStrategy<string, PathValidationOptions, PathValidationResult> {
+    normalizePath(path: string): string;
+    joinPaths(...paths: string[]): string;
+    joinPathsAbsolute(...paths: string[]): string;
+    getExtension(path: string): string | null;
+}
+/**
+ * Regex safety validation strategy interface
+ */
+export interface IRegexValidationStrategy extends IValidationStrategy<string, RegexValidationOptions, ValidationResult> {
+    isRegexSafe(pattern: string): RegexSafetyResult;
+    escapeRegex(str: string): string;
+    createSafeRegex(pattern: string, flags?: string, maxLength?: number): RegExp | null;
+}
+/**
+ * Command validation strategy interface
+ */
+export interface ICommandValidationStrategy extends IValidationStrategy<string, CommandValidationOptions, CommandValidationResult> {
+    escapeShellArg(arg: string): string;
+}
+/**
+ * Input sanitization strategy interface
+ */
+export interface IInputSanitizationStrategy {
+    readonly name: string;
+    sanitize(input: string, options?: SanitizationOptions): string;
+    escapeHtml(str: string): string;
+    stripHtmlTags(str: string): string;
+    getRiskLevel(): RiskLevel;
+}
+/**
+ * Crypto validation strategy interface
+ */
+export interface ICryptoValidationStrategy {
+    readonly name: string;
+    timingSafeCompare(a: string, b: string): boolean;
+    timingSafeHashCompare(value: string, expectedHash: string): boolean;
+    generateSecureToken(length?: number): string;
+    secureHash(value: string, salt?: string): string;
+    getRiskLevel(): RiskLevel;
+}
+/**
+ * Validation orchestrator interface for coordinating multiple validators
+ */
+export interface IValidationOrchestrator {
+    /**
+     * Register a validation strategy
+     */
+    registerStrategy(strategy: IValidationStrategy): void;
+    /**
+     * Get a registered strategy by name
+     */
+    getStrategy(name: string): IValidationStrategy | undefined;
+    /**
+     * Validate using a specific strategy
+     */
+    validateWith<TResult extends ValidationResult>(strategyName: string, input: unknown, options?: unknown): TResult;
+    /**
+     * Run all registered validators on an input
+     */
+    validateAll(input: unknown): Map<string, ValidationResult>;
+}
+//# sourceMappingURL=interfaces.d.ts.map

package/v3/dist/mcp/security/validators/interfaces.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../../../src/mcp/security/validators/interfaces.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAExE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,SAAS,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;IAC5D,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAwB,SAAQ,gBAAgB;IAC/D,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAMD;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,8FAA8F;IAC9F,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAMD;;;GAGG;AACH,MAAM,WAAW,mBAAmB,CAClC,MAAM,GAAG,OAAO,EAChB,QAAQ,GAAG,OAAO,EAClB,OAAO,SAAS,gBAAgB,GAAG,gBAAgB;IAEnD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC;IAErD;;;OAGG;IACH,YAAY,IAAI,SAAS,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,uBACf,SAAQ,mBAAmB,CAAC,MAAM,EAAE,qBAAqB,EAAE,oBAAoB,CAAC;IAChF,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC,SAAS,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IACtC,iBAAiB,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAC9C,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,wBACf,SAAQ,mBAAmB,CAAC,MAAM,EAAE,sBAAsB,EAAE,gBAAgB,CAAC;IAC7E,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,CAAC;IAChD,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;IACjC,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;CACrF;AAED;;GAEG;AACH,MAAM,WAAW,0BACf,SAAQ,mBAAmB,CAAC,MAAM,EAAE,wBAAwB,EAAE,uBAAuB,CAAC;IACtF,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,mBAAmB,GAAG,MAAM,CAAC;IAC/D,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;IACnC,YAAY,IAAI,SAAS,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IACjD,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC;IACpE,mBAAmB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7C,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACjD,YAAY,IAAI,SAAS,CAAC;CAC3B;AAMD;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAAC;IAEtD;;OAEG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,mBAAmB,GAAG,SAAS,CAAC;IAE3D;;OAEG;IACH,YAAY,CAAC,OAAO,SAAS,gBAAgB,EAC3C,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,OAAO,EACd,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC;IAEX;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CAC5D"}

package/v3/dist/mcp/security/validators/interfaces.js

@@ -0,0 +1,6 @@
+/**
+ * Agentic QE v3 - MCP Security: Validation Strategy Interfaces
+ * Defines the Strategy Pattern interfaces for security validators
+ */
+export {};
+//# sourceMappingURL=interfaces.js.map

package/v3/dist/mcp/security/validators/interfaces.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../../../../src/mcp/security/validators/interfaces.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/v3/dist/mcp/security/validators/path-traversal-validator.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Agentic QE v3 - MCP Security: Path Traversal Validator
+ * Implements the Strategy Pattern for path traversal protection
+ */
+import { IPathValidationStrategy, PathValidationOptions, PathValidationResult, RiskLevel } from './interfaces';
+/**
+ * Path traversal patterns to detect
+ */
+export declare const PATH_TRAVERSAL_PATTERNS: RegExp[];
+/**
+ * Dangerous path components (system directories)
+ */
+export declare const DANGEROUS_PATH_COMPONENTS: RegExp[];
+/**
+ * Path Traversal Validator Strategy
+ * Validates file paths to prevent directory traversal attacks
+ */
+export declare class PathTraversalValidator implements IPathValidationStrategy {
+    readonly name = "path-traversal";
+    /**
+     * Get the primary risk level this validator addresses
+     */
+    getRiskLevel(): RiskLevel;
+    /**
+     * Validate a file path against traversal attacks
+     */
+    validate(path: string, options?: PathValidationOptions): PathValidationResult;
+    /**
+     * Normalize a path by resolving . and .. components
+     */
+    normalizePath(path: string): string;
+    /**
+     * Safely join path components (strips leading/trailing slashes from all parts)
+     */
+    joinPaths(...paths: string[]): string;
+    /**
+     * Join paths preserving absolute path from first component
+     */
+    joinPathsAbsolute(...paths: string[]): string;
+    /**
+     * Get file extension from path
+     */
+    getExtension(path: string): string | null;
+}
+export declare const validatePath: (path: string, options?: PathValidationOptions) => PathValidationResult;
+export declare const normalizePath: (path: string) => string;
+export declare const joinPaths: (...paths: string[]) => string;
+export declare const joinPathsAbsolute: (...paths: string[]) => string;
+export declare const getExtension: (path: string) => string | null;
+//# sourceMappingURL=path-traversal-validator.d.ts.map

package/v3/dist/mcp/security/validators/path-traversal-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-traversal-validator.d.ts","sourceRoot":"","sources":["../../../../src/mcp/security/validators/path-traversal-validator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,oBAAoB,EACpB,SAAS,EACV,MAAM,cAAc,CAAC;AAMtB;;GAEG;AACH,eAAO,MAAM,uBAAuB,UAanC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,UAUrC,CAAC;AAMF;;;GAGG;AACH,qBAAa,sBAAuB,YAAW,uBAAuB;IACpE,SAAgB,IAAI,oBAAoB;IAExC;;OAEG;IACI,YAAY,IAAI,SAAS;IAIhC;;OAEG;IACI,QAAQ,CACb,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,qBAA0B,GAClC,oBAAoB;IAmIvB;;OAEG;IACI,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IA4B1C;;OAEG;IACI,SAAS,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM;IAS5C;;OAEG;IACI,iBAAiB,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM;IAsBpD;;OAEG;IACI,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;CAIjD;AAQD,eAAO,MAAM,YAAY,GACvB,MAAM,MAAM,EACZ,UAAU,qBAAqB,KAC9B,oBAAgE,CAAC;AAEpE,eAAO,MAAM,aAAa,GAAI,MAAM,MAAM,KAAG,MACP,CAAC;AAEvC,eAAO,MAAM,SAAS,GAAI,GAAG,OAAO,MAAM,EAAE,KAAG,MACT,CAAC;AAEvC,eAAO,MAAM,iBAAiB,GAAI,GAAG,OAAO,MAAM,EAAE,KAAG,MACT,CAAC;AAE/C,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,KAAG,MAAM,GAAG,IAChB,CAAC"}

package/v3/dist/mcp/security/validators/path-traversal-validator.js

@@ -0,0 +1,242 @@
+/**
+ * Agentic QE v3 - MCP Security: Path Traversal Validator
+ * Implements the Strategy Pattern for path traversal protection
+ */
+// ============================================================================
+// Constants
+// ============================================================================
+/**
+ * Path traversal patterns to detect
+ */
+export const PATH_TRAVERSAL_PATTERNS = [
+    /\.\./, // Basic traversal
+    /%2e%2e/i, // URL encoded ..
+    /%252e%252e/i, // Double URL encoded
+    /\.\.%2f/i, // Mixed encoding
+    /%2f\.\./i, // Forward slash + ..
+    /\.\.%5c/i, // Backslash + ..
+    /\.\.\\/, // Windows backslash traversal
+    /%c0%ae/i, // UTF-8 overlong encoding
+    /%c0%2f/i, // UTF-8 overlong /
+    /%c1%9c/i, // UTF-8 overlong \
+    /\0/, // Null byte injection
+    /%00/i, // URL encoded null
+];
+/**
+ * Dangerous path components (system directories)
+ */
+export const DANGEROUS_PATH_COMPONENTS = [
+    /^\/etc\//i,
+    /^\/proc\//i,
+    /^\/sys\//i,
+    /^\/dev\//i,
+    /^\/root\//i,
+    /^\/home\/.+\/\./i,
+    /^[A-Z]:\\Windows/i,
+    /^[A-Z]:\\System/i,
+    /^[A-Z]:\\Users\\.+\\AppData/i,
+];
+// ============================================================================
+// Path Traversal Validator Implementation
+// ============================================================================
+/**
+ * Path Traversal Validator Strategy
+ * Validates file paths to prevent directory traversal attacks
+ */
+export class PathTraversalValidator {
+    name = 'path-traversal';
+    /**
+     * Get the primary risk level this validator addresses
+     */
+    getRiskLevel() {
+        return 'critical';
+    }
+    /**
+     * Validate a file path against traversal attacks
+     */
+    validate(path, options = {}) {
+        const { basePath = '', allowAbsolute = false, allowedExtensions = [], deniedExtensions = ['.exe', '.bat', '.cmd', '.sh', '.ps1', '.dll', '.so'], maxDepth = 10, maxLength = 4096, } = options;
+        // Check length
+        if (path.length > maxLength) {
+            return {
+                valid: false,
+                error: `Path exceeds maximum length of ${maxLength}`,
+                riskLevel: 'medium',
+            };
+        }
+        // Check for traversal patterns
+        for (const pattern of PATH_TRAVERSAL_PATTERNS) {
+            if (pattern.test(path)) {
+                return {
+                    valid: false,
+                    error: 'Path traversal attempt detected',
+                    riskLevel: 'critical',
+                };
+            }
+        }
+        // Check for absolute paths
+        if (!allowAbsolute && (path.startsWith('/') || /^[A-Z]:/i.test(path))) {
+            return {
+                valid: false,
+                error: 'Absolute paths are not allowed',
+                riskLevel: 'high',
+            };
+        }
+        // Check for dangerous path components
+        for (const pattern of DANGEROUS_PATH_COMPONENTS) {
+            if (pattern.test(path)) {
+                return {
+                    valid: false,
+                    error: 'Access to system paths is not allowed',
+                    riskLevel: 'critical',
+                };
+            }
+        }
+        // Normalize the path
+        const normalizedPath = this.normalizePath(path);
+        // Re-check for traversal after normalization
+        if (normalizedPath.includes('..')) {
+            return {
+                valid: false,
+                error: 'Path traversal detected after normalization',
+                riskLevel: 'critical',
+            };
+        }
+        // Check depth
+        const depth = normalizedPath.split('/').filter(Boolean).length;
+        if (depth > maxDepth) {
+            return {
+                valid: false,
+                error: `Path depth exceeds maximum of ${maxDepth}`,
+                riskLevel: 'low',
+            };
+        }
+        // Check extension
+        const ext = this.getExtension(normalizedPath);
+        if (ext) {
+            const extWithDot = `.${ext.toLowerCase()}`;
+            const extWithoutDot = ext.toLowerCase();
+            // Check denied extensions (support both .exe and exe formats)
+            if (deniedExtensions.length > 0) {
+                const isDenied = deniedExtensions.some(denied => denied.toLowerCase() === extWithDot || denied.toLowerCase() === extWithoutDot);
+                if (isDenied) {
+                    return {
+                        valid: false,
+                        error: `File extension '${ext}' is not allowed`,
+                        riskLevel: 'high',
+                    };
+                }
+            }
+            // Check allowed extensions (support both .ts and ts formats)
+            if (allowedExtensions.length > 0) {
+                const isAllowed = allowedExtensions.some(allowed => allowed.toLowerCase() === extWithDot || allowed.toLowerCase() === extWithoutDot);
+                if (!isAllowed) {
+                    return {
+                        valid: false,
+                        error: `File extension '${ext}' is not in allowed list`,
+                        riskLevel: 'medium',
+                    };
+                }
+            }
+        }
+        // Combine with base path if provided
+        const finalPath = basePath
+            ? this.joinPathsAbsolute(basePath, normalizedPath)
+            : normalizedPath;
+        // Verify final path doesn't escape base (use normalized base for comparison)
+        const normalizedBase = basePath.startsWith('/')
+            ? `/${this.normalizePath(basePath)}`
+            : this.normalizePath(basePath);
+        if (basePath && !finalPath.startsWith(normalizedBase)) {
+            return {
+                valid: false,
+                error: 'Path escapes base directory',
+                riskLevel: 'critical',
+            };
+        }
+        return {
+            valid: true,
+            normalizedPath: finalPath,
+            riskLevel: 'none',
+        };
+    }
+    /**
+     * Normalize a path by resolving . and .. components
+     */
+    normalizePath(path) {
+        // Replace backslashes with forward slashes
+        let normalized = path.replace(/\\/g, '/');
+        // Remove multiple consecutive slashes
+        normalized = normalized.replace(/\/+/g, '/');
+        // Split and resolve
+        const parts = normalized.split('/');
+        const result = [];
+        for (const part of parts) {
+            if (part === '.' || part === '') {
+                continue;
+            }
+            if (part === '..') {
+                // Don't allow going above root
+                if (result.length > 0 && result[result.length - 1] !== '..') {
+                    result.pop();
+                }
+            }
+            else {
+                result.push(part);
+            }
+        }
+        return result.join('/');
+    }
+    /**
+     * Safely join path components (strips leading/trailing slashes from all parts)
+     */
+    joinPaths(...paths) {
+        if (paths.length === 0)
+            return '';
+        return paths
+            .map(p => p.replace(/^\/+|\/+$/g, ''))
+            .filter(Boolean)
+            .join('/');
+    }
+    /**
+     * Join paths preserving absolute path from first component
+     */
+    joinPathsAbsolute(...paths) {
+        if (paths.length === 0)
+            return '';
+        // Check if the first path is absolute
+        const isAbsolute = paths[0].startsWith('/');
+        const result = paths
+            // Use non-backtracking patterns with possessive-like behavior via split/join
+            .map(p => {
+            // Remove leading slashes by splitting and rejoining
+            while (p.startsWith('/'))
+                p = p.slice(1);
+            // Remove trailing slashes
+            while (p.endsWith('/'))
+                p = p.slice(0, -1);
+            return p;
+        })
+            .filter(Boolean)
+            .join('/');
+        // Preserve leading slash for absolute paths
+        return isAbsolute ? `/${result}` : result;
+    }
+    /**
+     * Get file extension from path
+     */
+    getExtension(path) {
+        const match = path.match(/\.([^./\\]+)$/);
+        return match ? match[1] : null;
+    }
+}
+// ============================================================================
+// Standalone Functions (for backward compatibility)
+// ============================================================================
+const defaultValidator = new PathTraversalValidator();
+export const validatePath = (path, options) => defaultValidator.validate(path, options);
+export const normalizePath = (path) => defaultValidator.normalizePath(path);
+export const joinPaths = (...paths) => defaultValidator.joinPaths(...paths);
+export const joinPathsAbsolute = (...paths) => defaultValidator.joinPathsAbsolute(...paths);
+export const getExtension = (path) => defaultValidator.getExtension(path);
+//# sourceMappingURL=path-traversal-validator.js.map

package/v3/dist/mcp/security/validators/path-traversal-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-traversal-validator.js","sourceRoot":"","sources":["../../../../src/mcp/security/validators/path-traversal-validator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AASH,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,MAAM,EAAqB,kBAAkB;IAC7C,SAAS,EAAkB,iBAAiB;IAC5C,aAAa,EAAc,qBAAqB;IAChD,UAAU,EAAiB,iBAAiB;IAC5C,UAAU,EAAiB,qBAAqB;IAChD,UAAU,EAAiB,iBAAiB;IAC5C,QAAQ,EAAmB,8BAA8B;IACzD,SAAS,EAAkB,0BAA0B;IACrD,SAAS,EAAkB,mBAAmB;IAC9C,SAAS,EAAkB,mBAAmB;IAC9C,IAAI,EAAuB,sBAAsB;IACjD,MAAM,EAAqB,mBAAmB;CAC/C,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,WAAW;IACX,YAAY;IACZ,WAAW;IACX,WAAW;IACX,YAAY;IACZ,kBAAkB;IAClB,mBAAmB;IACnB,kBAAkB;IAClB,8BAA8B;CAC/B,CAAC;AAEF,+EAA+E;AAC/E,0CAA0C;AAC1C,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IACjB,IAAI,GAAG,gBAAgB,CAAC;IAExC;;OAEG;IACI,YAAY;QACjB,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACI,QAAQ,CACb,IAAY,EACZ,UAAiC,EAAE;QAEnC,MAAM,EACJ,QAAQ,GAAG,EAAE,EACb,aAAa,GAAG,KAAK,EACrB,iBAAiB,GAAG,EAAE,EACtB,gBAAgB,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EACzE,QAAQ,GAAG,EAAE,EACb,SAAS,GAAG,IAAI,GACjB,GAAG,OAAO,CAAC;QAEZ,eAAe;QACf,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,kCAAkC,SAAS,EAAE;gBACpD,SAAS,EAAE,QAAQ;aACpB,CAAC;QACJ,CAAC;QAED,+BAA+B;QAC/B,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;YAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,iCAAiC;oBACxC,SAAS,EAAE,UAAU;iBACtB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACtE,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,gCAAgC;gBACvC,SAAS,EAAE,MAAM;aAClB,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,KAAK,MAAM,OAAO,IAAI,yBAAyB,EAAE,CAAC;YAChD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,uCAAuC;oBAC9C,SAAS,EAAE,UAAU;iBACtB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAEhD,6CAA6C;QAC7C,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,6CAA6C;gBACpD,SAAS,EAAE,UAAU;aACtB,CAAC;QACJ,CAAC;QAED,cAAc;QACd,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QAC/D,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;YACrB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,iCAAiC,QAAQ,EAAE;gBAClD,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,kBAAkB;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAC9C,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;YAC3C,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YAExC,8DAA8D;YAC9D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAC9C,MAAM,CAAC,WAAW,EAAE,KAAK,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,aAAa,CAC9E,CAAC;gBACF,IAAI,QAAQ,EAAE,CAAC;oBACb,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,KAAK,EAAE,mBAAmB,GAAG,kBAAkB;wBAC/C,SAAS,EAAE,MAAM;qBAClB,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,6DAA6D;YAC7D,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjC,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACjD,OAAO,CAAC,WAAW,EAAE,KAAK,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,KAAK,aAAa,CAChF,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,KAAK,EAAE,mBAAmB,GAAG,0BAA0B;wBACvD,SAAS,EAAE,QAAQ;qBACpB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,MAAM,SAAS,GAAG,QAAQ;YACxB,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,cAAc,CAAC;YAClD,CAAC,CAAC,cAAc,CAAC;QAEnB,6EAA6E;QAC7E,MAAM,cAAc,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;YAC7C,CAAC,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE;YACpC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACjC,IAAI,QAAQ,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YACtD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,6BAA6B;gBACpC,SAAS,EAAE,UAAU;aACtB,CAAC;QACJ,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI;YACX,cAAc,EAAE,SAAS;YACzB,SAAS,EAAE,MAAM;SAClB,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,aAAa,CAAC,IAAY;QAC/B,2CAA2C;QAC3C,IAAI,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAE1C,sCAAsC;QACtC,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAE7C,oBAAoB;QACpB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;gBAChC,SAAS;YACX,CAAC;YACD,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBAClB,+BAA+B;gBAC/B,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC5D,MAAM,CAAC,GAAG,EAAE,CAAC;gBACf,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED;;OAEG;IACI,SAAS,CAAC,GAAG,KAAe;QACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAElC,OAAO,KAAK;aACT,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;aACrC,MAAM,CAAC,OAAO,CAAC;aACf,IAAI,CAAC,GAAG,CAAC,CAAC;IACf,CAAC;IAED;;OAEG;IACI,iBAAiB,CAAC,GAAG,KAAe;QACzC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAElC,sCAAsC;QACtC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAE5C,MAAM,MAAM,GAAG,KAAK;YAClB,6EAA6E;aAC5E,GAAG,CAAC,CAAC,CAAC,EAAE;YACP,oDAAoD;YACpD,OAAO,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACzC,0BAA0B;YAC1B,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC3C,OAAO,CAAC,CAAC;QACX,CAAC,CAAC;aACD,MAAM,CAAC,OAAO,CAAC;aACf,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,4CAA4C;QAC5C,OAAO,UAAU,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAC5C,CAAC;IAED;;OAEG;IACI,YAAY,CAAC,IAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAC1C,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACjC,CAAC;CACF;AAED,+EAA+E;AAC/E,oDAAoD;AACpD,+EAA+E;AAE/E,MAAM,gBAAgB,GAAG,IAAI,sBAAsB,EAAE,CAAC;AAEtD,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,IAAY,EACZ,OAA+B,EACT,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAEpE,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,IAAY,EAAU,EAAE,CACpD,gBAAgB,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;AAEvC,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,GAAG,KAAe,EAAU,EAAE,CACtD,gBAAgB,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC;AAEvC,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,GAAG,KAAe,EAAU,EAAE,CAC9D,gBAAgB,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC;AAE/C,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,IAAY,EAAiB,EAAE,CAC1D,gBAAgB,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC"}

package/v3/dist/mcp/security/validators/regex-safety-validator.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Agentic QE v3 - MCP Security: Regex Safety Validator
+ * Implements the Strategy Pattern for ReDoS prevention
+ */
+import { IRegexValidationStrategy, RegexSafetyResult, RegexValidationOptions, RiskLevel, ValidationResult } from './interfaces';
+/**
+ * Patterns that can cause ReDoS (Regular Expression Denial of Service)
+ */
+export declare const REDOS_PATTERNS: RegExp[];
+/**
+ * Count nested quantifier depth in a regex pattern
+ */
+export declare function countQuantifierNesting(pattern: string): number;
+/**
+ * Check for exponential backtracking potential
+ */
+export declare function hasExponentialBacktracking(pattern: string): boolean;
+/**
+ * Regex Safety Validator Strategy
+ * Validates regex patterns to prevent ReDoS attacks
+ */
+export declare class RegexSafetyValidator implements IRegexValidationStrategy {
+    readonly name = "regex-safety";
+    private maxComplexity;
+    constructor(maxComplexity?: number);
+    /**
+     * Get the primary risk level this validator addresses
+     */
+    getRiskLevel(): RiskLevel;
+    /**
+     * Validate a regex pattern (IValidationStrategy interface)
+     */
+    validate(pattern: string, options?: RegexValidationOptions): ValidationResult;
+    /**
+     * Check if a regex pattern is safe from ReDoS
+     */
+    isRegexSafe(pattern: string, maxComplexity?: number): RegexSafetyResult;
+    /**
+     * Escape special regex characters in a string
+     */
+    escapeRegex(str: string): string;
+    /**
+     * Create a safe regex with validation
+     */
+    createSafeRegex(pattern: string, flags?: string, maxLength?: number): RegExp | null;
+}
+export declare const isRegexSafe: (pattern: string) => RegexSafetyResult;
+export declare const escapeRegex: (str: string) => string;
+export declare const createSafeRegex: (pattern: string, flags?: string, maxLength?: number) => RegExp | null;
+//# sourceMappingURL=regex-safety-validator.d.ts.map

package/v3/dist/mcp/security/validators/regex-safety-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"regex-safety-validator.d.ts","sourceRoot":"","sources":["../../../../src/mcp/security/validators/regex-safety-validator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,sBAAsB,EACtB,SAAS,EACT,gBAAgB,EACjB,MAAM,cAAc,CAAC;AAMtB;;GAEG;AACH,eAAO,MAAM,cAAc,UAa1B,CAAC;AAWF;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CA0C9D;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAWnE;AAMD;;;GAGG;AACH,qBAAa,oBAAqB,YAAW,wBAAwB;IACnE,SAAgB,IAAI,kBAAkB;IAEtC,OAAO,CAAC,aAAa,CAAS;gBAElB,aAAa,SAAuB;IAIhD;;OAEG;IACI,YAAY,IAAI,SAAS;IAIhC;;OAEG;IACI,QAAQ,CACb,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,sBAA2B,GACnC,gBAAgB;IAmBnB;;OAEG;IACI,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,SAAqB,GAAG,iBAAiB;IA8B1F;;OAEG;IACI,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM;IAIvC;;OAEG;IACI,eAAe,CACpB,OAAO,EAAE,MAAM,EACf,KAAK,CAAC,EAAE,MAAM,EACd,SAAS,SAAQ,GAChB,MAAM,GAAG,IAAI;CAiBjB;AAQD,eAAO,MAAM,WAAW,GAAI,SAAS,MAAM,KAAG,iBACP,CAAC;AAExC,eAAO,MAAM,WAAW,GAAI,KAAK,MAAM,KAAG,MACP,CAAC;AAEpC,eAAO,MAAM,eAAe,GAC1B,SAAS,MAAM,EACf,QAAQ,MAAM,EACd,YAAY,MAAM,KACjB,MAAM,GAAG,IAAmE,CAAC"}