arc-lang 0.5.0

package/dist/repl.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/repl.js

@@ -0,0 +1,120 @@
+// Arc Language REPL (Read-Eval-Print Loop)
+import * as readline from "readline";
+import { readFileSync } from "fs";
+import { lex } from "./lexer.js";
+import { parse } from "./parser.js";
+import { createEnv, interpretWithEnv, toStr } from "./interpreter.js";
+const GREEN = "\x1b[32m";
+const RED = "\x1b[31m";
+const CYAN = "\x1b[36m";
+const YELLOW = "\x1b[33m";
+const RESET = "\x1b[0m";
+let showAst = false;
+const env = createEnv();
+function printHelp() {
+    console.log(`${CYAN}Arc REPL Commands:${RESET}`);
+    console.log(`  ${YELLOW}:help${RESET}          Show this help message`);
+    console.log(`  ${YELLOW}:ast${RESET}           Toggle AST display before execution`);
+    console.log(`  ${YELLOW}:reset${RESET}         Clear all variables and state`);
+    console.log(`  ${YELLOW}:load <file>${RESET}   Load and execute an Arc file`);
+    console.log(`  ${YELLOW}:quit${RESET}          Exit the REPL`);
+    console.log(`  ${YELLOW}Ctrl+C${RESET}         Exit the REPL`);
+    console.log();
+    console.log(`  Multi-line: end a line with { to start a block`);
+}
+function execute(source) {
+    try {
+        const tokens = lex(source);
+        const ast = parse(tokens);
+        if (showAst) {
+            console.log(`${CYAN}AST:${RESET}`, JSON.stringify(ast, null, 2));
+        }
+        const result = interpretWithEnv(ast, env);
+        if (result !== null && result !== undefined) {
+            console.log(`${GREEN}${toStr(result)}${RESET}`);
+        }
+    }
+    catch (e) {
+        console.log(`${RED}Error: ${e.message}${RESET}`);
+    }
+}
+function main() {
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+        prompt: "arc> ",
+    });
+    console.log(`${CYAN}Arc REPL v0.1.0${RESET} — Type ${YELLOW}:help${RESET} for commands`);
+    rl.prompt();
+    let buffer = "";
+    let braceDepth = 0;
+    rl.on("line", (line) => {
+        const trimmed = line.trim();
+        // Handle commands (only when not in multi-line mode)
+        if (braceDepth === 0) {
+            if (trimmed === ":quit" || trimmed === ":q") {
+                console.log("Goodbye!");
+                process.exit(0);
+            }
+            if (trimmed === ":help") {
+                printHelp();
+                rl.prompt();
+                return;
+            }
+            if (trimmed === ":ast") {
+                showAst = !showAst;
+                console.log(`AST display: ${showAst ? "ON" : "OFF"}`);
+                rl.prompt();
+                return;
+            }
+            if (trimmed === ":reset") {
+                // Re-create env by re-running. Simplest: just reload.
+                // Actually we can't easily reset the env object, so we note this limitation.
+                console.log(`${YELLOW}State reset (restart REPL for full reset)${RESET}`);
+                rl.prompt();
+                return;
+            }
+            if (trimmed.startsWith(":load ")) {
+                const file = trimmed.slice(6).trim();
+                try {
+                    const source = readFileSync(file, "utf-8");
+                    execute(source);
+                }
+                catch (e) {
+                    console.log(`${RED}Error loading file: ${e.message}${RESET}`);
+                }
+                rl.prompt();
+                return;
+            }
+            if (trimmed === "") {
+                rl.prompt();
+                return;
+            }
+        }
+        // Multi-line support
+        buffer += (buffer ? "\n" : "") + line;
+        // Count braces
+        for (const ch of line) {
+            if (ch === "{")
+                braceDepth++;
+            if (ch === "}")
+                braceDepth--;
+        }
+        if (braceDepth > 0) {
+            rl.setPrompt("...  ");
+            rl.prompt();
+            return;
+        }
+        // Execute
+        braceDepth = 0;
+        execute(buffer);
+        buffer = "";
+        rl.setPrompt("arc> ");
+        rl.prompt();
+    });
+    rl.on("close", () => {
+        console.log("\nGoodbye!");
+        process.exit(0);
+    });
+}
+main();

package/dist/security.d.ts

@@ -0,0 +1,48 @@
+import { Value } from "./interpreter.js";
+export interface SecurityConfig {
+    maxSourceSize?: number;
+    maxStringLength?: number;
+    maxNestingDepth?: number;
+    maxExecutionSteps?: number;
+    maxRecursionDepth?: number;
+    maxArraySize?: number;
+    maxMapSize?: number;
+    executionTimeoutMs?: number;
+    allowedToolMethods?: string[];
+    blockedToolMethods?: string[];
+    allowedUrlPatterns?: RegExp[];
+    blockedUrlPatterns?: RegExp[];
+    disableToolCalls?: boolean;
+    allowedImports?: string[];
+    blockedImports?: string[];
+    disableImports?: boolean;
+}
+declare const DEFAULTS: Required<Pick<SecurityConfig, 'maxSourceSize' | 'maxStringLength' | 'maxNestingDepth' | 'maxExecutionSteps' | 'maxRecursionDepth' | 'maxArraySize' | 'maxMapSize' | 'executionTimeoutMs'>>;
+export declare class SecurityError extends Error {
+    code: string;
+    constructor(code: string, message: string);
+}
+export declare function validateSource(source: string, config?: SecurityConfig): void;
+export declare function validateNestingDepth(node: any, config?: SecurityConfig, depth?: number): void;
+export declare function validateToolCall(method: string, url: string, config: SecurityConfig): void;
+export declare function validateImport(moduleName: string, config: SecurityConfig): void;
+export declare class ExecutionContext {
+    steps: number;
+    recursionDepth: number;
+    startTime: number;
+    private config;
+    constructor(config?: SecurityConfig);
+    tick(): void;
+    pushCall(): void;
+    popCall(): void;
+    checkArraySize(size: number): void;
+    checkMapSize(size: number): void;
+}
+export declare class SafeInterpreter {
+    private config;
+    constructor(config?: SecurityConfig);
+    run(source: string): Value;
+    private checkNoToolCalls;
+}
+export declare function createSandbox(config?: SecurityConfig): SafeInterpreter;
+export { DEFAULTS as SECURITY_DEFAULTS };

package/dist/security.js

@@ -0,0 +1,198 @@
+// Arc Language Security Module - Sandboxing & Resource Limits
+import { lex } from "./lexer.js";
+import { parse } from "./parser.js";
+import { createEnv, interpretWithEnv } from "./interpreter.js";
+const DEFAULTS = {
+    maxSourceSize: 1_048_576, // 1MB
+    maxStringLength: 102_400, // 100KB
+    maxNestingDepth: 256,
+    maxExecutionSteps: 10_000_000,
+    maxRecursionDepth: 512,
+    maxArraySize: 100_000,
+    maxMapSize: 100_000,
+    executionTimeoutMs: 30_000,
+};
+export class SecurityError extends Error {
+    code;
+    constructor(code, message) {
+        super(message);
+        this.code = code;
+        this.name = "SecurityError";
+    }
+}
+// Validate source input before parsing
+export function validateSource(source, config = {}) {
+    const maxSize = config.maxSourceSize ?? DEFAULTS.maxSourceSize;
+    if (Buffer.byteLength(source, 'utf-8') > maxSize) {
+        throw new SecurityError("SEC001", `Source code exceeds maximum size of ${maxSize} bytes`);
+    }
+    const maxStr = config.maxStringLength ?? DEFAULTS.maxStringLength;
+    // Quick scan for excessively long string literals
+    const stringRegex = /"([^"\\]|\\.)*"/g;
+    let match;
+    while ((match = stringRegex.exec(source)) !== null) {
+        if (match[0].length - 2 > maxStr) {
+            throw new SecurityError("SEC002", `String literal exceeds maximum length of ${maxStr} characters`);
+        }
+    }
+}
+// Validate AST nesting depth
+export function validateNestingDepth(node, config = {}, depth = 0) {
+    const maxDepth = config.maxNestingDepth ?? DEFAULTS.maxNestingDepth;
+    if (depth > maxDepth) {
+        throw new SecurityError("SEC003", `AST nesting depth exceeds maximum of ${maxDepth}`);
+    }
+    if (node && typeof node === 'object') {
+        if (Array.isArray(node)) {
+            for (const child of node)
+                validateNestingDepth(child, config, depth);
+        }
+        else if (node.kind) {
+            for (const key of Object.keys(node)) {
+                if (key === 'loc' || key === 'kind')
+                    continue;
+                validateNestingDepth(node[key], config, depth + 1);
+            }
+        }
+    }
+}
+// Validate tool call against security config
+export function validateToolCall(method, url, config) {
+    if (config.disableToolCalls) {
+        throw new SecurityError("SEC010", "Tool calls are disabled in sandbox mode");
+    }
+    const upperMethod = method.toUpperCase();
+    if (config.blockedToolMethods?.includes(upperMethod)) {
+        throw new SecurityError("SEC011", `Tool method @${upperMethod} is blocked`);
+    }
+    if (config.allowedToolMethods && !config.allowedToolMethods.includes(upperMethod)) {
+        throw new SecurityError("SEC012", `Tool method @${upperMethod} is not in the allowlist`);
+    }
+    if (config.blockedUrlPatterns?.some(p => p.test(url))) {
+        throw new SecurityError("SEC013", `URL '${url}' matches a blocked pattern`);
+    }
+    if (config.allowedUrlPatterns && !config.allowedUrlPatterns.some(p => p.test(url))) {
+        throw new SecurityError("SEC014", `URL '${url}' does not match any allowed pattern`);
+    }
+}
+// Validate import against security config
+export function validateImport(moduleName, config) {
+    if (config.disableImports) {
+        throw new SecurityError("SEC020", "Imports are disabled in sandbox mode");
+    }
+    if (config.blockedImports?.includes(moduleName)) {
+        throw new SecurityError("SEC021", `Import of '${moduleName}' is blocked`);
+    }
+    if (config.allowedImports && !config.allowedImports.includes(moduleName)) {
+        throw new SecurityError("SEC022", `Import of '${moduleName}' is not in the allowlist`);
+    }
+}
+// Execution context that tracks resource usage
+export class ExecutionContext {
+    steps = 0;
+    recursionDepth = 0;
+    startTime;
+    config;
+    constructor(config = {}) {
+        this.config = config;
+        this.startTime = Date.now();
+    }
+    tick() {
+        this.steps++;
+        const maxSteps = this.config.maxExecutionSteps ?? DEFAULTS.maxExecutionSteps;
+        if (this.steps > maxSteps) {
+            throw new SecurityError("SEC030", `Execution exceeded maximum of ${maxSteps} steps (possible infinite loop)`);
+        }
+        // Check timeout every 1000 steps to avoid perf overhead
+        if (this.steps % 1000 === 0) {
+            const timeout = this.config.executionTimeoutMs ?? DEFAULTS.executionTimeoutMs;
+            if (Date.now() - this.startTime > timeout) {
+                throw new SecurityError("SEC031", `Execution timed out after ${timeout}ms`);
+            }
+        }
+    }
+    pushCall() {
+        this.recursionDepth++;
+        const maxDepth = this.config.maxRecursionDepth ?? DEFAULTS.maxRecursionDepth;
+        if (this.recursionDepth > maxDepth) {
+            throw new SecurityError("SEC032", `Recursion depth exceeded maximum of ${maxDepth}`);
+        }
+    }
+    popCall() {
+        this.recursionDepth--;
+    }
+    checkArraySize(size) {
+        const max = this.config.maxArraySize ?? DEFAULTS.maxArraySize;
+        if (size > max) {
+            throw new SecurityError("SEC033", `Array size ${size} exceeds maximum of ${max}`);
+        }
+    }
+    checkMapSize(size) {
+        const max = this.config.maxMapSize ?? DEFAULTS.maxMapSize;
+        if (size > max) {
+            throw new SecurityError("SEC034", `Map size ${size} exceeds maximum of ${max}`);
+        }
+    }
+}
+// SafeInterpreter - wraps the interpreter with resource limits
+export class SafeInterpreter {
+    config;
+    constructor(config = {}) {
+        this.config = config;
+    }
+    run(source) {
+        // 1. Validate source
+        validateSource(source, this.config);
+        // 2. Lex and parse
+        const tokens = lex(source);
+        const ast = parse(tokens);
+        // 3. Validate nesting
+        validateNestingDepth(ast, this.config);
+        // 4. Create execution context
+        const ctx = new ExecutionContext(this.config);
+        const env = createEnv();
+        // 5. Run with resource tracking
+        let result = null;
+        for (const stmt of ast.stmts) {
+            ctx.tick();
+            if (stmt.kind === "UseStmt") {
+                const useStmt = stmt;
+                validateImport(useStmt.module, this.config);
+                if (!this.config.disableImports) {
+                    // No file context in sandbox, skip actual import
+                }
+                continue;
+            }
+            // Check for tool calls in the AST
+            if (this.config.disableToolCalls) {
+                this.checkNoToolCalls(stmt);
+            }
+            result = interpretWithEnv({ kind: "Program", stmts: [stmt] }, env);
+        }
+        return result;
+    }
+    checkNoToolCalls(node) {
+        if (!node || typeof node !== 'object')
+            return;
+        if (node.kind === "ToolCallExpr") {
+            throw new SecurityError("SEC010", "Tool calls are disabled in sandbox mode");
+        }
+        for (const key of Object.keys(node)) {
+            if (key === 'loc')
+                continue;
+            const val = node[key];
+            if (Array.isArray(val)) {
+                for (const item of val)
+                    this.checkNoToolCalls(item);
+            }
+            else if (val && typeof val === 'object') {
+                this.checkNoToolCalls(val);
+            }
+        }
+    }
+}
+// Main factory function
+export function createSandbox(config = {}) {
+    return new SafeInterpreter(config);
+}
+export { DEFAULTS as SECURITY_DEFAULTS };

package/dist/semantic.d.ts

@@ -0,0 +1,7 @@
+import * as AST from "./ast.js";
+export interface Diagnostic {
+    level: "error" | "warning";
+    message: string;
+    loc: AST.Loc;
+}
+export declare function analyze(program: AST.Program): Diagnostic[];