assistme 0.2.2 → 0.2.4

package/src/utils/validation.test.ts

@@ -1,153 +0,0 @@
-import { describe, it, expect } from "vitest";
-import {
-  isValidUrl,
-  isValidApiKey,
-  isValidPort,
-  isValidMaxTurns,
-  validateConfig,
-  sanitizeForIlike,
-  sanitizeSelector,
-} from "./validation.js";
-
-describe("isValidUrl", () => {
-  it("accepts valid HTTPS URLs", () => {
-    expect(isValidUrl("https://example.supabase.co")).toBe(true);
-    expect(isValidUrl("https://localhost:3000")).toBe(true);
-  });
-
-  it("accepts HTTP URLs", () => {
-    expect(isValidUrl("http://localhost:54321")).toBe(true);
-  });
-
-  it("rejects invalid URLs", () => {
-    expect(isValidUrl("not-a-url")).toBe(false);
-    expect(isValidUrl("ftp://files.example.com")).toBe(false);
-    expect(isValidUrl("")).toBe(false);
-  });
-});
-
-describe("isValidApiKey", () => {
-  it("accepts valid Anthropic keys", () => {
-    expect(isValidApiKey("sk-ant-api03-aaaabbbbccccddddeeeeffffgggghhhhiiiijjjj")).toBe(true);
-  });
-
-  it("rejects invalid keys", () => {
-    expect(isValidApiKey("sk-1234567890")).toBe(false);
-    expect(isValidApiKey("")).toBe(false);
-    expect(isValidApiKey("sk-ant-short")).toBe(false);
-  });
-});
-
-describe("isValidPort", () => {
-  it("accepts valid ports", () => {
-    expect(isValidPort(9222)).toBe(true);
-    expect(isValidPort(1)).toBe(true);
-    expect(isValidPort(65535)).toBe(true);
-  });
-
-  it("rejects invalid ports", () => {
-    expect(isValidPort(0)).toBe(false);
-    expect(isValidPort(65536)).toBe(false);
-    expect(isValidPort(-1)).toBe(false);
-    expect(isValidPort(3.5)).toBe(false);
-  });
-});
-
-describe("isValidMaxTurns", () => {
-  it("accepts valid turn counts", () => {
-    expect(isValidMaxTurns(50)).toBe(true);
-    expect(isValidMaxTurns(1)).toBe(true);
-    expect(isValidMaxTurns(500)).toBe(true);
-  });
-
-  it("rejects invalid turn counts", () => {
-    expect(isValidMaxTurns(0)).toBe(false);
-    expect(isValidMaxTurns(501)).toBe(false);
-    expect(isValidMaxTurns(-10)).toBe(false);
-  });
-});
-
-describe("validateConfig", () => {
-  const validConfig = {
-    supabaseUrl: "https://example.supabase.co",
-    supabaseAnonKey: "some-anon-key",
-    anthropicApiKey: "sk-ant-api03-aaaabbbbccccddddeeeeffffgggghhhhiiiijjjj",
-    workspacePath: "/home/user/workspace",
-    maxTurns: 50,
-  };
-
-  it("validates a correct config", () => {
-    const result = validateConfig(validConfig);
-    expect(result.valid).toBe(true);
-    expect(result.errors).toHaveLength(0);
-  });
-
-  it("catches missing supabaseUrl", () => {
-    const result = validateConfig({ ...validConfig, supabaseUrl: "" });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.includes("supabaseUrl"))).toBe(true);
-  });
-
-  it("catches invalid URL format", () => {
-    const result = validateConfig({ ...validConfig, supabaseUrl: "not-url" });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.includes("not a valid URL"))).toBe(true);
-  });
-
-  it("catches missing API key", () => {
-    const result = validateConfig({ ...validConfig, anthropicApiKey: "" });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.includes("anthropicApiKey"))).toBe(true);
-  });
-
-  it("catches invalid API key format", () => {
-    const result = validateConfig({ ...validConfig, anthropicApiKey: "bad-key" });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.includes("sk-ant-"))).toBe(true);
-  });
-
-  it("catches invalid maxTurns", () => {
-    const result = validateConfig({ ...validConfig, maxTurns: 0 });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.includes("maxTurns"))).toBe(true);
-  });
-
-  it("collects multiple errors", () => {
-    const result = validateConfig({
-      supabaseUrl: "",
-      supabaseAnonKey: "",
-      anthropicApiKey: "",
-      workspacePath: "",
-      maxTurns: -1,
-    });
-    expect(result.valid).toBe(false);
-    expect(result.errors.length).toBeGreaterThanOrEqual(4);
-  });
-});
-
-describe("sanitizeForIlike", () => {
-  it("escapes % and _ wildcards", () => {
-    expect(sanitizeForIlike("test%value_here")).toBe("test\\%value\\_here");
-  });
-
-  it("leaves normal strings unchanged", () => {
-    expect(sanitizeForIlike("hello world")).toBe("hello world");
-  });
-});
-
-describe("sanitizeSelector", () => {
-  it("removes script tags", () => {
-    expect(sanitizeSelector("<script>alert(1)</script>#btn")).toBe(
-      "alert(1)#btn"
-    );
-  });
-
-  it("removes event handlers", () => {
-    expect(sanitizeSelector("div[onclick=evil]")).toBe("div[evil]");
-  });
-
-  it("passes through valid selectors", () => {
-    expect(sanitizeSelector("#submit-btn")).toBe("#submit-btn");
-    expect(sanitizeSelector("a.nav-link")).toBe("a.nav-link");
-  });
-});

package/src/utils/validation.ts

@@ -1,101 +0,0 @@
-/**
- * Input validation helpers for CLI configuration and tool inputs.
- */
-
-export interface ValidationResult {
-  valid: boolean;
-  errors: string[];
-}
-
-/**
- * Validate that a URL is well-formed (https:// or http://).
- */
-export function isValidUrl(url: string): boolean {
-  try {
-    const parsed = new URL(url);
-    return parsed.protocol === "https:" || parsed.protocol === "http:";
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Validate an Anthropic API key format.
- * Real keys start with "sk-ant-" and are at least 40 chars.
- */
-export function isValidApiKey(key: string): boolean {
-  return key.startsWith("sk-ant-") && key.length >= 40;
-}
-
-/**
- * Validate a port number is in valid range.
- */
-export function isValidPort(port: number): boolean {
-  return Number.isInteger(port) && port >= 1 && port <= 65535;
-}
-
-/**
- * Validate maxTurns is a reasonable number.
- */
-export function isValidMaxTurns(turns: number): boolean {
-  return Number.isInteger(turns) && turns >= 1 && turns <= 500;
-}
-
-/**
- * Validate the full CLI configuration.
- * Returns errors for any required/invalid fields.
- */
-export function validateConfig(config: {
-  supabaseUrl: string;
-  supabaseAnonKey: string;
-  anthropicApiKey: string;
-  workspacePath: string;
-  maxTurns: number;
-}): ValidationResult {
-  const errors: string[] = [];
-
-  if (!config.supabaseUrl) {
-    errors.push("supabaseUrl is required. Run: assistme config set supabaseUrl <url>");
-  } else if (!isValidUrl(config.supabaseUrl)) {
-    errors.push(`supabaseUrl is not a valid URL: "${config.supabaseUrl}"`);
-  }
-
-  if (!config.supabaseAnonKey) {
-    errors.push("supabaseAnonKey is required. Run: assistme config set supabaseAnonKey <key>");
-  }
-
-  if (!config.anthropicApiKey) {
-    errors.push("anthropicApiKey is required. Set ANTHROPIC_API_KEY env var or run: assistme config set anthropicApiKey <key>");
-  } else if (!isValidApiKey(config.anthropicApiKey)) {
-    errors.push("anthropicApiKey does not look like a valid Anthropic key (expected sk-ant-...)");
-  }
-
-  if (!config.workspacePath) {
-    errors.push("workspacePath is required");
-  }
-
-  if (!isValidMaxTurns(config.maxTurns)) {
-    errors.push(`maxTurns must be between 1 and 500, got: ${config.maxTurns}`);
-  }
-
-  return { valid: errors.length === 0, errors };
-}
-
-/**
- * Sanitize user-provided strings for safe use in ILIKE queries.
- * Escapes SQL wildcards % and _.
- */
-export function sanitizeForIlike(input: string): string {
-  return input.replace(/[%_]/g, "\\$&");
-}
-
-/**
- * Validate and sanitize a CSS selector to prevent obvious injection.
- */
-export function sanitizeSelector(selector: string): string {
-  // Remove any embedded script tags (opening and closing) or event handlers
-  return selector
-    .replace(/<\/?script[^>]*>/gi, "")
-    .replace(/on\w+\s*=/gi, "")
-    .trim();
-}