codingbuddy 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +37 -0
- package/dist/api/mcp.d.ts +2 -0
- package/dist/api/mcp.js +92 -0
- package/dist/api/mcp.js.map +1 -0
- package/dist/src/cli/cli.d.ts +1 -0
- package/dist/src/cli/cli.js +15 -0
- package/dist/src/cli/cli.js.map +1 -1
- package/dist/src/config/config.loader.d.ts +2 -0
- package/dist/src/config/config.loader.js +14 -0
- package/dist/src/config/config.loader.js.map +1 -1
- package/dist/src/main.js +25 -1
- package/dist/src/main.js.map +1 -1
- package/dist/src/mcp/mcp-serverless.d.ts +37 -0
- package/dist/src/mcp/mcp-serverless.js +463 -0
- package/dist/src/mcp/mcp-serverless.js.map +1 -0
- package/dist/src/mcp/mcp.service.js +3 -1
- package/dist/src/mcp/mcp.service.js.map +1 -1
- package/dist/src/rules/agent.schema.d.ts +20 -0
- package/dist/src/rules/agent.schema.js +55 -0
- package/dist/src/rules/agent.schema.js.map +1 -0
- package/dist/src/rules/rules.service.js +18 -1
- package/dist/src/rules/rules.service.js.map +1 -1
- package/dist/src/rules/rules.types.d.ts +8 -5
- package/dist/src/rules/skill.schema.d.ts +17 -0
- package/dist/src/rules/skill.schema.js +64 -0
- package/dist/src/rules/skill.schema.js.map +1 -0
- package/dist/src/shared/error.utils.d.ts +1 -0
- package/dist/src/shared/error.utils.js +46 -0
- package/dist/src/shared/error.utils.js.map +1 -0
- package/dist/src/shared/security.utils.d.ts +2 -0
- package/dist/src/shared/security.utils.js +46 -0
- package/dist/src/shared/security.utils.js.map +1 -0
- package/dist/src/shared/validation.constants.d.ts +11 -0
- package/dist/src/shared/validation.constants.js +53 -0
- package/dist/src/shared/validation.constants.js.map +1 -0
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +4 -2
- package/dist/vitest.config.d.ts +0 -2
- package/dist/vitest.config.js +0 -23
- package/dist/vitest.config.js.map +0 -1
|
@@ -15,6 +15,8 @@ const common_1 = require("@nestjs/common");
|
|
|
15
15
|
const fs = require("fs/promises");
|
|
16
16
|
const fs_1 = require("fs");
|
|
17
17
|
const path = require("path");
|
|
18
|
+
const security_utils_1 = require("../shared/security.utils");
|
|
19
|
+
const agent_schema_1 = require("./agent.schema");
|
|
18
20
|
let RulesService = RulesService_1 = class RulesService {
|
|
19
21
|
constructor() {
|
|
20
22
|
this.logger = new common_1.Logger(RulesService_1.name);
|
|
@@ -57,6 +59,10 @@ let RulesService = RulesService_1 = class RulesService {
|
|
|
57
59
|
}
|
|
58
60
|
}
|
|
59
61
|
async getRuleContent(relativePath) {
|
|
62
|
+
if (!(0, security_utils_1.isPathSafe)(this.rulesDir, relativePath)) {
|
|
63
|
+
this.logger.warn(`Path traversal attempt blocked: ${relativePath}`);
|
|
64
|
+
throw new Error(`Access denied: Invalid path`);
|
|
65
|
+
}
|
|
60
66
|
const fullPath = path.join(this.rulesDir, relativePath);
|
|
61
67
|
try {
|
|
62
68
|
return await fs.readFile(fullPath, 'utf-8');
|
|
@@ -81,7 +87,18 @@ let RulesService = RulesService_1 = class RulesService {
|
|
|
81
87
|
}
|
|
82
88
|
async getAgent(name) {
|
|
83
89
|
const content = await this.getRuleContent(`agents/${name}.json`);
|
|
84
|
-
|
|
90
|
+
try {
|
|
91
|
+
const parsed = JSON.parse(content);
|
|
92
|
+
const validated = (0, agent_schema_1.parseAgentProfile)(parsed);
|
|
93
|
+
return validated;
|
|
94
|
+
}
|
|
95
|
+
catch (error) {
|
|
96
|
+
if (error instanceof agent_schema_1.AgentSchemaError) {
|
|
97
|
+
this.logger.warn(`Invalid agent profile: ${name}`, error.message);
|
|
98
|
+
throw new Error(`Invalid agent profile: ${name}`);
|
|
99
|
+
}
|
|
100
|
+
throw error;
|
|
101
|
+
}
|
|
85
102
|
}
|
|
86
103
|
async searchRules(query) {
|
|
87
104
|
const results = [];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rules.service.js","sourceRoot":"","sources":["../../../src/rules/rules.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAoD;AACpD,kCAAkC;AAClC,2BAAgC;AAChC,6BAA6B;
|
|
1
|
+
{"version":3,"file":"rules.service.js","sourceRoot":"","sources":["../../../src/rules/rules.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAoD;AACpD,kCAAkC;AAClC,2BAAgC;AAChC,6BAA6B;AAE7B,6DAAsD;AACtD,iDAAqE;AAG9D,IAAM,YAAY,oBAAlB,MAAM,YAAY;IAIvB;QAHiB,WAAM,GAAG,IAAI,eAAM,CAAC,cAAY,CAAC,IAAI,CAAC,CAAC;QAStD,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC;YACtC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;YAClD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,iCAAiC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YAGH,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;YACnD,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;YAC1B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,qCAAqC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACxE,CAAC;QAAC,MAAM,CAAC;YAEP,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,iEAAiE,CAClE,CAAC;YACF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YACvC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,2BAA2B,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAEO,eAAe;QAIrB,MAAM,UAAU,GAAG;YACjB,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,sCAAsC,CAAC;YAC/D,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,mCAAmC,CAAC;YAC5D,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,uBAAuB,CAAC;YAChD,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC;SAC9C,CAAC;QAEF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;gBAChC,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;QAGD,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAEO,WAAW,CAAC,OAAe;QACjC,IAAI,CAAC;YACH,OAAO,IAAA,eAAU,EAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,KAAK,CAAC,cAAc,CAAC,YAAoB;QAEvC,IAAI,CAAC,IAAA,2BAAU,EAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,YAAY,EAAE,CAAC,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,YAAY,EAAE,EAAE,KAAK,CAAC,CAAC;YACtE,MAAM,IAAI,KAAK,CAAC,6BAA6B,YAAY,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACrD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC1C,OAAO,KAAK;iBACT,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;iBAChC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;YAClD,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,IAAI,OAAO,CAAC,CAAC;QACjE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEnC,MAAM,SAAS,GAAG,IAAA,gCAAiB,EAAC,MAAM,CAAC,CAAC;YAC5C,OAAO,SAAoC,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,+BAAgB,EAAE,CAAC;gBACtC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,IAAI,EAAE,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;gBAClE,MAAM,IAAI,KAAK,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;YACpD,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QAEvC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,MAAM,aAAa,GAAG;YACpB,eAAe;YACf,kBAAkB;YAClB,2BAA2B;YAC3B,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;SACvC,CAAC;QAEF,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;gBAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAClC,MAAM,OAAO,GAAa,EAAE,CAAC;gBAC7B,IAAI,KAAK,GAAG,CAAC,CAAC;gBAEd,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;oBAC5B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC5C,OAAO,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;wBAClD,KAAK,EAAE,CAAC;oBACV,CAAC;gBACH,CAAC,CAAC,CAAC;gBAEH,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;gBACzC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;YAET,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC;CACF,CAAA;AA7IY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;;GACA,YAAY,CA6IxB"}
|
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
export interface AgentProfile {
|
|
2
2
|
name: string;
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
3
|
+
description: string;
|
|
4
|
+
role: {
|
|
5
|
+
title: string;
|
|
6
|
+
expertise: string[];
|
|
7
|
+
tech_stack_reference?: string;
|
|
8
|
+
responsibilities?: string[];
|
|
9
|
+
};
|
|
10
|
+
[key: string]: unknown;
|
|
8
11
|
}
|
|
9
12
|
export interface SearchResult {
|
|
10
13
|
file: string;
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import * as z from 'zod';
|
|
2
|
+
export declare class SkillSchemaError extends Error {
|
|
3
|
+
readonly details?: z.ZodError | undefined;
|
|
4
|
+
constructor(message: string, details?: z.ZodError | undefined);
|
|
5
|
+
}
|
|
6
|
+
export declare const SkillFrontmatterSchema: z.ZodObject<{
|
|
7
|
+
name: z.ZodString;
|
|
8
|
+
description: z.ZodString;
|
|
9
|
+
}, z.z.core.$strip>;
|
|
10
|
+
export interface Skill {
|
|
11
|
+
name: string;
|
|
12
|
+
description: string;
|
|
13
|
+
content: string;
|
|
14
|
+
path: string;
|
|
15
|
+
}
|
|
16
|
+
export type SkillFrontmatter = z.infer<typeof SkillFrontmatterSchema>;
|
|
17
|
+
export declare function parseSkill(content: string, filePath: string): Skill;
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.SkillFrontmatterSchema = exports.SkillSchemaError = void 0;
|
|
4
|
+
exports.parseSkill = parseSkill;
|
|
5
|
+
const z = require("zod");
|
|
6
|
+
const yaml = require("yaml");
|
|
7
|
+
const security_utils_1 = require("../shared/security.utils");
|
|
8
|
+
class SkillSchemaError extends Error {
|
|
9
|
+
constructor(message, details) {
|
|
10
|
+
super(message);
|
|
11
|
+
this.details = details;
|
|
12
|
+
this.name = 'SkillSchemaError';
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
exports.SkillSchemaError = SkillSchemaError;
|
|
16
|
+
exports.SkillFrontmatterSchema = z.object({
|
|
17
|
+
name: z
|
|
18
|
+
.string()
|
|
19
|
+
.min(1)
|
|
20
|
+
.regex(/^[a-z0-9-]+$/, 'Skill name must be lowercase alphanumeric with hyphens only'),
|
|
21
|
+
description: z.string().min(1).max(500),
|
|
22
|
+
});
|
|
23
|
+
const FRONTMATTER_REGEX = /^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/;
|
|
24
|
+
function parseFrontmatter(content) {
|
|
25
|
+
const match = content.match(FRONTMATTER_REGEX);
|
|
26
|
+
if (!match) {
|
|
27
|
+
throw new SkillSchemaError('Invalid skill file: Missing or malformed YAML frontmatter');
|
|
28
|
+
}
|
|
29
|
+
const [, yamlStr, body] = match;
|
|
30
|
+
try {
|
|
31
|
+
const frontmatter = yaml.parse(yamlStr);
|
|
32
|
+
return { frontmatter, body: body.trim() };
|
|
33
|
+
}
|
|
34
|
+
catch (error) {
|
|
35
|
+
throw new SkillSchemaError(`Invalid skill file: YAML parsing failed - ${error instanceof Error ? error.message : 'Unknown error'}`);
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
function parseSkill(content, filePath) {
|
|
39
|
+
const { frontmatter, body } = parseFrontmatter(content);
|
|
40
|
+
const dangerousKey = (0, security_utils_1.containsDangerousKeys)(frontmatter);
|
|
41
|
+
if (dangerousKey) {
|
|
42
|
+
throw new SkillSchemaError(`Invalid skill: Dangerous key "${dangerousKey}" detected`);
|
|
43
|
+
}
|
|
44
|
+
const result = exports.SkillFrontmatterSchema.safeParse(frontmatter);
|
|
45
|
+
if (!result.success) {
|
|
46
|
+
const errorMessage = result.error.issues
|
|
47
|
+
.map(issue => {
|
|
48
|
+
const pathStr = issue.path.length > 0 ? issue.path.join('.') : 'root';
|
|
49
|
+
return `${pathStr}: ${issue.message}`;
|
|
50
|
+
})
|
|
51
|
+
.join(', ');
|
|
52
|
+
throw new SkillSchemaError(`Invalid skill frontmatter: ${errorMessage}`, result.error);
|
|
53
|
+
}
|
|
54
|
+
if (!body || body.trim().length === 0) {
|
|
55
|
+
throw new SkillSchemaError('Invalid skill: Content after frontmatter is empty');
|
|
56
|
+
}
|
|
57
|
+
return {
|
|
58
|
+
name: result.data.name,
|
|
59
|
+
description: result.data.description,
|
|
60
|
+
content: body,
|
|
61
|
+
path: filePath,
|
|
62
|
+
};
|
|
63
|
+
}
|
|
64
|
+
//# sourceMappingURL=skill.schema.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"skill.schema.js","sourceRoot":"","sources":["../../../src/rules/skill.schema.ts"],"names":[],"mappings":";;;AAuGA,gCAyCC;AAtID,yBAAyB;AACzB,6BAA6B;AAC7B,6DAAiE;AAMjE,MAAa,gBAAiB,SAAQ,KAAK;IACzC,YACE,OAAe,EACC,OAAoB;QAEpC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,YAAO,GAAP,OAAO,CAAa;QAGpC,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AARD,4CAQC;AAWY,QAAA,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,KAAK,CACJ,cAAc,EACd,6DAA6D,CAC9D;IACH,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,CAAC;AAmBH,MAAM,iBAAiB,GAAG,6CAA6C,CAAC;AAExE,SAAS,gBAAgB,CAAC,OAAe;IAIvC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAE/C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,gBAAgB,CACxB,2DAA2D,CAC5D,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC;IAEhC,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACxC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;IAC5C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,gBAAgB,CACxB,6CAA6C,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACxG,CAAC;IACJ,CAAC;AACH,CAAC;AAcD,SAAgB,UAAU,CAAC,OAAe,EAAE,QAAgB;IAE1D,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAGxD,MAAM,YAAY,GAAG,IAAA,sCAAqB,EAAC,WAAW,CAAC,CAAC;IACxD,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,IAAI,gBAAgB,CACxB,iCAAiC,YAAY,YAAY,CAC1D,CAAC;IACJ,CAAC;IAGD,MAAM,MAAM,GAAG,8BAAsB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAE7D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;aACrC,GAAG,CAAC,KAAK,CAAC,EAAE;YACX,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACtE,OAAO,GAAG,OAAO,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;QACxC,CAAC,CAAC;aACD,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,gBAAgB,CACxB,8BAA8B,YAAY,EAAE,EAC5C,MAAM,CAAC,KAAK,CACb,CAAC;IACJ,CAAC;IAGD,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,gBAAgB,CACxB,mDAAmD,CACpD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW;QACpC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,QAAQ;KACf,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function sanitizeError(error: unknown): string;
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.sanitizeError = sanitizeError;
|
|
4
|
+
const SENSITIVE_PATTERNS = [
|
|
5
|
+
/\/[a-zA-Z0-9_-]+\/[a-zA-Z0-9_./\\-]+/,
|
|
6
|
+
/[A-Z]:\\[a-zA-Z0-9_\\.-]+/,
|
|
7
|
+
/node_modules/i,
|
|
8
|
+
/\s+at\s+.+:\d+:\d+/,
|
|
9
|
+
/\.[jt]sx?:\d+/,
|
|
10
|
+
];
|
|
11
|
+
function isDebugMode() {
|
|
12
|
+
return process.env.CODINGBUDDY_DEBUG === 'true';
|
|
13
|
+
}
|
|
14
|
+
function containsSensitiveInfo(message) {
|
|
15
|
+
return SENSITIVE_PATTERNS.some(pattern => pattern.test(message));
|
|
16
|
+
}
|
|
17
|
+
function sanitizeError(error) {
|
|
18
|
+
const genericMessage = 'An internal error occurred';
|
|
19
|
+
if (error === null || error === undefined) {
|
|
20
|
+
return isDebugMode() ? 'Unknown error: null or undefined' : genericMessage;
|
|
21
|
+
}
|
|
22
|
+
if (error instanceof Error) {
|
|
23
|
+
const message = error.message;
|
|
24
|
+
if (isDebugMode()) {
|
|
25
|
+
return message;
|
|
26
|
+
}
|
|
27
|
+
if (containsSensitiveInfo(message)) {
|
|
28
|
+
return genericMessage;
|
|
29
|
+
}
|
|
30
|
+
return message;
|
|
31
|
+
}
|
|
32
|
+
if (typeof error === 'string') {
|
|
33
|
+
if (isDebugMode()) {
|
|
34
|
+
return error;
|
|
35
|
+
}
|
|
36
|
+
if (containsSensitiveInfo(error)) {
|
|
37
|
+
return genericMessage;
|
|
38
|
+
}
|
|
39
|
+
return error;
|
|
40
|
+
}
|
|
41
|
+
if (isDebugMode()) {
|
|
42
|
+
return `Unknown error: ${JSON.stringify(error)}`;
|
|
43
|
+
}
|
|
44
|
+
return genericMessage;
|
|
45
|
+
}
|
|
46
|
+
//# sourceMappingURL=error.utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"error.utils.js","sourceRoot":"","sources":["../../../src/shared/error.utils.ts"],"names":[],"mappings":";;AA+CA,sCA2CC;AAnFD,MAAM,kBAAkB,GAAG;IAEzB,sCAAsC;IAEtC,2BAA2B;IAE3B,eAAe;IAEf,oBAAoB;IAEpB,eAAe;CAChB,CAAC;AAKF,SAAS,WAAW;IAClB,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,CAAC;AAClD,CAAC;AAKD,SAAS,qBAAqB,CAAC,OAAe;IAC5C,OAAO,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AACnE,CAAC;AAeD,SAAgB,aAAa,CAAC,KAAc;IAC1C,MAAM,cAAc,GAAG,4BAA4B,CAAC;IAGpD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,WAAW,EAAE,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAC,cAAc,CAAC;IAC7E,CAAC;IAGD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAE9B,IAAI,WAAW,EAAE,EAAE,CAAC;YAClB,OAAO,OAAO,CAAC;QACjB,CAAC;QAGD,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAGD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,WAAW,EAAE,EAAE,CAAC;YAClB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,qBAAqB,CAAC,KAAK,CAAC,EAAE,CAAC;YACjC,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAGD,IAAI,WAAW,EAAE,EAAE,CAAC;QAClB,OAAO,kBAAkB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;IACnD,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC"}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.containsDangerousKeys = containsDangerousKeys;
|
|
4
|
+
exports.isPathSafe = isPathSafe;
|
|
5
|
+
const path = require("path");
|
|
6
|
+
const DANGEROUS_KEYS = ['__proto__', 'constructor', 'prototype'];
|
|
7
|
+
function containsDangerousKeys(obj, objPath = '') {
|
|
8
|
+
if (obj === null || typeof obj !== 'object') {
|
|
9
|
+
return null;
|
|
10
|
+
}
|
|
11
|
+
if (Array.isArray(obj)) {
|
|
12
|
+
for (let i = 0; i < obj.length; i++) {
|
|
13
|
+
const result = containsDangerousKeys(obj[i], `${objPath}[${i}]`);
|
|
14
|
+
if (result)
|
|
15
|
+
return result;
|
|
16
|
+
}
|
|
17
|
+
return null;
|
|
18
|
+
}
|
|
19
|
+
const keys = Object.getOwnPropertyNames(obj);
|
|
20
|
+
for (const key of keys) {
|
|
21
|
+
if (DANGEROUS_KEYS.includes(key)) {
|
|
22
|
+
return objPath ? `${objPath}.${key}` : key;
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
for (const key of keys) {
|
|
26
|
+
if (!DANGEROUS_KEYS.includes(key)) {
|
|
27
|
+
const result = containsDangerousKeys(obj[key], objPath ? `${objPath}.${key}` : key);
|
|
28
|
+
if (result)
|
|
29
|
+
return result;
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
return null;
|
|
33
|
+
}
|
|
34
|
+
function isPathSafe(basePath, relativePath) {
|
|
35
|
+
if (relativePath.includes('\x00')) {
|
|
36
|
+
return false;
|
|
37
|
+
}
|
|
38
|
+
const normalizedRelative = relativePath.replace(/\\/g, '/');
|
|
39
|
+
const resolvedBase = path.resolve(basePath);
|
|
40
|
+
const resolvedTarget = path.resolve(basePath, normalizedRelative);
|
|
41
|
+
if (resolvedTarget === resolvedBase) {
|
|
42
|
+
return true;
|
|
43
|
+
}
|
|
44
|
+
return resolvedTarget.startsWith(resolvedBase + path.sep);
|
|
45
|
+
}
|
|
46
|
+
//# sourceMappingURL=security.utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security.utils.js","sourceRoot":"","sources":["../../../src/shared/security.utils.ts"],"names":[],"mappings":";;AAoBA,sDAqCC;AAmBD,gCAuBC;AA/FD,6BAA6B;AAM7B,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,CAAU,CAAC;AAU1E,SAAgB,qBAAqB,CACnC,GAAY,EACZ,OAAO,GAAG,EAAE;IAEZ,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACjE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAC;QAC5B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAGD,MAAM,IAAI,GAAG,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAE7C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAsC,CAAC,EAAE,CAAC;YACpE,OAAO,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QAC7C,CAAC;IACH,CAAC;IAGD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAsC,CAAC,EAAE,CAAC;YACrE,MAAM,MAAM,GAAG,qBAAqB,CACjC,GAA+B,CAAC,GAAG,CAAC,EACrC,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CACpC,CAAC;YACF,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAmBD,SAAgB,UAAU,CAAC,QAAgB,EAAE,YAAoB;IAE/D,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC;IACf,CAAC;IAID,MAAM,kBAAkB,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAG5D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;IAIlE,IAAI,cAAc,KAAK,YAAY,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAID,OAAO,cAAc,CAAC,UAAU,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;AAC5D,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export declare const MAX_QUERY_LENGTH = 1000;
|
|
2
|
+
export declare const MAX_PROMPT_LENGTH = 10000;
|
|
3
|
+
export declare const MAX_AGENT_NAME_LENGTH = 100;
|
|
4
|
+
export declare const AGENT_NAME_PATTERN: RegExp;
|
|
5
|
+
export interface ValidationResult {
|
|
6
|
+
valid: boolean;
|
|
7
|
+
error?: string;
|
|
8
|
+
}
|
|
9
|
+
export declare function validateQuery(query: string): ValidationResult;
|
|
10
|
+
export declare function validatePrompt(prompt: string): ValidationResult;
|
|
11
|
+
export declare function validateAgentName(name: string): ValidationResult;
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AGENT_NAME_PATTERN = exports.MAX_AGENT_NAME_LENGTH = exports.MAX_PROMPT_LENGTH = exports.MAX_QUERY_LENGTH = void 0;
|
|
4
|
+
exports.validateQuery = validateQuery;
|
|
5
|
+
exports.validatePrompt = validatePrompt;
|
|
6
|
+
exports.validateAgentName = validateAgentName;
|
|
7
|
+
exports.MAX_QUERY_LENGTH = 1000;
|
|
8
|
+
exports.MAX_PROMPT_LENGTH = 10000;
|
|
9
|
+
exports.MAX_AGENT_NAME_LENGTH = 100;
|
|
10
|
+
exports.AGENT_NAME_PATTERN = /^[a-z0-9-]+$/;
|
|
11
|
+
function validateQuery(query) {
|
|
12
|
+
if (!query || query.trim().length === 0) {
|
|
13
|
+
return { valid: false, error: 'Query cannot be empty' };
|
|
14
|
+
}
|
|
15
|
+
if (query.length > exports.MAX_QUERY_LENGTH) {
|
|
16
|
+
return {
|
|
17
|
+
valid: false,
|
|
18
|
+
error: `Query exceeds maximum length of ${exports.MAX_QUERY_LENGTH} characters`,
|
|
19
|
+
};
|
|
20
|
+
}
|
|
21
|
+
return { valid: true };
|
|
22
|
+
}
|
|
23
|
+
function validatePrompt(prompt) {
|
|
24
|
+
if (!prompt || prompt.trim().length === 0) {
|
|
25
|
+
return { valid: false, error: 'Prompt cannot be empty' };
|
|
26
|
+
}
|
|
27
|
+
if (prompt.length > exports.MAX_PROMPT_LENGTH) {
|
|
28
|
+
return {
|
|
29
|
+
valid: false,
|
|
30
|
+
error: `Prompt exceeds maximum length of ${exports.MAX_PROMPT_LENGTH} characters`,
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
return { valid: true };
|
|
34
|
+
}
|
|
35
|
+
function validateAgentName(name) {
|
|
36
|
+
if (!name || name.trim().length === 0) {
|
|
37
|
+
return { valid: false, error: 'Agent name cannot be empty' };
|
|
38
|
+
}
|
|
39
|
+
if (name.length > exports.MAX_AGENT_NAME_LENGTH) {
|
|
40
|
+
return {
|
|
41
|
+
valid: false,
|
|
42
|
+
error: `Agent name exceeds maximum length of ${exports.MAX_AGENT_NAME_LENGTH} characters`,
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
if (!exports.AGENT_NAME_PATTERN.test(name)) {
|
|
46
|
+
return {
|
|
47
|
+
valid: false,
|
|
48
|
+
error: 'Agent name must contain only lowercase letters, numbers, and hyphens',
|
|
49
|
+
};
|
|
50
|
+
}
|
|
51
|
+
return { valid: true };
|
|
52
|
+
}
|
|
53
|
+
//# sourceMappingURL=validation.constants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validation.constants.js","sourceRoot":"","sources":["../../../src/shared/validation.constants.ts"],"names":[],"mappings":";;;AAoDA,sCAWC;AAKD,wCAWC;AAKD,8CAkBC;AAvFY,QAAA,gBAAgB,GAAG,IAAI,CAAC;AAMxB,QAAA,iBAAiB,GAAG,KAAK,CAAC;AAM1B,QAAA,qBAAqB,GAAG,GAAG,CAAC;AAW5B,QAAA,kBAAkB,GAAG,cAAc,CAAC;AAcjD,SAAgB,aAAa,CAAC,KAAa;IACzC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;IAC1D,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,GAAG,wBAAgB,EAAE,CAAC;QACpC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,mCAAmC,wBAAgB,aAAa;SACxE,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAKD,SAAgB,cAAc,CAAC,MAAc;IAC3C,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC;IAC3D,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,GAAG,yBAAiB,EAAE,CAAC;QACtC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,oCAAoC,yBAAiB,aAAa;SAC1E,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAKD,SAAgB,iBAAiB,CAAC,IAAY;IAC5C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC;IAC/D,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,6BAAqB,EAAE,CAAC;QACxC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,wCAAwC,6BAAqB,aAAa;SAClF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,0BAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EACH,sEAAsE;SACzE,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC"}
|