distill-mcp 0.6.0-beta

package/dist/sandbox/sdk/search.test.js

@@ -0,0 +1,183 @@
+/**
+ * Search SDK Tests
+ *
+ * Tests for ctx.search.* functions.
+ */
+import { describe, it, expect, beforeAll } from "vitest";
+import { createSearchAPI } from "./search.js";
+import * as fs from "fs";
+import * as path from "path";
+// Get the monorepo root
+function getProjectRoot() {
+    // Navigate up from test file to project root
+    let dir = __dirname;
+    while (dir !== "/" && !fs.existsSync(path.join(dir, "package.json"))) {
+        dir = path.dirname(dir);
+    }
+    return dir;
+}
+const projectRoot = getProjectRoot();
+// Create mock callbacks
+function createMockCallbacks(workingDir) {
+    return {
+        readFile(filePath) {
+            const fullPath = path.isAbsolute(filePath)
+                ? filePath
+                : path.join(workingDir, filePath);
+            return fs.readFileSync(fullPath, "utf-8");
+        },
+        fileExists(filePath) {
+            const fullPath = path.isAbsolute(filePath)
+                ? filePath
+                : path.join(workingDir, filePath);
+            try {
+                fs.accessSync(fullPath);
+                return true;
+            }
+            catch {
+                return false;
+            }
+        },
+        glob() {
+            return [];
+        },
+    };
+}
+describe("Search SDK", () => {
+    let search;
+    beforeAll(() => {
+        const callbacks = createMockCallbacks(projectRoot);
+        search = createSearchAPI(projectRoot, callbacks);
+    });
+    describe("grep", () => {
+        it("should return GrepResult structure", () => {
+            const result = search.grep("function", "**/*.ts");
+            expect(result).toBeDefined();
+            expect(result.matches).toBeDefined();
+            expect(Array.isArray(result.matches)).toBe(true);
+            expect(typeof result.totalMatches).toBe("number");
+            expect(typeof result.filesSearched).toBe("number");
+        });
+        it("should find matches in TypeScript files", () => {
+            const result = search.grep("export", "**/*.ts");
+            expect(result.matches.length).toBeGreaterThan(0);
+            const match = result.matches[0];
+            expect(match.file).toBeDefined();
+            expect(typeof match.line).toBe("number");
+            expect(typeof match.column).toBe("number");
+            expect(match.content).toBeDefined();
+            expect(match.match).toBeDefined();
+        });
+        it("should support regex patterns", () => {
+            const result = search.grep("function\\s+\\w+", "**/*.ts");
+            expect(result.matches.length).toBeGreaterThan(0);
+        });
+        it("should respect file glob filter", () => {
+            const tsResult = search.grep("import", "**/*.ts");
+            expect(tsResult.filesSearched).toBeGreaterThan(0);
+            // Search in non-existent extension should return 0 matches
+            const noResult = search.grep("import", "**/*.xyz");
+            expect(noResult.matches.length).toBe(0);
+        });
+        it("should throw for invalid regex", () => {
+            expect(() => search.grep("[invalid", "**/*.ts")).toThrow("Invalid regex pattern");
+        });
+    });
+    describe("symbols", () => {
+        it("should return SymbolResult structure", () => {
+            const result = search.symbols("create", "**/*.ts");
+            expect(result).toBeDefined();
+            expect(result.symbols).toBeDefined();
+            expect(Array.isArray(result.symbols)).toBe(true);
+            expect(typeof result.totalMatches).toBe("number");
+        });
+        it("should find function symbols", () => {
+            const result = search.symbols("createSearchAPI", "**/*.ts");
+            if (result.symbols.length > 0) {
+                const symbol = result.symbols[0];
+                expect(symbol.name).toBeDefined();
+                expect(symbol.type).toBeDefined();
+                expect(symbol.file).toBeDefined();
+                expect(typeof symbol.line).toBe("number");
+            }
+        });
+        it("should support partial name matching", () => {
+            const result = search.symbols("Search", "**/*.ts");
+            expect(result.symbols.length).toBeGreaterThan(0);
+            // Should find symbols containing "Search" in their name
+            const hasMatch = result.symbols.some((s) => s.name.toLowerCase().includes("search"));
+            expect(hasMatch).toBe(true);
+        });
+    });
+    describe("files", () => {
+        it("should return FileResult structure", () => {
+            const result = search.files("**/*.ts");
+            expect(result).toBeDefined();
+            expect(result.files).toBeDefined();
+            expect(Array.isArray(result.files)).toBe(true);
+            expect(typeof result.totalMatches).toBe("number");
+        });
+        it("should find TypeScript files", () => {
+            const result = search.files("**/*.ts");
+            expect(result.files.length).toBeGreaterThan(0);
+            const file = result.files[0];
+            expect(file.path).toBeDefined();
+            expect(file.name).toBeDefined();
+            expect(file.extension).toBe(".ts");
+        });
+        it("should find specific file patterns", () => {
+            const result = search.files("**/search.ts");
+            expect(result.files.length).toBeGreaterThan(0);
+            const hasSearchFile = result.files.some((f) => f.name === "search.ts");
+            expect(hasSearchFile).toBe(true);
+        });
+        it("should include file size", () => {
+            const result = search.files("**/*.ts");
+            if (result.files.length > 0) {
+                const file = result.files[0];
+                expect(typeof file.size).toBe("number");
+                expect(file.size).toBeGreaterThan(0);
+            }
+        });
+    });
+    describe("references", () => {
+        it("should return ReferenceMatch array", () => {
+            const result = search.references("createSearchAPI", "**/*.ts");
+            expect(Array.isArray(result)).toBe(true);
+        });
+        it("should find symbol references", () => {
+            // Search for a common symbol that should have multiple references
+            const result = search.references("HostCallbacks", "**/*.ts");
+            if (result.length > 0) {
+                const ref = result[0];
+                expect(ref.file).toBeDefined();
+                expect(typeof ref.line).toBe("number");
+                expect(typeof ref.column).toBe("number");
+                expect(ref.context).toBeDefined();
+                expect(["definition", "usage", "import"]).toContain(ref.type);
+            }
+        });
+        it("should categorize reference types", () => {
+            const result = search.references("GrepResult", "**/*.ts");
+            // Should have at least one definition or usage
+            const hasTypedRef = result.some((r) => r.type === "definition" || r.type === "usage" || r.type === "import");
+            if (result.length > 0) {
+                expect(hasTypedRef).toBe(true);
+            }
+        });
+    });
+    describe("error handling", () => {
+        it("should handle empty results gracefully", () => {
+            // Use a pattern that won't appear in any file (including this test file)
+            // by searching in a directory without test files
+            const result = search.grep("xyznonexistentpattern123", "src/ast/**/*.ts");
+            expect(result.matches).toEqual([]);
+            expect(result.totalMatches).toBe(0);
+        });
+        it("should handle non-matching glob patterns", () => {
+            const result = search.files("**/*.nonexistent");
+            expect(result.files).toEqual([]);
+            expect(result.totalMatches).toBe(0);
+        });
+    });
+});

package/dist/sandbox/sdk/utils.d.ts

@@ -0,0 +1,18 @@
+/**
+ * SDK Utility Functions
+ */
+import type { ContentType } from "../../compressors/types.js";
+import type { SupportedLanguage } from "../../ast/types.js";
+/**
+ * Count tokens in text
+ */
+export declare function countTokens(text: string): number;
+/**
+ * Detect content type (logs, stacktrace, code, etc.)
+ */
+export declare function detectType(content: string): ContentType;
+/**
+ * Detect programming language from file path
+ */
+export declare function detectLanguage(filePath: string): SupportedLanguage;
+//# sourceMappingURL=utils.d.ts.map

package/dist/sandbox/sdk/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/sandbox/sdk/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAE5D;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,CAEvD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,CAElE"}

package/dist/sandbox/sdk/utils.js

@@ -0,0 +1,24 @@
+/**
+ * SDK Utility Functions
+ */
+import { countTokens as count } from "../../utils/token-counter.js";
+import { detectContentType } from "../../utils/content-detector.js";
+import { detectLanguageFromPath } from "../../utils/language-detector.js";
+/**
+ * Count tokens in text
+ */
+export function countTokens(text) {
+    return count(text);
+}
+/**
+ * Detect content type (logs, stacktrace, code, etc.)
+ */
+export function detectType(content) {
+    return detectContentType(content);
+}
+/**
+ * Detect programming language from file path
+ */
+export function detectLanguage(filePath) {
+    return detectLanguageFromPath(filePath);
+}

package/dist/sandbox/security/code-analyzer.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Code Analyzer
+ *
+ * Static analysis of code before execution to block dangerous patterns.
+ */
+import type { CodeAnalysis } from "../types.js";
+/**
+ * Analyze code for security issues
+ */
+export declare function analyzeCode(code: string): CodeAnalysis;
+/**
+ * Sanitize error messages to remove host paths
+ */
+export declare function sanitizeError(error: Error, workingDir: string): string;
+//# sourceMappingURL=code-analyzer.d.ts.map

package/dist/sandbox/security/code-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"code-analyzer.d.ts","sourceRoot":"","sources":["../../../src/sandbox/security/code-analyzer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAoDhD;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY,CAuBtD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAetE"}

package/dist/sandbox/security/code-analyzer.js

@@ -0,0 +1,87 @@
+/**
+ * Code Analyzer
+ *
+ * Static analysis of code before execution to block dangerous patterns.
+ */
+/**
+ * Dangerous patterns that are blocked in sandbox code
+ */
+const BLOCKED_PATTERNS = [
+    // Code execution
+    { pattern: /\beval\s*\(/, reason: "eval() is not allowed" },
+    { pattern: /\bFunction\s*\(/, reason: "Function constructor is not allowed" },
+    { pattern: /new\s+Function\s*\(/, reason: "new Function() is not allowed" },
+    // Module system
+    { pattern: /\brequire\s*\(/, reason: "require() is not allowed" },
+    { pattern: /\bimport\s*\(/, reason: "dynamic import() is not allowed" },
+    { pattern: /import\.meta/, reason: "import.meta is not allowed" },
+    // Node.js globals
+    { pattern: /\bprocess\b/, reason: "process is not allowed" },
+    { pattern: /\bglobal\b/, reason: "global is not allowed" },
+    { pattern: /\bglobalThis\b/, reason: "globalThis is not allowed" },
+    { pattern: /\b__dirname\b/, reason: "__dirname is not allowed" },
+    { pattern: /\b__filename\b/, reason: "__filename is not allowed" },
+    { pattern: /\bBuffer\b/, reason: "Buffer is not allowed" },
+    // Prototype pollution
+    { pattern: /__proto__/, reason: "__proto__ is not allowed" },
+    { pattern: /\.constructor\s*\[/, reason: "constructor access is not allowed" },
+    { pattern: /\.prototype\s*\[/, reason: "prototype access is not allowed" },
+    // Reflection APIs
+    { pattern: /\bReflect\b/, reason: "Reflect is not allowed" },
+    { pattern: /\bProxy\b/, reason: "Proxy is not allowed" },
+    // Unsafe operations
+    { pattern: /\bsetTimeout\s*\(/, reason: "setTimeout is not allowed (use await)" },
+    { pattern: /\bsetInterval\s*\(/, reason: "setInterval is not allowed" },
+    { pattern: /\bsetImmediate\s*\(/, reason: "setImmediate is not allowed" },
+    // File system escape attempts
+    { pattern: /file:\/\//, reason: "file:// URLs are not allowed" },
+    { pattern: /\.\.\/\.\.\//, reason: "path traversal is not allowed" },
+];
+/**
+ * Warning patterns (not blocked, but flagged)
+ */
+const WARNING_PATTERNS = [
+    { pattern: /while\s*\(\s*true\s*\)/, warning: "infinite loop detected" },
+    { pattern: /for\s*\(\s*;\s*;\s*\)/, warning: "infinite loop detected" },
+    { pattern: /\.repeat\s*\(\s*\d{6,}\s*\)/, warning: "large string repeat" },
+];
+/**
+ * Analyze code for security issues
+ */
+export function analyzeCode(code) {
+    const blockedPatterns = [];
+    const warnings = [];
+    // Check blocked patterns
+    for (const { pattern, reason } of BLOCKED_PATTERNS) {
+        if (pattern.test(code)) {
+            blockedPatterns.push(reason);
+        }
+    }
+    // Check warning patterns
+    for (const { pattern, warning } of WARNING_PATTERNS) {
+        if (pattern.test(code)) {
+            warnings.push(warning);
+        }
+    }
+    return {
+        safe: blockedPatterns.length === 0,
+        warnings,
+        blockedPatterns,
+    };
+}
+/**
+ * Sanitize error messages to remove host paths
+ */
+export function sanitizeError(error, workingDir) {
+    let message = error.message || "Unknown error";
+    // Remove absolute paths
+    message = message.replace(new RegExp(workingDir, "g"), "<workdir>");
+    message = message.replace(/\/home\/[^/]+/g, "<home>");
+    message = message.replace(/C:\\Users\\[^\\]+/gi, "<home>");
+    // Remove stack traces with host info
+    if (error.stack) {
+        const firstLine = message.split("\n")[0];
+        return firstLine || message;
+    }
+    return message;
+}

package/dist/sandbox/security/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Security module exports
+ */
+export { analyzeCode, sanitizeError } from "./code-analyzer.js";
+export { validatePath, validateGlobPattern, type PathValidation } from "./path-validator.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/sandbox/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/sandbox/security/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,mBAAmB,EAAE,KAAK,cAAc,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/sandbox/security/index.js

@@ -0,0 +1,5 @@
+/**
+ * Security module exports
+ */
+export { analyzeCode, sanitizeError } from "./code-analyzer.js";
+export { validatePath, validateGlobPattern } from "./path-validator.js";

package/dist/sandbox/security/path-validator.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Path Validator
+ *
+ * Validates file paths for sandbox access.
+ * Reuses patterns from smart-file-read.ts for consistency.
+ */
+/**
+ * Validation result
+ */
+export interface PathValidation {
+    safe: boolean;
+    error?: string;
+    resolvedPath?: string;
+}
+/**
+ * Validate a file path for sandbox access
+ */
+export declare function validatePath(filePath: string, workingDir: string): PathValidation;
+/**
+ * Validate a glob pattern
+ */
+export declare function validateGlobPattern(pattern: string, workingDir: string): PathValidation;
+//# sourceMappingURL=path-validator.d.ts.map

package/dist/sandbox/security/path-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-validator.d.ts","sourceRoot":"","sources":["../../../src/sandbox/security/path-validator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAyBH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,GACjB,cAAc,CAoDhB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,cAAc,CA+BhB"}

package/dist/sandbox/security/path-validator.js

@@ -0,0 +1,113 @@
+/**
+ * Path Validator
+ *
+ * Validates file paths for sandbox access.
+ * Reuses patterns from smart-file-read.ts for consistency.
+ */
+import * as path from "path";
+import * as fs from "fs";
+/**
+ * Blocked file patterns (sensitive files)
+ */
+const BLOCKED_PATTERNS = [
+    /\.env($|\.)/i, // Environment files
+    /\.pem$/i, // Private keys
+    /\.key$/i, // Key files
+    /id_rsa/i, // SSH keys
+    /id_ed25519/i, // SSH keys
+    /credentials/i, // Credentials
+    /secrets?\./i, // Secret files
+    /\.keystore$/i, // Java keystores
+    /\.jks$/i, // Java keystores
+    /password/i, // Password files
+    /\.htpasswd/i, // Apache passwords
+    /\.netrc/i, // Network credentials
+    /\.npmrc/i, // NPM credentials
+    /\.pypirc/i, // PyPI credentials
+];
+/**
+ * Validate a file path for sandbox access
+ */
+export function validatePath(filePath, workingDir) {
+    try {
+        // Normalize and resolve path
+        const normalizedPath = path.normalize(filePath);
+        const resolvedPath = path.isAbsolute(normalizedPath)
+            ? normalizedPath
+            : path.resolve(workingDir, normalizedPath);
+        // Check if path is within working directory
+        const relative = path.relative(workingDir, resolvedPath);
+        if (relative.startsWith("..") || path.isAbsolute(relative)) {
+            return {
+                safe: false,
+                error: `Path must be within working directory: ${workingDir}`,
+            };
+        }
+        // Check for symlinks that might escape
+        try {
+            const realPath = fs.realpathSync(resolvedPath);
+            const realRelative = path.relative(workingDir, realPath);
+            if (realRelative.startsWith("..") || path.isAbsolute(realRelative)) {
+                return {
+                    safe: false,
+                    error: "Symlink escapes working directory",
+                };
+            }
+        }
+        catch {
+            // File doesn't exist yet, that's okay for validation
+        }
+        // Check against blocked patterns
+        const fileName = path.basename(resolvedPath);
+        for (const pattern of BLOCKED_PATTERNS) {
+            if (pattern.test(fileName) || pattern.test(resolvedPath)) {
+                return {
+                    safe: false,
+                    error: `Access to ${fileName} is blocked for security`,
+                };
+            }
+        }
+        return {
+            safe: true,
+            resolvedPath,
+        };
+    }
+    catch (error) {
+        return {
+            safe: false,
+            error: `Invalid path: ${error instanceof Error ? error.message : "unknown error"}`,
+        };
+    }
+}
+/**
+ * Validate a glob pattern
+ */
+export function validateGlobPattern(pattern, workingDir) {
+    // Check for path traversal in pattern
+    if (pattern.includes("..")) {
+        return {
+            safe: false,
+            error: "Glob pattern cannot contain path traversal (..)",
+        };
+    }
+    // Check for absolute paths
+    if (path.isAbsolute(pattern)) {
+        return {
+            safe: false,
+            error: "Glob pattern must be relative to working directory",
+        };
+    }
+    // Check for blocked patterns in glob
+    for (const blocked of BLOCKED_PATTERNS) {
+        if (blocked.test(pattern)) {
+            return {
+                safe: false,
+                error: `Glob pattern matches blocked file types`,
+            };
+        }
+    }
+    return {
+        safe: true,
+        resolvedPath: path.join(workingDir, pattern),
+    };
+}