i18ntk 4.0.0 → 4.2.0

package/utils/localized-confirm.js

@@ -0,0 +1,55 @@
+'use strict';
+
+const YES_TOKENS = {
+  en: ['y', 'yes'],
+  de: ['j', 'ja'],
+  es: ['s', 'si', 's\u00ed'],
+  fr: ['o', 'oui'],
+  ru: ['\u0434', '\u0434\u0430'],
+  ja: ['\u306f\u3044', '\u306f', 'y', 'yes'],
+  zh: ['\u662f', '\u5bf9', '\u5c0d', '\u597d', 'y', 'yes'],
+};
+
+const NO_TOKENS = {
+  en: ['n', 'no'],
+  de: ['n', 'nein'],
+  es: ['n', 'no'],
+  fr: ['n', 'non'],
+  ru: ['\u043d', '\u043d\u0435\u0442'],
+  ja: ['\u3044\u3044\u3048', '\u3044\u3048', '\u3044\u3084', 'n', 'no'],
+  zh: ['\u5426', '\u4e0d', '\u4e0d\u8981', 'n', 'no'],
+};
+
+function normalizeToken(value) {
+  return String(value || '').trim().toLowerCase();
+}
+
+function getTokens(language, tokenMap) {
+  const lang = normalizeToken(language || 'en');
+  return new Set([...(tokenMap.en || []), ...(tokenMap[lang] || [])].map(normalizeToken));
+}
+
+function isAffirmative(value, language = 'en') {
+  return getTokens(language, YES_TOKENS).has(normalizeToken(value));
+}
+
+function isNegative(value, language = 'en') {
+  return getTokens(language, NO_TOKENS).has(normalizeToken(value));
+}
+
+function parseConfirmation(value, options = {}) {
+  const { language = 'en', defaultValue = false } = options;
+  const normalized = normalizeToken(value);
+  if (!normalized) return Boolean(defaultValue);
+  if (isAffirmative(normalized, language)) return true;
+  if (isNegative(normalized, language)) return false;
+  return Boolean(defaultValue);
+}
+
+module.exports = {
+  YES_TOKENS,
+  NO_TOKENS,
+  isAffirmative,
+  isNegative,
+  parseConfirmation,
+};

package/utils/menu-layout.js

@@ -0,0 +1,41 @@
+const DEFAULT_OPTIONS = [
+  [1, 'init'],
+  [2, 'analyze'],
+  [3, 'validate'],
+  [4, 'usage'],
+  [5, 'complete'],
+  null,
+  [6, 'sizing'],
+  [7, 'fix'],
+  [8, 'status'],
+  [9, 'delete'],
+  null,
+  [10, 'settings'],
+  [11, 'help'],
+  [12, 'language'],
+  [13, 'scanner'],
+  [14, 'translate'],
+  null,
+  [0, 'exit'],
+];
+
+function buildMainMenuLines(translate, options = {}) {
+  const t = typeof translate === 'function' ? translate : key => key;
+  const includeTranslate = options.includeTranslate !== false;
+  const menuOptions = DEFAULT_OPTIONS.filter(option => includeTranslate || !option || option[1] !== 'translate');
+
+  return [
+    '',
+    t('menu.title'),
+    t('menu.separator'),
+    ...menuOptions.map(option => {
+      if (!option) return '';
+      const [number, key] = option;
+      return `${String(number).padStart(2, ' ')}. ${t(`menu.options.${key}`)}`;
+    }),
+  ];
+}
+
+module.exports = {
+  buildMainMenuLines,
+};

package/utils/report-writer.js

@@ -0,0 +1,110 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const SecurityUtils = require('./security');
+
+const EXTENSIONS = {
+  markdown: '.md',
+  md: '.md',
+  json: '.json',
+  text: '.txt',
+  txt: '.txt',
+};
+
+function normalizeReportFormat(format) {
+  const normalized = String(format || 'markdown').trim().toLowerCase();
+  if (normalized === 'md') return 'markdown';
+  if (normalized === 'txt') return 'text';
+  return Object.prototype.hasOwnProperty.call(EXTENSIONS, normalized) ? normalized : 'markdown';
+}
+
+function extensionForReportFormat(format) {
+  return EXTENSIONS[normalizeReportFormat(format)] || '.md';
+}
+
+function buildReportFile(baseName, format) {
+  const safeBase = String(baseName || 'i18ntk-report').replace(/[^\w.-]/g, '_').replace(/\.+$/g, '') || 'i18ntk-report';
+  return {
+    fileName: `${safeBase}${extensionForReportFormat(format)}`,
+    format: normalizeReportFormat(format),
+  };
+}
+
+function objectToMarkdown(value, heading = 'Report', depth = 0) {
+  if (depth === 0) {
+    return [`# ${heading}`, '', objectToMarkdown(value, heading, depth + 1)].join('\n').trimEnd();
+  }
+
+  if (Array.isArray(value)) {
+    if (value.length === 0) return '- (none)';
+    return value.map(item => {
+      if (item && typeof item === 'object') {
+        return `- ${JSON.stringify(item)}`;
+      }
+      return `- ${String(item)}`;
+    }).join('\n');
+  }
+
+  if (value && typeof value === 'object') {
+    const lines = [];
+    for (const [key, item] of Object.entries(value)) {
+      if (item && typeof item === 'object') {
+        lines.push(`${'#'.repeat(Math.min(depth + 1, 6))} ${key}`);
+        lines.push('');
+        lines.push(objectToMarkdown(item, key, depth + 1));
+        lines.push('');
+      } else {
+        lines.push(`- **${key}:** ${String(item)}`);
+      }
+    }
+    return lines.join('\n').trimEnd();
+  }
+
+  return String(value ?? '');
+}
+
+function formatReportContent(report, format = 'markdown', options = {}) {
+  const normalized = normalizeReportFormat(format);
+
+  if (normalized === 'json') {
+    const payload = typeof report === 'string' ? { report } : report;
+    return `${JSON.stringify(payload, null, 2)}\n`;
+  }
+
+  if (typeof report === 'string') {
+    return report.endsWith('\n') ? report : `${report}\n`;
+  }
+
+  if (normalized === 'text') {
+    return `${JSON.stringify(report, null, 2)}\n`;
+  }
+
+  return `${objectToMarkdown(report, options.title || 'I18NTK Report')}\n`;
+}
+
+async function writeReportFile(outputDir, baseName, report, options = {}) {
+  const format = normalizeReportFormat(options.format);
+  const { fileName } = buildReportFile(baseName, format);
+  const resolvedOutputDir = path.resolve(outputDir || './i18ntk-reports');
+  const reportPath = path.join(resolvedOutputDir, fileName);
+  const validatedOutputDir = SecurityUtils.validatePath(resolvedOutputDir, process.cwd());
+  if (!validatedOutputDir) {
+    throw new Error(`Invalid report output directory: ${outputDir}`);
+  }
+  fs.mkdirSync(validatedOutputDir, { recursive: true });
+  const content = formatReportContent(report, format, options);
+  const success = await SecurityUtils.safeWriteFile(reportPath, content, validatedOutputDir, 'utf8');
+  if (!success) {
+    throw new Error(`Failed to write report: ${reportPath}`);
+  }
+  return reportPath;
+}
+
+module.exports = {
+  buildReportFile,
+  extensionForReportFormat,
+  formatReportContent,
+  normalizeReportFormat,
+  writeReportFile,
+};

package/utils/security.js

@@ -42,13 +42,16 @@ function initializeInternalRoots() {
     roots.add(path.resolve(candidate));
   }
 
-  const custom = String(envManager.get('I18NTK_INTERNAL_PATH_PREFIXES') || '')
-    .split(',')
-    .map((entry) => entry.trim())
-    .filter(Boolean);
-  for (const prefix of custom) {
-    roots.add(path.resolve(prefix));
-  }
+  const custom = String(envManager.get('I18NTK_INTERNAL_PATH_PREFIXES') || '')
+    .split(',')
+    .map((entry) => entry.trim())
+    .filter(Boolean);
+  for (const prefix of custom) {
+    const resolved = path.resolve(prefix);
+    if ([...roots].some((root) => isPathInside(root, resolved))) {
+      roots.add(resolved);
+    }
+  }
 
   return roots;
 }
@@ -229,12 +232,7 @@ static _logging = false;
     const useI18n = i18n && i18n.isInitialized && typeof i18n.t === 'function';
 
     try {
-    // Check against whitelist patterns for our own package artifacts
-    if (SecurityUtils.PACKAGE_ARTIFACT_WHITELIST.some(pattern => pattern.test(filePath))) {
-    return filePath;
-    }
-    
-    if (!filePath || typeof filePath !== 'string') {
+    if (!filePath || typeof filePath !== 'string') {
         const message = useI18n
           ? i18n.t('security.pathValidationFailed')
           : 'Path validation failed';
@@ -297,9 +295,9 @@ static _logging = false;
         // If the path doesn't exist yet, fall back to the resolved path
       }
 
-      // Check for actual path traversal (going outside the base directory)
-      const relativePath = path.relative(base, finalPath);
-      if (relativePath.startsWith('..')) {
+      // Check for actual path traversal (going outside the base directory)
+      const relativePath = path.relative(base, finalPath);
+      if (relativePath.startsWith('..') || path.isAbsolute(relativePath)) {
         const message = useI18n
           ? i18n.t('security.pathTraversalAttempt')
           : 'Path traversal attempt';
@@ -623,12 +621,7 @@ static _logging = false;
   return false;
   }
   
-  // Check against whitelist patterns for our own package artifacts
-  if (SecurityUtils.PACKAGE_ARTIFACT_WHITELIST.some(pattern => pattern.test(filePath))) {
-  return true;
-  }
-
-    // Allow legitimate Windows drive letter paths
+    // Allow legitimate Windows drive letter paths
     if (filePath.match(/^[A-Z]:[\/\\]/)) {
       const afterDrive = filePath.substring(3);
       // Only check the part after the drive letter for dangerous patterns

package/utils/translate/api.js

@@ -1,7 +1,13 @@
 const { URL } = require('url');
 const { safeHttpGet, safeHttpPost, buildGoogleTranslateUrl } = require('./safe-network');
 
-const DEFAULT_CONCURRENCY = 3;
+const DEFAULT_CONCURRENCY = 12;
+const PROVIDER_CONCURRENCY_LIMITS = {
+  google: 100,
+  deepl: 25,
+  libretranslate: 25,
+  custom: 100,
+};
 const DEFAULT_RETRY_COUNT = 3;
 const DEFAULT_RETRY_DELAY = 1000;
 const MAX_BACKOFF_DELAY = 30000;
@@ -26,6 +32,16 @@ function normalizeProvider(provider) {
   return value;
 }
 
+function getProviderConcurrencyLimit(provider) {
+  return PROVIDER_CONCURRENCY_LIMITS[normalizeProvider(provider)] || 25;
+}
+
+function clampProviderConcurrency(value, provider, fallback = DEFAULT_CONCURRENCY) {
+  const parsed = parseInt(value, 10);
+  if (!Number.isInteger(parsed)) return fallback;
+  return Math.min(Math.max(parsed, 1), getProviderConcurrencyLimit(provider));
+}
+
 function normalizeDeepLLanguage(code) {
   return String(code || '').replace('-', '_').toUpperCase();
 }
@@ -271,12 +287,21 @@ async function translateBatch(batch, targetLang, options = {}) {
 
       completed++;
       if (typeof onProgress === 'function') {
-        onProgress({ completed, total: batch.length, index: i, ok: result.ok });
+        onProgress({
+          completed,
+          total: batch.length,
+          index: i,
+          ok: result.ok,
+          keyPath: item && typeof item === 'object' ? item.keyPath : undefined,
+        });
       }
     }
   }
 
-  const workerCount = Math.min(concurrency > 0 ? concurrency : DEFAULT_CONCURRENCY, batch.length);
+  const workerCount = Math.min(
+    clampProviderConcurrency(concurrency, options.provider, DEFAULT_CONCURRENCY),
+    batch.length
+  );
   const workers = Array.from({ length: workerCount }, () => worker());
 
   await Promise.all(workers);
@@ -294,6 +319,9 @@ module.exports = {
   translateText,
   translateBatch,
   DEFAULT_CONCURRENCY,
+  PROVIDER_CONCURRENCY_LIMITS,
+  getProviderConcurrencyLimit,
+  clampProviderConcurrency,
   DEFAULT_RETRY_COUNT,
   DEFAULT_RETRY_DELAY,
 };

package/utils/translate/placeholder.js

@@ -1,4 +1,5 @@
 const DEFAULT_PLACEHOLDER_PATTERNS = [
+  /\$t\([^)]+\)/g,            // $t(common.save) - i18next nested translation refs
   /\{\{[^}]+\}\}/g,         // {{variable}} - double curly (Handlebars, Mustache)
   /\{[a-zA-Z_]\w*\}/g,       // {name} - single curly (i18next, Python format named)
   /\{\d+\}/g,                // {0} - indexed curly
@@ -6,12 +7,41 @@ const DEFAULT_PLACEHOLDER_PATTERNS = [
   /:[a-zA-Z_]\w*/g,          // :param - colon-style (Rails, Swift)
   /%\{[a-zA-Z_]\w*\}/g,      // %{name} - Ruby/Perl named
   /%\([a-zA-Z_]\w*\)[sd]/g,  // %(name)s - Python named format (with type)
+  /%\([a-zA-Z_]\w*\)(?:[#+\- 0,(]*\d*(?:\.\d+)?)?[bcdeEfFgGnosxX]/g, // %(total).2f
   /\$\{[a-zA-Z_]\w*\}/g,     // ${variable} - JS template literal style
   /<[a-zA-Z_]\w*>/g,         // <name> - XML/HTML-style
   /@[a-zA-Z_]\w*/g,          // @param - Java/Spring-style
   /&[a-zA-Z_]\w*;?/g,        // &amp; HTML entity style (careful, broad match)
 ];
 
+function findIcuPlaceholders(value) {
+  const matches = [];
+  const starter = /\{[a-zA-Z_]\w*\s*,\s*(?:plural|select|selectordinal)\s*,/g;
+  let match;
+
+  while ((match = starter.exec(value)) !== null) {
+    let depth = 0;
+    for (let index = match.index; index < value.length; index++) {
+      const char = value[index];
+      if (char === '{') depth++;
+      else if (char === '}') {
+        depth--;
+        if (depth === 0) {
+          matches.push({
+            start: match.index,
+            end: index + 1,
+            value: value.slice(match.index, index + 1),
+          });
+          starter.lastIndex = index + 1;
+          break;
+        }
+      }
+    }
+  }
+
+  return matches;
+}
+
 function compilePatterns(customPatterns) {
   const patterns = [...DEFAULT_PLACEHOLDER_PATTERNS];
   if (customPatterns) {
@@ -39,6 +69,9 @@ function detectPlaceholders(value, customPatterns) {
   if (!value || typeof value !== 'string') return [];
   const patterns = compilePatterns(customPatterns);
   const found = new Set();
+  for (const match of findIcuPlaceholders(value)) {
+    found.add(match.value);
+  }
   for (const pattern of patterns) {
     pattern.lastIndex = 0;
     const matches = value.match(pattern);
@@ -51,6 +84,7 @@ function detectPlaceholders(value, customPatterns) {
 
 function hasPlaceholders(value, customPatterns) {
   if (!value || typeof value !== 'string') return false;
+  if (findIcuPlaceholders(value).length > 0) return true;
   const patterns = compilePatterns(customPatterns);
   for (const pattern of patterns) {
     pattern.lastIndex = 0;
@@ -65,7 +99,7 @@ function splitByPlaceholders(value, customPatterns) {
   }
 
   const patterns = compilePatterns(customPatterns);
-  const matches = [];
+  const matches = findIcuPlaceholders(value);
 
   for (const pattern of patterns) {
     pattern.lastIndex = 0;
@@ -121,6 +155,12 @@ function maskPlaceholders(value, customPatterns) {
   const map = new Map();
   let idx = 0;
   let masked = value;
+  for (const match of findIcuPlaceholders(value)) {
+    const ph = `\uE000${idx}\uE001`;
+    map.set(ph, match.value);
+    idx++;
+    masked = masked.split(match.value).join(ph);
+  }
   for (const pattern of patterns) {
     pattern.lastIndex = 0;
     masked = masked.replace(pattern, (match) => {
@@ -146,6 +186,7 @@ module.exports = {
   DEFAULT_PLACEHOLDER_PATTERNS,
   compilePatterns,
   detectPlaceholders,
+  findIcuPlaceholders,
   hasPlaceholders,
   splitByPlaceholders,
   maskPlaceholders,

package/utils/translate/protection.js

@@ -75,10 +75,15 @@ function parseContextString(context) {
     return { mode: 'before', words };
   }
 
-  const surroundedMatch = trimmed.match(/^surrounded:(.+),(.+)$/i);
-  if (surroundedMatch) {
-    const leftWords = surroundedMatch[1].split('|').map(w => w.trim()).filter(Boolean);
-    const rightWords = surroundedMatch[2].split('|').map(w => w.trim()).filter(Boolean);
+  const prefix = trimmed.substring(0, 'surrounded:'.length);
+  if (prefix.toLowerCase() === 'surrounded:') {
+    const rest = trimmed.substring('surrounded:'.length);
+    const idx = rest.indexOf(',');
+    if (idx === -1) return null;
+    const left = rest.slice(0, idx).trim();
+    const right = rest.slice(idx + 1).trim();
+    const leftWords = left.split('|').map(w => w.trim()).filter(Boolean);
+    const rightWords = right.split('|').map(w => w.trim()).filter(Boolean);
     if (leftWords.length === 0 || rightWords.length === 0) return null;
     return { mode: 'surrounded', left: leftWords, right: rightWords };
   }
@@ -243,7 +248,7 @@ function shouldPreserveWholeValue(keyPath, value, protection) {
   if (protection.keys.some(rule => keyMatchesRule(keyPath, rule))) return true;
   const valueText = String(value);
   return protection.values.includes(valueText) ||
-    (protection.normalizedTerms || []).some(rule => rule.value === valueText);
+    (protection.normalizedTerms || []).some(rule => rule.type === 'global' && rule.value === valueText);
 }
 
 function addReplacement(replacements, original) {
@@ -261,27 +266,27 @@ function shouldProtectInContext(value, rule, index, fullText) {
 
   if (context.mode === 'after') {
     const alternation = context.words.map(escapeRegExp).join('|');
-    const regex = new RegExp(`\\b(${alternation})\\s+$`, 'i');
+    const regex = new RegExp(`(^|[\\s\\p{P}])(${alternation})\\s+$`, 'iu');
     return regex.test(before);
   }
 
   if (context.mode === 'before') {
     const alternation = context.words.map(escapeRegExp).join('|');
-    const regex = new RegExp(`^\\s+(${alternation})\\b`, 'i');
+    const regex = new RegExp(`^\\s+(${alternation})([\\s\\p{P}]|$)`, 'iu');
     return regex.test(after);
   }
 
   if (context.mode === 'standalone') {
-    const isBoundaryBefore = before === '' || /\s$/.test(before);
-    const isBoundaryAfter = after === '' || /^[\s.,!?;:]/.test(after);
+    const isBoundaryBefore = before === '' || /(?:\s|\(|\[|\{|"|'|\-|–|—|。|、|」)$/.test(before);
+    const isBoundaryAfter = after === '' || /^[\s.,!?;:)\]}<>"'\-–—。、」]/.test(after);
     return isBoundaryBefore && isBoundaryAfter;
   }
 
   if (context.mode === 'surrounded') {
     const leftAlternation = context.left.map(escapeRegExp).join('|');
     const rightAlternation = context.right.map(escapeRegExp).join('|');
-    const leftRegex = new RegExp(`\\b(${leftAlternation})\\s+$`, 'i');
-    const rightRegex = new RegExp(`^\\s+(${rightAlternation})\\b`, 'i');
+    const leftRegex = new RegExp(`(^|[\\s\\p{P}])(${leftAlternation})\\s+$`, 'iu');
+    const rightRegex = new RegExp(`^\\s+(${rightAlternation})([\\s\\p{P}]|$)`, 'iu');
     return leftRegex.test(before) && rightRegex.test(after);
   }
 
@@ -361,7 +366,7 @@ function hasProtectionRules(protection) {
     protection &&
     (
       (protection.normalizedTerms && protection.normalizedTerms.length) ||
-      protection.terms.length ||
+      (protection.terms && protection.terms.length) ||
       protection.keys.length ||
       protection.values.length ||
       protection.patterns.length

package/utils/translate/report.js

@@ -104,10 +104,11 @@ function writeReport(reportText, filePath) {
   }
 }
 
-function formatSummaryLine(skippedCount, translatedCount, totalCount, placeholderProtected = 0, protectedSkipped = 0) {
+function formatSummaryLine(skippedCount, translatedCount, totalCount, placeholderProtected = 0, protectedSkipped = 0, existingKept = 0) {
   const protectedPart = placeholderProtected > 0 ? `, ${placeholderProtected} placeholder-safe` : '';
   const glossaryPart = protectedSkipped > 0 ? `, ${protectedSkipped} protected` : '';
-  return `[translate] ${translatedCount} translated${protectedPart}${glossaryPart}, ${skippedCount} skipped (of ${totalCount} total keys)`;
+  const existingPart = existingKept > 0 ? `, ${existingKept} existing kept` : '';
+  return `[translate] ${translatedCount} translated${protectedPart}${glossaryPart}${existingPart}, ${skippedCount} skipped (of ${totalCount} total keys)`;
 }
 
 module.exports = {

package/utils/translate/safe-network.js

@@ -31,14 +31,34 @@ function isPrivateIPv4(hostname) {
     || a === 0;
 }
 
+function isPrivateIPv6(hostname) {
+  const normalized = String(hostname || '').trim().toLowerCase().replace(/^\[|\]$/g, '').replace(/\.$/, '');
+  if (normalized === '::1') return true;
+  if (normalized.startsWith('fe80:') || normalized.startsWith('fc') || normalized.startsWith('fd')) return true;
+
+  const mapped = normalized.match(/^::ffff:(?:(\d{1,3}(?:\.\d{1,3}){3})|([0-9a-f]+:[0-9a-f]+))$/i);
+  if (!mapped) return false;
+  if (mapped[1]) return isPrivateIPv4(mapped[1]);
+
+  const parts = mapped[2].split(':');
+  if (parts.length !== 2) return false;
+  const high = Number.parseInt(parts[0], 16);
+  const low = Number.parseInt(parts[1], 16);
+  if (!Number.isInteger(high) || !Number.isInteger(low)) return false;
+  const ipv4 = [
+    (high >> 8) & 0xff,
+    high & 0xff,
+    (low >> 8) & 0xff,
+    low & 0xff,
+  ].join('.');
+  return isPrivateIPv4(ipv4);
+}
+
 function isPrivateHost(hostname) {
   const normalized = String(hostname || '').trim().toLowerCase().replace(/^\[|\]$/g, '').replace(/\.$/, '');
   return normalized === 'localhost'
     || normalized.endsWith('.localhost')
-    || normalized === '::1'
-    || normalized.startsWith('fe80:')
-    || normalized.startsWith('fc')
-    || normalized.startsWith('fd')
+    || isPrivateIPv6(normalized)
     || isPrivateIPv4(normalized);
 }