mcp4openapi 0.3.1 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (152) hide show
  1. package/README.md +7 -0
  2. package/dist/src/core/cli-config.d.ts.map +1 -1
  3. package/dist/src/core/cli-config.js +2 -0
  4. package/dist/src/core/cli-config.js.map +1 -1
  5. package/dist/src/core/index.d.ts.map +1 -1
  6. package/dist/src/core/index.js +18 -3
  7. package/dist/src/core/index.js.map +1 -1
  8. package/dist/src/index.js +0 -0
  9. package/dist/src/profile/profile-allowlist.d.ts +18 -0
  10. package/dist/src/profile/profile-allowlist.d.ts.map +1 -0
  11. package/dist/src/profile/profile-allowlist.js +68 -0
  12. package/dist/src/profile/profile-allowlist.js.map +1 -0
  13. package/dist/src/profile/profile-registry.d.ts +5 -0
  14. package/dist/src/profile/profile-registry.d.ts.map +1 -1
  15. package/dist/src/profile/profile-registry.js +38 -14
  16. package/dist/src/profile/profile-registry.js.map +1 -1
  17. package/package.json +2 -2
  18. package/profiles/gitlab/developer-profile-oauth.json +243 -41
  19. package/profiles/gitlab/developer-profile-oauth.test.json +1009 -5
  20. package/profiles/gitlab/openapi.yaml +1419 -164
  21. package/profiles/gitlab/profile-optimized-oauth.json +785 -0
  22. package/profiles/gitlab/profile-optimized-oauth.test.json +1566 -0
  23. package/profiles/grafana/openapi.json +28078 -0
  24. package/profiles/grafana/profile.json +1083 -0
  25. package/profiles/grafana/profile.test.json +235 -0
  26. package/profiles/mattermost/openapi.yaml +27434 -0
  27. package/profiles/mattermost/profile.json +463 -0
  28. package/profiles/mattermost/profile.test.json +607 -0
  29. package/profiles/n8n/profile-optimized.json +1002 -364
  30. package/profiles/n8n/profile-optimized.test.json +43 -43
  31. package/dist/src/argument-normalizer.d.ts +0 -5
  32. package/dist/src/argument-normalizer.d.ts.map +0 -1
  33. package/dist/src/argument-normalizer.js +0 -61
  34. package/dist/src/argument-normalizer.js.map +0 -1
  35. package/dist/src/cli-config.d.ts +0 -9
  36. package/dist/src/cli-config.d.ts.map +0 -1
  37. package/dist/src/cli-config.js +0 -111
  38. package/dist/src/cli-config.js.map +0 -1
  39. package/dist/src/composite-executor.d.ts +0 -77
  40. package/dist/src/composite-executor.d.ts.map +0 -1
  41. package/dist/src/composite-executor.js +0 -193
  42. package/dist/src/composite-executor.js.map +0 -1
  43. package/dist/src/constants.d.ts +0 -85
  44. package/dist/src/constants.d.ts.map +0 -1
  45. package/dist/src/constants.js +0 -85
  46. package/dist/src/constants.js.map +0 -1
  47. package/dist/src/dag-executor.d.ts +0 -49
  48. package/dist/src/dag-executor.d.ts.map +0 -1
  49. package/dist/src/dag-executor.js +0 -138
  50. package/dist/src/dag-executor.js.map +0 -1
  51. package/dist/src/errors.d.ts +0 -59
  52. package/dist/src/errors.d.ts.map +0 -1
  53. package/dist/src/errors.js +0 -119
  54. package/dist/src/errors.js.map +0 -1
  55. package/dist/src/filtering.d.ts +0 -19
  56. package/dist/src/filtering.d.ts.map +0 -1
  57. package/dist/src/filtering.js +0 -292
  58. package/dist/src/filtering.js.map +0 -1
  59. package/dist/src/http-client-factory.d.ts +0 -62
  60. package/dist/src/http-client-factory.d.ts.map +0 -1
  61. package/dist/src/http-client-factory.js +0 -133
  62. package/dist/src/http-client-factory.js.map +0 -1
  63. package/dist/src/http-transport-config.d.ts +0 -6
  64. package/dist/src/http-transport-config.d.ts.map +0 -1
  65. package/dist/src/http-transport-config.js +0 -47
  66. package/dist/src/http-transport-config.js.map +0 -1
  67. package/dist/src/http-transport.d.ts +0 -316
  68. package/dist/src/http-transport.d.ts.map +0 -1
  69. package/dist/src/http-transport.js +0 -2412
  70. package/dist/src/http-transport.js.map +0 -1
  71. package/dist/src/interceptors.d.ts +0 -116
  72. package/dist/src/interceptors.d.ts.map +0 -1
  73. package/dist/src/interceptors.js +0 -392
  74. package/dist/src/interceptors.js.map +0 -1
  75. package/dist/src/jsonrpc-validator.d.ts +0 -27
  76. package/dist/src/jsonrpc-validator.d.ts.map +0 -1
  77. package/dist/src/jsonrpc-validator.js +0 -58
  78. package/dist/src/jsonrpc-validator.js.map +0 -1
  79. package/dist/src/logger.d.ts +0 -59
  80. package/dist/src/logger.d.ts.map +0 -1
  81. package/dist/src/logger.js +0 -177
  82. package/dist/src/logger.js.map +0 -1
  83. package/dist/src/mcp-server-manager.d.ts +0 -20
  84. package/dist/src/mcp-server-manager.d.ts.map +0 -1
  85. package/dist/src/mcp-server-manager.js +0 -38
  86. package/dist/src/mcp-server-manager.js.map +0 -1
  87. package/dist/src/mcp-server.d.ts +0 -203
  88. package/dist/src/mcp-server.d.ts.map +0 -1
  89. package/dist/src/mcp-server.js +0 -1369
  90. package/dist/src/mcp-server.js.map +0 -1
  91. package/dist/src/metrics.d.ts +0 -97
  92. package/dist/src/metrics.d.ts.map +0 -1
  93. package/dist/src/metrics.js +0 -273
  94. package/dist/src/metrics.js.map +0 -1
  95. package/dist/src/naming-warnings.d.ts +0 -23
  96. package/dist/src/naming-warnings.d.ts.map +0 -1
  97. package/dist/src/naming-warnings.js +0 -83
  98. package/dist/src/naming-warnings.js.map +0 -1
  99. package/dist/src/naming.d.ts +0 -58
  100. package/dist/src/naming.d.ts.map +0 -1
  101. package/dist/src/naming.js +0 -510
  102. package/dist/src/naming.js.map +0 -1
  103. package/dist/src/oauth-provider.d.ts +0 -131
  104. package/dist/src/oauth-provider.d.ts.map +0 -1
  105. package/dist/src/oauth-provider.js +0 -836
  106. package/dist/src/oauth-provider.js.map +0 -1
  107. package/dist/src/openapi-parser.d.ts +0 -70
  108. package/dist/src/openapi-parser.d.ts.map +0 -1
  109. package/dist/src/openapi-parser.js +0 -436
  110. package/dist/src/openapi-parser.js.map +0 -1
  111. package/dist/src/profile-loader.d.ts +0 -78
  112. package/dist/src/profile-loader.d.ts.map +0 -1
  113. package/dist/src/profile-loader.js +0 -483
  114. package/dist/src/profile-loader.js.map +0 -1
  115. package/dist/src/profile-registry.d.ts +0 -18
  116. package/dist/src/profile-registry.d.ts.map +0 -1
  117. package/dist/src/profile-registry.js +0 -26
  118. package/dist/src/profile-registry.js.map +0 -1
  119. package/dist/src/profile-resolver.d.ts +0 -19
  120. package/dist/src/profile-resolver.d.ts.map +0 -1
  121. package/dist/src/profile-resolver.js +0 -167
  122. package/dist/src/profile-resolver.js.map +0 -1
  123. package/dist/src/proxy-executor.d.ts +0 -86
  124. package/dist/src/proxy-executor.d.ts.map +0 -1
  125. package/dist/src/proxy-executor.js +0 -497
  126. package/dist/src/proxy-executor.js.map +0 -1
  127. package/dist/src/schema-validator.d.ts +0 -30
  128. package/dist/src/schema-validator.d.ts.map +0 -1
  129. package/dist/src/schema-validator.js +0 -128
  130. package/dist/src/schema-validator.js.map +0 -1
  131. package/dist/src/startup-profile.d.ts +0 -17
  132. package/dist/src/startup-profile.d.ts.map +0 -1
  133. package/dist/src/startup-profile.js +0 -30
  134. package/dist/src/startup-profile.js.map +0 -1
  135. package/dist/src/startup-validation.d.ts +0 -11
  136. package/dist/src/startup-validation.d.ts.map +0 -1
  137. package/dist/src/startup-validation.js +0 -21
  138. package/dist/src/startup-validation.js.map +0 -1
  139. package/dist/src/tool-filter.d.ts +0 -65
  140. package/dist/src/tool-filter.d.ts.map +0 -1
  141. package/dist/src/tool-filter.js +0 -471
  142. package/dist/src/tool-filter.js.map +0 -1
  143. package/dist/src/tool-generator.d.ts +0 -67
  144. package/dist/src/tool-generator.d.ts.map +0 -1
  145. package/dist/src/tool-generator.js +0 -182
  146. package/dist/src/tool-generator.js.map +0 -1
  147. package/dist/src/validation-utils.d.ts +0 -49
  148. package/dist/src/validation-utils.d.ts.map +0 -1
  149. package/dist/src/validation-utils.js +0 -138
  150. package/dist/src/validation-utils.js.map +0 -1
  151. package/profiles/gitlab/developer-profile.json +0 -1508
  152. package/profiles/gitlab/developer-profile.test.json +0 -3432
package/dist/src/tool-generator.js DELETED
@@ -1,182 +0,0 @@
1
- /**
2
- * MCP tool generator from profile definitions
3
- *
4
- * Why: Translates profile config into MCP SDK tool definitions. Handles both
5
- * simple (single operation) and composite (multi-step) tools.
6
- */
7
- export class ToolGenerator {
8
- constructor(parser) {
9
- this.parser = parser;
10
- }
11
- /**
12
- * Generate MCP tool from profile definition
13
- */
14
- generateTool(toolDef) {
15
- const inputSchema = this.generateInputSchema(toolDef);
16
- return {
17
- name: toolDef.name,
18
- description: toolDef.description,
19
- inputSchema,
20
- };
21
- }
22
- /**
23
- * Generate JSON Schema for tool parameters
24
- *
25
- * Why JSON Schema: MCP SDK expects JSON Schema for parameter validation.
26
- * LLM uses schema to understand what parameters are needed.
27
- */
28
- generateInputSchema(toolDef) {
29
- const properties = {};
30
- const required = [];
31
- for (const [name, param] of Object.entries(toolDef.parameters)) {
32
- properties[name] = this.parameterToJsonSchema(param);
33
- // Add to required if unconditionally required
34
- if (param.required) {
35
- required.push(name);
36
- }
37
- // Add conditional requirement hints in description
38
- if (param.required_for && param.required_for.length > 0) {
39
- const existing = properties[name].description || '';
40
- properties[name].description = existing +
41
- ` Required when action is: ${param.required_for.join(', ')}.`;
42
- }
43
- }
44
- return {
45
- type: 'object',
46
- properties,
47
- required: required.length > 0 ? required : undefined,
48
- };
49
- }
50
- /**
51
- * Convert parameter definition to JSON Schema
52
- */
53
- parameterToJsonSchema(param) {
54
- if (Array.isArray(param.type)) {
55
- const oneOf = param.type.map(type => this.parameterTypeToSchema(type, param));
56
- return {
57
- description: param.description,
58
- oneOf,
59
- };
60
- }
61
- const schema = this.parameterTypeToSchema(param.type, param);
62
- schema.description = param.description;
63
- return schema;
64
- }
65
- parameterTypeToSchema(type, param) {
66
- const schema = { type };
67
- if (param.enum) {
68
- schema.enum = param.enum;
69
- }
70
- if (param.default !== undefined) {
71
- schema.default = param.default;
72
- }
73
- if (type === 'array' && param.items) {
74
- schema.items = { type: param.items.type };
75
- }
76
- if (type === 'object') {
77
- // Always include properties for object type (empty {} = free-form object)
78
- schema.properties = param.properties || {};
79
- }
80
- return schema;
81
- }
82
- /**
83
- * Validate tool arguments against parameter definitions
84
- *
85
- * Why manual validation: Checks conditional requirements (required_for)
86
- * which JSON Schema can't express directly.
87
- */
88
- validateArguments(toolDef, args) {
89
- for (const [name, param] of Object.entries(toolDef.parameters)) {
90
- const value = args[name];
91
- // Check unconditional required
92
- if (param.required && value === undefined) {
93
- throw new Error(`Missing required parameter: ${name}`);
94
- }
95
- // Check conditional required
96
- if (param.required_for && param.required_for.length > 0) {
97
- const action = args['action'];
98
- if (action && param.required_for.includes(action) && value === undefined) {
99
- throw new Error(`Parameter '${name}' is required for action '${action}'`);
100
- }
101
- }
102
- // Validate enum
103
- if (value !== undefined && param.enum && !param.enum.includes(String(value))) {
104
- throw new Error(`Invalid value for ${name}. Must be one of: ${param.enum.join(', ')}`);
105
- }
106
- }
107
- }
108
- /**
109
- * Get operation definition (string or ProxyDownloadOperation) for action
110
- *
111
- * Why: Tools can have string operationIds OR proxy_download configs.
112
- * This returns the raw definition before extracting operationId.
113
- */
114
- getOperationDefinition(toolDef, args) {
115
- if (!toolDef.operations)
116
- return undefined;
117
- const action = args['action'];
118
- if (!action) {
119
- // If single operation, use it directly
120
- const operations = Object.values(toolDef.operations);
121
- return operations.length === 1 ? operations[0] : undefined;
122
- }
123
- // For resource_type discrimination (e.g., project vs group)
124
- const resourceType = args['resource_type'];
125
- if (resourceType) {
126
- // Try resource-specific operation first
127
- const key = `${action}_${resourceType}`;
128
- if (toolDef.operations[key]) {
129
- return toolDef.operations[key];
130
- }
131
- }
132
- return toolDef.operations[action];
133
- }
134
- /**
135
- * Map tool action to OpenAPI operation ID
136
- *
137
- * Why: Single tool with 'action' parameter maps to multiple operations.
138
- * Example: manage_badges + action=create => postApiV4ProjectsIdBadges
139
- *
140
- * Note: Returns undefined for ProxyDownloadOperation (not a direct operationId)
141
- */
142
- mapActionToOperation(toolDef, args) {
143
- const op = this.getOperationDefinition(toolDef, args);
144
- return typeof op === 'string' ? op : undefined;
145
- }
146
- /**
147
- * Check if operation requires multipart/form-data
148
- *
149
- * Why: Some operations (file uploads) need FormData instead of JSON body.
150
- * Detected from OpenAPI requestBody.content['multipart/form-data'].
151
- */
152
- isMultipartOperation(operationId) {
153
- const operation = this.parser.getOperation(operationId);
154
- if (!operation?.requestBody?.content)
155
- return false;
156
- return 'multipart/form-data' in operation.requestBody.content;
157
- }
158
- /**
159
- * Build FormData body for file upload
160
- *
161
- * @param args Tool arguments including base64Content or filePath
162
- * @param fileFieldName Field name in FormData (default: 'files[0]')
163
- */
164
- buildFormDataBody(args, fileFieldName = 'files[0]') {
165
- const formData = new FormData();
166
- const base64Content = args['base64Content'];
167
- const fileName = args['fileName'] || 'upload';
168
- const mimeType = args['mimeType'] || 'application/octet-stream';
169
- if (base64Content) {
170
- // Convert base64 to Blob
171
- const binaryString = atob(base64Content);
172
- const bytes = new Uint8Array(binaryString.length);
173
- for (let i = 0; i < binaryString.length; i++) {
174
- bytes[i] = binaryString.charCodeAt(i);
175
- }
176
- const blob = new Blob([bytes], { type: mimeType });
177
- formData.append(fileFieldName, blob, fileName);
178
- }
179
- return formData;
180
- }
181
- }
182
- //# sourceMappingURL=tool-generator.js.map
package/dist/src/tool-generator.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"tool-generator.js","sourceRoot":"","sources":["../../src/tool-generator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,OAAO,aAAa;IACxB,YAAoB,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAE7C;;OAEG;IACH,YAAY,CAAC,OAAuB;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAEtD,OAAO;YACL,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW;SACZ,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACK,mBAAmB,CAAC,OAAuB;QACjD,MAAM,UAAU,GAA4C,EAAE,CAAC;QAC/D,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/D,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAErD,8CAA8C;YAC9C,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACnB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;YAED,mDAAmD;YACnD,IAAI,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxD,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;gBACpD,UAAU,CAAC,IAAI,CAAC,CAAC,WAAW,GAAG,QAAQ;oBACrC,6BAA6B,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YAClE,CAAC;QACH,CAAC;QAED,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,UAAU;YACV,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;SACrD,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,qBAAqB,CAAC,KAA0B;QACtD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YAC9E,OAAO;gBACL,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,KAAK;aACN,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC7D,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC;QACvC,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,qBAAqB,CAC3B,IAAmB,EACnB,KAA0B;QAE1B,MAAM,MAAM,GAA4B,EAAE,IAAI,EAAE,CAAC;QAEjD,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QAC3B,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QACjC,CAAC;QAED,IAAI,IAAI,KAAK,OAAO,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YACpC,MAAM,CAAC,KAAK,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAC5C,CAAC;QAED,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,0EAA0E;YAC1E,MAAM,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;QAC7C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,iBAAiB,CAAC,OAAuB,EAAE,IAA6B;QACtE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;YAEzB,+BAA+B;YAC/B,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBAC1C,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,EAAE,CAAC,CAAC;YACzD,CAAC;YAED,6BAA6B;YAC7B,IAAI,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAuB,CAAC;gBACpD,IAAI,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACzE,MAAM,IAAI,KAAK,CACb,cAAc,IAAI,6BAA6B,MAAM,GAAG,CACzD,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,gBAAgB;YAChB,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBAC7E,MAAM,IAAI,KAAK,CACb,qBAAqB,IAAI,qBAAqB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,sBAAsB,CAAC,OAAuB,EAAE,IAA6B;QAC3E,IAAI,CAAC,OAAO,CAAC,UAAU;YAAE,OAAO,SAAS,CAAC;QAE1C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAuB,CAAC;QAEpD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,uCAAuC;YACvC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACrD,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC7D,CAAC;QAED,4DAA4D;QAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAuB,CAAC;QAEjE,IAAI,YAAY,EAAE,CAAC;YACjB,wCAAwC;YACxC,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,YAAY,EAAE,CAAC;YACxC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;IAED;;;;;;;OAOG;IACH,oBAAoB,CAAC,OAAuB,EAAE,IAA6B;QACzE,MAAM,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACtD,OAAO,OAAO,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACjD,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAAC,WAAmB;QACtC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QACxD,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO;YAAE,OAAO,KAAK,CAAC;QACnD,OAAO,qBAAqB,IAAI,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC;IAChE,CAAC;IAED;;;;;OAKG;IACH,iBAAiB,CAAC,IAA6B,EAAE,aAAa,GAAG,UAAU;QACzE,MAAM,QAAQ,GAAG,IAAI,QAAQ,EAAE,CAAC;QAEhC,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,CAAuB,CAAC;QAClE,MAAM,QAAQ,GAAI,IAAI,CAAC,UAAU,CAAY,IAAI,QAAQ,CAAC;QAC1D,MAAM,QAAQ,GAAI,IAAI,CAAC,UAAU,CAAY,IAAI,0BAA0B,CAAC;QAE5E,IAAI,aAAa,EAAE,CAAC;YAClB,yBAAyB;YACzB,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC7C,KAAK,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACxC,CAAC;YACD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;YACnD,QAAQ,CAAC,MAAM,CAAC,aAAa,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;QACjD,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
package/dist/src/validation-utils.d.ts DELETED
@@ -1,49 +0,0 @@
1
- /**
2
- * Validation utilities for common data types
3
- *
4
- * Why: Provides reusable validation functions for email, URI, and other formats
5
- * Centralizes validation logic and ensures consistency across the application
6
- */
7
- /**
8
- * Validates that a property name is safe to use as dynamic object key.
9
- * Prevents prototype pollution attacks.
10
- */
11
- export declare function isSafePropertyName(name: string): boolean;
12
- /**
13
- * Escape special regex characters in a string.
14
- * Prevents ReDoS attacks when using dynamic strings in RegExp.
15
- */
16
- export declare function escapeRegExp(str: string): string;
17
- /**
18
- * Redact specific header from headers object (case-insensitive)
19
- */
20
- export declare function redactHeader(headers: unknown, headerName: string): Record<string, unknown>;
21
- /**
22
- * Redact query parameter from URL string
23
- */
24
- export declare function redactQueryParam(url: string | undefined, paramName: string): string;
25
- /**
26
- * Redact parameter from params object
27
- */
28
- export declare function redactParam(params: unknown, paramName: string): Record<string, unknown>;
29
- /**
30
- * Validates if a string is a valid email address
31
- */
32
- export declare function isEmail(value: string): boolean;
33
- /**
34
- * Validates if a string is a valid URI
35
- */
36
- export declare function isUri(value: string): boolean;
37
- /**
38
- * Escape HTML special characters to prevent XSS attacks
39
- *
40
- * Why: User-provided strings in error messages must be sanitized
41
- * before being returned in JSON responses that might be rendered as HTML.
42
- *
43
- * Uses escape-html library for reliable HTML entity escaping.
44
- *
45
- * @param str - String to escape (can be undefined or null)
46
- * @returns Escaped string safe for HTML rendering, empty string if input is falsy
47
- */
48
- export declare function escapeHtmlSafe(str: string | undefined | null): string;
49
- //# sourceMappingURL=validation-utils.d.ts.map
package/dist/src/validation-utils.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"validation-utils.d.ts","sourceRoot":"","sources":["../../src/validation-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAqBH;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAExD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,MAAM,GACjB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAYzB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,MAAM,GAAG,SAAS,EACvB,SAAS,EAAE,MAAM,GAChB,MAAM,CAiCR;AAED;;GAEG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,OAAO,EACf,SAAS,EAAE,MAAM,GAChB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CASzB;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE9C;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAO5C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CAGrE"}
package/dist/src/validation-utils.js DELETED
@@ -1,138 +0,0 @@
1
- /**
2
- * Validation utilities for common data types
3
- *
4
- * Why: Provides reusable validation functions for email, URI, and other formats
5
- * Centralizes validation logic and ensures consistency across the application
6
- */
7
- import escapeHtml from 'escape-html';
8
- /** Property names that must never be used as dynamic object keys */
9
- const FORBIDDEN_PROPERTY_NAMES = new Set([
10
- '__proto__',
11
- 'constructor',
12
- 'prototype',
13
- '__defineGetter__',
14
- '__defineSetter__',
15
- '__lookupGetter__',
16
- '__lookupSetter__',
17
- 'hasOwnProperty',
18
- 'isPrototypeOf',
19
- 'propertyIsEnumerable',
20
- 'toLocaleString',
21
- 'toString',
22
- 'valueOf',
23
- ]);
24
- /**
25
- * Validates that a property name is safe to use as dynamic object key.
26
- * Prevents prototype pollution attacks.
27
- */
28
- export function isSafePropertyName(name) {
29
- return !FORBIDDEN_PROPERTY_NAMES.has(name);
30
- }
31
- /**
32
- * Escape special regex characters in a string.
33
- * Prevents ReDoS attacks when using dynamic strings in RegExp.
34
- */
35
- export function escapeRegExp(str) {
36
- return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
37
- }
38
- /**
39
- * Redact specific header from headers object (case-insensitive)
40
- */
41
- export function redactHeader(headers, headerName) {
42
- if (!headers || typeof headers !== 'object')
43
- return {};
44
- const redacted = { ...headers };
45
- for (const key of Object.keys(redacted)) {
46
- if (key.toLowerCase() === headerName.toLowerCase()) {
47
- redacted[key] = '[REDACTED]';
48
- }
49
- }
50
- return redacted;
51
- }
52
- /**
53
- * Redact query parameter from URL string
54
- */
55
- export function redactQueryParam(url, paramName) {
56
- if (!url)
57
- return '';
58
- // Enforce safe paramName (alphanumeric, underscore, dash) length <= 64
59
- if (!/^[A-Za-z0-9_-]{1,64}$/.test(paramName)) {
60
- return url; // Unsafe param name; return original unmodified
61
- }
62
- try {
63
- const urlObj = new URL(url);
64
- if (urlObj.searchParams.has(paramName)) {
65
- urlObj.searchParams.set(paramName, '[REDACTED]');
66
- }
67
- return urlObj.toString();
68
- }
69
- catch {
70
- // Fallback: manual parsing without dynamic RegExp to avoid ReDoS concerns
71
- // Split on '?' then process query string key-value pairs
72
- const qIndex = url.indexOf('?');
73
- if (qIndex === -1)
74
- return url;
75
- const base = url.substring(0, qIndex);
76
- const query = url.substring(qIndex + 1);
77
- const parts = query.split('&');
78
- const redactedParts = parts.map(part => {
79
- const eqIndex = part.indexOf('=');
80
- if (eqIndex === -1)
81
- return part; // skip malformed segment
82
- const key = part.substring(0, eqIndex);
83
- if (key === paramName) {
84
- // Encode [REDACTED] for consistency with URLSearchParams behavior
85
- return key + '=%5BREDACTED%5D';
86
- }
87
- return part;
88
- });
89
- return base + '?' + redactedParts.join('&');
90
- }
91
- }
92
- /**
93
- * Redact parameter from params object
94
- */
95
- export function redactParam(params, paramName) {
96
- if (!params || typeof params !== 'object')
97
- return {};
98
- const redacted = { ...params };
99
- if (paramName in redacted) {
100
- redacted[paramName] = '[REDACTED]';
101
- }
102
- return redacted;
103
- }
104
- /**
105
- * Validates if a string is a valid email address
106
- */
107
- export function isEmail(value) {
108
- return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(value);
109
- }
110
- /**
111
- * Validates if a string is a valid URI
112
- */
113
- export function isUri(value) {
114
- try {
115
- new URL(value);
116
- return true;
117
- }
118
- catch {
119
- return false;
120
- }
121
- }
122
- /**
123
- * Escape HTML special characters to prevent XSS attacks
124
- *
125
- * Why: User-provided strings in error messages must be sanitized
126
- * before being returned in JSON responses that might be rendered as HTML.
127
- *
128
- * Uses escape-html library for reliable HTML entity escaping.
129
- *
130
- * @param str - String to escape (can be undefined or null)
131
- * @returns Escaped string safe for HTML rendering, empty string if input is falsy
132
- */
133
- export function escapeHtmlSafe(str) {
134
- if (!str)
135
- return '';
136
- return escapeHtml(String(str));
137
- }
138
- //# sourceMappingURL=validation-utils.js.map
package/dist/src/validation-utils.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"validation-utils.js","sourceRoot":"","sources":["../../src/validation-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,UAAU,MAAM,aAAa,CAAC;AAErC,oEAAoE;AACpE,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC;IACvC,WAAW;IACX,aAAa;IACb,WAAW;IACX,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,eAAe;IACf,sBAAsB;IACtB,gBAAgB;IAChB,UAAU;IACV,SAAS;CACV,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,OAAO,CAAC,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAgB,EAChB,UAAkB;IAElB,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEvD,MAAM,QAAQ,GAAG,EAAE,GAAI,OAAmC,EAAE,CAAC;IAE7D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YACnD,QAAQ,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,GAAuB,EACvB,SAAiB;IAEjB,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,uEAAuE;IACvE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7C,OAAO,GAAG,CAAC,CAAC,gDAAgD;IAC9D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;QAC1E,yDAAyD;QACzD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,MAAM,KAAK,CAAC,CAAC;YAAE,OAAO,GAAG,CAAC;QAC9B,MAAM,IAAI,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YACrC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,OAAO,KAAK,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC,CAAC,yBAAyB;YAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YACvC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,kEAAkE;gBAClE,OAAO,GAAG,GAAG,iBAAiB,CAAC;YACjC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,GAAG,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,MAAe,EACf,SAAiB;IAEjB,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAG,EAAE,GAAI,MAAkC,EAAE,CAAC;IAC5D,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;QAC1B,QAAQ,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACrC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,OAAO,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,KAAK,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAAC,GAA8B;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC"}