mobilecoder-mcp 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/dist/adapters/cli-adapter.d.ts +13 -0
  2. package/dist/adapters/cli-adapter.d.ts.map +1 -0
  3. package/dist/adapters/cli-adapter.js +62 -0
  4. package/dist/adapters/cli-adapter.js.map +1 -0
  5. package/dist/agent.d.ts +10 -0
  6. package/dist/agent.d.ts.map +1 -0
  7. package/dist/agent.js +63 -0
  8. package/dist/agent.js.map +1 -0
  9. package/dist/index.d.ts +3 -0
  10. package/dist/index.d.ts.map +1 -0
  11. package/dist/index.js +175 -0
  12. package/dist/index.js.map +1 -0
  13. package/dist/mcp-handler.d.ts +3 -0
  14. package/dist/mcp-handler.d.ts.map +1 -0
  15. package/dist/mcp-handler.js +317 -0
  16. package/dist/mcp-handler.js.map +1 -0
  17. package/dist/security.d.ts +52 -0
  18. package/dist/security.d.ts.map +1 -0
  19. package/dist/security.js +307 -0
  20. package/dist/security.js.map +1 -0
  21. package/dist/tool-detector.d.ts +18 -0
  22. package/dist/tool-detector.d.ts.map +1 -0
  23. package/dist/tool-detector.js +130 -0
  24. package/dist/tool-detector.js.map +1 -0
  25. package/dist/webrtc.d.ts +20 -0
  26. package/dist/webrtc.d.ts.map +1 -0
  27. package/dist/webrtc.js +152 -0
  28. package/dist/webrtc.js.map +1 -0
  29. package/package.json +35 -0
  30. package/src/adapters/cli-adapter.ts +73 -0
  31. package/src/agent.ts +71 -0
  32. package/src/index.ts +162 -0
  33. package/src/mcp-handler.ts +324 -0
  34. package/src/security.ts +294 -0
  35. package/src/tool-detector.ts +110 -0
  36. package/src/webrtc.ts +156 -0
  37. package/tsconfig.json +21 -0
package/dist/mcp-handler.js ADDED
@@ -0,0 +1,317 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.setupMCPServer = setupMCPServer;
37
+ const index_1 = require("@modelcontextprotocol/sdk/server/index");
38
+ const stdio_1 = require("@modelcontextprotocol/sdk/server/stdio");
39
+ const types_1 = require("@modelcontextprotocol/sdk/types");
40
+ const security_1 = require("./security");
41
+ const fs = __importStar(require("fs"));
42
+ const path = __importStar(require("path"));
43
+ // Queue to store commands received from mobile
44
+ const commandQueue = [];
45
+ async function setupMCPServer(webrtc) {
46
+ // Create MCP server
47
+ const server = new index_1.Server({
48
+ name: 'mobile-coder-mcp',
49
+ version: '1.0.0',
50
+ }, {
51
+ capabilities: {
52
+ tools: {},
53
+ },
54
+ });
55
+ // Set up error handling
56
+ server.onerror = (error) => {
57
+ console.error('[MCP Error]', error);
58
+ security_1.securityLogger.log('mcp_server_error', { error: error.message || 'Unknown error' }, 'medium');
59
+ };
60
+ // List available tools
61
+ server.setRequestHandler(types_1.ListToolsRequestSchema, async () => {
62
+ return {
63
+ tools: [
64
+ {
65
+ name: 'get_next_command',
66
+ description: 'Get next pending command from mobile device',
67
+ inputSchema: {
68
+ type: 'object',
69
+ properties: {},
70
+ },
71
+ },
72
+ {
73
+ name: 'send_message',
74
+ description: 'Send a message or status update to mobile device',
75
+ inputSchema: {
76
+ type: 'object',
77
+ properties: {
78
+ message: {
79
+ type: 'string',
80
+ description: 'The message to send to user',
81
+ },
82
+ },
83
+ required: ['message'],
84
+ },
85
+ },
86
+ {
87
+ name: 'list_directory',
88
+ description: 'List files and directories in a path',
89
+ inputSchema: {
90
+ type: 'object',
91
+ properties: {
92
+ path: {
93
+ type: 'string',
94
+ description: 'The directory path to list (relative to cwd)',
95
+ },
96
+ },
97
+ },
98
+ },
99
+ {
100
+ name: 'read_file',
101
+ description: 'Read contents of a file',
102
+ inputSchema: {
103
+ type: 'object',
104
+ properties: {
105
+ path: {
106
+ type: 'string',
107
+ description: 'The file path to read',
108
+ },
109
+ },
110
+ required: ['path'],
111
+ },
112
+ },
113
+ ],
114
+ };
115
+ });
116
+ // Handle tool calls from MCP (Claude/Cursor)
117
+ server.setRequestHandler(types_1.CallToolRequestSchema, async (request) => {
118
+ const { name, arguments: args } = request.params;
119
+ if (name === 'get_next_command') {
120
+ const command = commandQueue.shift();
121
+ if (!command) {
122
+ return { content: [{ type: 'text', text: 'No pending commands.' }] };
123
+ }
124
+ return { content: [{ type: 'text', text: command }] };
125
+ }
126
+ if (name === 'send_message') {
127
+ const message = args?.message;
128
+ if (!message) {
129
+ return { content: [{ type: 'text', text: 'Error: Message is required' }], isError: true };
130
+ }
131
+ // Sanitize message content
132
+ const sanitizedMessage = (0, security_1.sanitizeInput)(message);
133
+ // Check if message contains diff data
134
+ if (typeof args === 'object' && args.diff) {
135
+ webrtc.send({
136
+ type: 'result',
137
+ data: {
138
+ diff: args.diff,
139
+ oldCode: args.oldCode,
140
+ newCode: args.newCode,
141
+ fileName: args.fileName
142
+ },
143
+ timestamp: Date.now()
144
+ });
145
+ }
146
+ else {
147
+ webrtc.send({ type: 'result', data: sanitizedMessage, timestamp: Date.now() });
148
+ }
149
+ return { content: [{ type: 'text', text: `Message sent to mobile: ${typeof args === 'object' ? 'Diff data' : sanitizedMessage}` }] };
150
+ }
151
+ if (name === 'list_directory') {
152
+ try {
153
+ const requestId = (0, security_1.generateSecureToken)(16);
154
+ const fileList = await handleListDirectory(process.cwd(), args, requestId);
155
+ return { content: [{ type: 'text', text: JSON.stringify(fileList) }] };
156
+ }
157
+ catch (error) {
158
+ return { content: [{ type: 'text', text: error.message }], isError: true };
159
+ }
160
+ }
161
+ if (name === 'read_file') {
162
+ try {
163
+ const requestId = (0, security_1.generateSecureToken)(16);
164
+ const content = await handleReadFile(process.cwd(), args, requestId);
165
+ return { content: [{ type: 'text', text: content }] };
166
+ }
167
+ catch (error) {
168
+ return { content: [{ type: 'text', text: error.message }], isError: true };
169
+ }
170
+ }
171
+ return { content: [{ type: 'text', text: `Unknown tool: ${name}` }], isError: true };
172
+ });
173
+ // Connect WebRTC listeners
174
+ webrtc.onConnect(() => {
175
+ console.log('📱 [MCP] Mobile device connected');
176
+ security_1.securityLogger.log('mobile_device_connected', { timestamp: Date.now() }, 'low');
177
+ });
178
+ webrtc.onMessage(async (message) => {
179
+ // Handle command queueing
180
+ if (message.type === 'command' && message.text) {
181
+ const sanitizedCommand = (0, security_1.sanitizeInput)(message.text);
182
+ // Rate limiting
183
+ if (!security_1.rateLimiters.commands.isAllowed('command')) {
184
+ security_1.securityLogger.logRateLimitExceeded('command', 'queue_command');
185
+ webrtc.send({
186
+ type: 'error',
187
+ data: 'Rate limit exceeded. Please try again later.',
188
+ timestamp: Date.now()
189
+ });
190
+ return;
191
+ }
192
+ // Command validation
193
+ const commandValidation = (0, security_1.validateCommand)(sanitizedCommand);
194
+ if (!commandValidation.valid) {
195
+ security_1.securityLogger.logBlockedCommand(sanitizedCommand, commandValidation.error || 'Unknown reason');
196
+ webrtc.send({
197
+ type: 'error',
198
+ data: 'Command blocked for security reasons.',
199
+ timestamp: Date.now()
200
+ });
201
+ return;
202
+ }
203
+ console.log(` [MCP] Queuing command: ${sanitizedCommand}`);
204
+ commandQueue.push(sanitizedCommand);
205
+ }
206
+ // Handle direct tool calls from mobile (for File Explorer)
207
+ if (message.type === 'tool_call') {
208
+ const { tool, data, id } = message;
209
+ console.log(`🛠️ [MCP] Tool call received: ${tool}`, data);
210
+ try {
211
+ let result;
212
+ if (tool === 'list_directory') {
213
+ result = await handleListDirectory(process.cwd(), data, id);
214
+ }
215
+ else if (tool === 'read_file') {
216
+ result = await handleReadFile(process.cwd(), data, id);
217
+ }
218
+ else {
219
+ throw new Error(`Unknown tool: ${tool}`);
220
+ }
221
+ webrtc.send({
222
+ type: 'tool_result',
223
+ id: id, // Echo back ID for correlation
224
+ tool: tool,
225
+ data: result,
226
+ timestamp: Date.now()
227
+ });
228
+ }
229
+ catch (error) {
230
+ console.error(`❌ [MCP] Tool execution failed: ${error.message}`);
231
+ security_1.securityLogger.log('tool_execution_failed', { tool, error: error.message }, 'medium');
232
+ webrtc.send({
233
+ type: 'tool_result',
234
+ id: id,
235
+ tool: tool,
236
+ error: error.message,
237
+ timestamp: Date.now()
238
+ });
239
+ }
240
+ }
241
+ });
242
+ // Start MCP server with stdio transport
243
+ const transport = new stdio_1.StdioServerTransport();
244
+ await server.connect(transport);
245
+ console.log('✅ MCP Server initialized (stdio transport)');
246
+ security_1.securityLogger.log('mcp_server_started', { timestamp: Date.now() }, 'low');
247
+ }
248
+ // Helper functions for file system operations
249
+ async function handleListDirectory(cwd, args, requestId) {
250
+ const dirPath = args?.path || '.';
251
+ const sanitizedPath = (0, security_1.sanitizePath)(dirPath);
252
+ // Rate limiting
253
+ if (!security_1.rateLimiters.fileOperations.isAllowed(requestId || 'unknown')) {
254
+ security_1.securityLogger.logRateLimitExceeded(requestId || 'unknown', 'list_directory');
255
+ throw new Error('Rate limit exceeded for directory operations');
256
+ }
257
+ // Security validation
258
+ const pathValidation = (0, security_1.validatePath)(sanitizedPath, cwd);
259
+ if (!pathValidation.valid) {
260
+ security_1.securityLogger.logPathTraversal(sanitizedPath, path.resolve(cwd, sanitizedPath));
261
+ throw new Error(`Access denied: ${pathValidation.error}`);
262
+ }
263
+ try {
264
+ const stats = await fs.promises.stat(path.resolve(cwd, sanitizedPath));
265
+ if (!stats.isDirectory()) {
266
+ throw new Error('Path is not a directory');
267
+ }
268
+ const files = await fs.promises.readdir(path.resolve(cwd, sanitizedPath), { withFileTypes: true });
269
+ const fileList = files.map((f) => ({
270
+ name: f.name,
271
+ isDirectory: f.isDirectory(),
272
+ path: path.join(sanitizedPath, f.name).replace(/\\/g, '/'), // Normalize paths
273
+ }));
274
+ // Sort: directories first, then files
275
+ fileList.sort((a, b) => {
276
+ if (a.isDirectory === b.isDirectory) {
277
+ return a.name.localeCompare(b.name);
278
+ }
279
+ return a.isDirectory ? -1 : 1;
280
+ });
281
+ return fileList;
282
+ }
283
+ catch (error) {
284
+ security_1.securityLogger.log('directory_list_error', { path: sanitizedPath, error: error.message }, 'medium');
285
+ throw new Error(`Error listing directory: ${error.message}`);
286
+ }
287
+ }
288
+ async function handleReadFile(cwd, args, requestId) {
289
+ const filePath = args?.path;
290
+ if (!filePath)
291
+ throw new Error('Path is required');
292
+ const sanitizedPath = (0, security_1.sanitizePath)(filePath);
293
+ // Rate limiting
294
+ if (!security_1.rateLimiters.fileOperations.isAllowed(requestId || 'unknown')) {
295
+ security_1.securityLogger.logRateLimitExceeded(requestId || 'unknown', 'read_file');
296
+ throw new Error('Rate limit exceeded for file operations');
297
+ }
298
+ // Security validation
299
+ const fileValidation = (0, security_1.validateFile)(sanitizedPath, cwd);
300
+ if (!fileValidation.valid) {
301
+ security_1.securityLogger.log('file_access_denied', { path: sanitizedPath, reason: fileValidation.error }, 'high');
302
+ throw new Error(`Access denied: ${fileValidation.error}`);
303
+ }
304
+ try {
305
+ const fullPath = path.resolve(cwd, sanitizedPath);
306
+ const stats = await fs.promises.stat(fullPath);
307
+ if (stats.isDirectory()) {
308
+ throw new Error('Path is a directory, not a file');
309
+ }
310
+ return await fs.promises.readFile(fullPath, 'utf-8');
311
+ }
312
+ catch (error) {
313
+ security_1.securityLogger.log('file_read_error', { path: sanitizedPath, error: error.message }, 'medium');
314
+ throw new Error(`Error reading file: ${error.message}`);
315
+ }
316
+ }
317
+ //# sourceMappingURL=mcp-handler.js.map
package/dist/mcp-handler.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"mcp-handler.js","sourceRoot":"","sources":["../src/mcp-handler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwBA,wCA4NC;AApPD,kEAAgE;AAChE,kEAA8E;AAC9E,2DAGyC;AAEzC,yCASoB;AACpB,uCAAyB;AACzB,2CAA6B;AAG7B,+CAA+C;AAC/C,MAAM,YAAY,GAAa,EAAE,CAAC;AAE3B,KAAK,UAAU,cAAc,CAAC,MAAwB;IAC3D,oBAAoB;IACpB,MAAM,MAAM,GAAG,IAAI,cAAM,CACvB;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;SACV;KACF,CACF,CAAC;IAEF,wBAAwB;IACxB,MAAM,CAAC,OAAO,GAAG,CAAC,KAAU,EAAE,EAAE;QAC9B,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;QACpC,yBAAc,CAAC,GAAG,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,IAAI,eAAe,EAAE,EAAE,QAAQ,CAAC,CAAC;IAChG,CAAC,CAAC;IAEF,uBAAuB;IACvB,MAAM,CAAC,iBAAiB,CAAC,8BAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO;YACL,KAAK,EAAE;gBACL;oBACE,IAAI,EAAE,kBAAkB;oBACxB,WAAW,EAAE,6CAA6C;oBAC1D,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE,EAAE;qBACf;iBACF;gBACD;oBACE,IAAI,EAAE,cAAc;oBACpB,WAAW,EAAE,kDAAkD;oBAC/D,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,OAAO,EAAE;gCACP,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,6BAA6B;6BAC3C;yBACF;wBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;qBACtB;iBACF;gBACD;oBACE,IAAI,EAAE,gBAAgB;oBACtB,WAAW,EAAE,sCAAsC;oBACnD,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,IAAI,EAAE;gCACJ,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,8CAA8C;6BAC5D;yBACF;qBACF;iBACF;gBACD;oBACE,IAAI,EAAE,WAAW;oBACjB,WAAW,EAAE,yBAAyB;oBACtC,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,IAAI,EAAE;gCACJ,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,uBAAuB;6BACrC;yBACF;wBACD,QAAQ,EAAE,CAAC,MAAM,CAAC;qBACnB;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,6CAA6C;IAC7C,MAAM,CAAC,iBAAiB,CAAC,6BAAqB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACrE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAEjD,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC;YACrC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,EAAE,CAAC;YACvE,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;QACxD,CAAC;QAED,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAI,IAA6B,EAAE,OAAO,CAAC;YACxD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,4BAA4B,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC5F,CAAC;YAED,2BAA2B;YAC3B,MAAM,gBAAgB,GAAG,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAC;YAEhD,sCAAsC;YACtC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAK,IAAY,CAAC,IAAI,EAAE,CAAC;gBACnD,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE;wBACJ,IAAI,EAAG,IAAY,CAAC,IAAI;wBACxB,OAAO,EAAG,IAAY,CAAC,OAAO;wBAC9B,OAAO,EAAG,IAAY,CAAC,OAAO;wBAC9B,QAAQ,EAAG,IAAY,CAAC,QAAQ;qBACjC;oBACD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACjF,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,2BAA2B,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,gBAAgB,EAAE,EAAE,CAAC,EAAE,CAAC;QACvI,CAAC;QAED,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,IAAA,8BAAmB,EAAC,EAAE,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAW,EAAE,SAAS,CAAC,CAAC;gBAClF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACzE,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,IAAA,8BAAmB,EAAC,EAAE,CAAC,CAAC;gBAC1C,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAW,EAAE,SAAS,CAAC,CAAC;gBAC5E,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;YACxD,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAC3B,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE;QACpB,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAChD,yBAAc,CAAC,GAAG,CAAC,yBAAyB,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;IAClF,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,OAAY,EAAE,EAAE;QACtC,0BAA0B;QAC1B,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/C,MAAM,gBAAgB,GAAG,IAAA,wBAAa,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAErD,gBAAgB;YAChB,IAAI,CAAC,uBAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;gBAChD,yBAAc,CAAC,oBAAoB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;gBAChE,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,8CAA8C;oBACpD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,qBAAqB;YACrB,MAAM,iBAAiB,GAAG,IAAA,0BAAe,EAAC,gBAAgB,CAAC,CAAC;YAC5D,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;gBAC7B,yBAAc,CAAC,iBAAiB,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,KAAK,IAAI,gBAAgB,CAAC,CAAC;gBAChG,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,uCAAuC;oBAC7C,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,6BAA6B,gBAAgB,EAAE,CAAC,CAAC;YAC7D,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACtC,CAAC;QAED,2DAA2D;QAC3D,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACjC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;YAE3D,IAAI,CAAC;gBACH,IAAI,MAAM,CAAC;gBACX,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBAC9B,MAAM,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC9D,CAAC;qBAAM,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;oBAChC,MAAM,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;gBACzD,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;gBAC3C,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,aAAa;oBACnB,EAAE,EAAE,EAAE,EAAE,+BAA+B;oBACvC,IAAI,EAAE,IAAI;oBACV,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,kCAAkC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;gBACjE,yBAAc,CAAC,GAAG,CAAC,uBAAuB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;gBACtF,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,aAAa;oBACnB,EAAE,EAAE,EAAE;oBACN,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,KAAK,CAAC,OAAO;oBACpB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,wCAAwC;IACxC,MAAM,SAAS,GAAG,IAAI,4BAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;IAC1D,yBAAc,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;AAC7E,CAAC;AAED,8CAA8C;AAC9C,KAAK,UAAU,mBAAmB,CAAC,GAAW,EAAE,IAAuB,EAAE,SAAkB;IACzF,MAAM,OAAO,GAAG,IAAI,EAAE,IAAI,IAAI,GAAG,CAAC;IAClC,MAAM,aAAa,GAAG,IAAA,uBAAY,EAAC,OAAO,CAAC,CAAC;IAE5C,gBAAgB;IAChB,IAAI,CAAC,uBAAY,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,EAAE,CAAC;QACnE,yBAAc,CAAC,oBAAoB,CAAC,SAAS,IAAI,SAAS,EAAE,gBAAgB,CAAC,CAAC;QAC9E,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,IAAA,uBAAY,EAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IACxD,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC1B,yBAAc,CAAC,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC,CAAC;QACjF,MAAM,IAAI,KAAK,CAAC,kBAAkB,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC,CAAC;QACvE,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QACnG,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACjC,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,kBAAkB;SAC/E,CAAC,CAAC,CAAC;QAEJ,sCAAsC;QACtC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACrB,IAAI,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpC,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACtC,CAAC;YACD,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,yBAAc,CAAC,GAAG,CAAC,sBAAsB,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;QACpG,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAW,EAAE,IAAuB,EAAE,SAAkB;IACpF,MAAM,QAAQ,GAAG,IAAI,EAAE,IAAI,CAAC;IAC5B,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAEnD,MAAM,aAAa,GAAG,IAAA,uBAAY,EAAC,QAAQ,CAAC,CAAC;IAE7C,gBAAgB;IAChB,IAAI,CAAC,uBAAY,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,EAAE,CAAC;QACnE,yBAAc,CAAC,oBAAoB,CAAC,SAAS,IAAI,SAAS,EAAE,WAAW,CAAC,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,IAAA,uBAAY,EAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IACxD,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC1B,yBAAc,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,cAAc,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,CAAC;QACxG,MAAM,IAAI,KAAK,CAAC,kBAAkB,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,yBAAc,CAAC,GAAG,CAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC/F,MAAM,IAAI,KAAK,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC"}
package/dist/security.d.ts ADDED
@@ -0,0 +1,52 @@
1
+ export declare const SECURITY_CONFIG: {
2
+ maxFileSize: number;
3
+ maxRequestsPerMinute: number;
4
+ maxRequestsPerHour: number;
5
+ allowedFileExtensions: string[];
6
+ blockedPaths: string[];
7
+ blockedFilePatterns: RegExp[];
8
+ };
9
+ declare class RateLimiter {
10
+ private maxRequests;
11
+ private windowMs;
12
+ private requests;
13
+ constructor(maxRequests: number, windowMs: number);
14
+ isAllowed(identifier: string): boolean;
15
+ cleanup(): void;
16
+ }
17
+ export declare const rateLimiters: {
18
+ perMinute: RateLimiter;
19
+ perHour: RateLimiter;
20
+ fileOperations: RateLimiter;
21
+ commands: RateLimiter;
22
+ };
23
+ export declare function validatePath(filePath: string, cwd: string): {
24
+ valid: boolean;
25
+ error?: string;
26
+ };
27
+ export declare function validateFile(filePath: string, cwd: string): {
28
+ valid: boolean;
29
+ error?: string;
30
+ };
31
+ export declare function validateCommand(command: string): {
32
+ valid: boolean;
33
+ error?: string;
34
+ };
35
+ export declare function sanitizeInput(input: string): string;
36
+ export declare function sanitizePath(input: string): string;
37
+ export declare class SecurityLogger {
38
+ private static instance;
39
+ private logFile;
40
+ private constructor();
41
+ static getInstance(): SecurityLogger;
42
+ log(event: string, details: any, severity?: 'low' | 'medium' | 'high'): void;
43
+ logBlockedCommand(command: string, reason: string): void;
44
+ logPathTraversal(attemptedPath: string, resolvedPath: string): void;
45
+ logRateLimitExceeded(identifier: string, operation: string): void;
46
+ logSuspiciousActivity(activity: string, details: any): void;
47
+ }
48
+ export declare const securityLogger: SecurityLogger;
49
+ export declare function generateSecureToken(length?: number): string;
50
+ export declare function validateSessionToken(token: string): boolean;
51
+ export {};
52
+ //# sourceMappingURL=security.d.ts.map
package/dist/security.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,eAAe;;;;;;;CAiC3B,CAAC;AAGF,cAAM,WAAW;IAGH,OAAO,CAAC,WAAW;IAAU,OAAO,CAAC,QAAQ;IAFzD,OAAO,CAAC,QAAQ,CAA8E;gBAE1E,WAAW,EAAE,MAAM,EAAU,QAAQ,EAAE,MAAM;IAEjE,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IA6BtC,OAAO,IAAI,IAAI;CAQhB;AAED,eAAO,MAAM,YAAY;;;;;CAKxB,CAAC;AAGF,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CA0B9F;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAwB9F;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAmCnF;AAGD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAOnD;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAOlD;AAGD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAiB;IACxC,OAAO,CAAC,OAAO,CAAS;IAExB,OAAO;IAIP,MAAM,CAAC,WAAW,IAAI,cAAc;IAOpC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAE,KAAK,GAAG,QAAQ,GAAG,MAAiB,GAAG,IAAI;IA4BtF,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAIxD,gBAAgB,CAAC,aAAa,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAInE,oBAAoB,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAIjE,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,IAAI;CAG5D;AAED,eAAO,MAAM,cAAc,gBAA+B,CAAC;AAW3D,wBAAgB,mBAAmB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAE/D;AAGD,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAa3D"}