mobilecoder-mcp 2.1.2 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/dist/agent.d.ts +28 -28
  2. package/dist/agent.d.ts.map +1 -1
  3. package/dist/agent.js +350 -322
  4. package/dist/agent.js.map +1 -1
  5. package/dist/cli.d.ts +2 -2
  6. package/dist/cli.js +39 -34
  7. package/dist/cli.js.map +1 -1
  8. package/package.json +3 -3
  9. package/dist/adapters/cli-adapter.d.ts +0 -13
  10. package/dist/adapters/cli-adapter.d.ts.map +0 -1
  11. package/dist/adapters/cli-adapter.js +0 -58
  12. package/dist/adapters/cli-adapter.js.map +0 -1
  13. package/dist/index.d.ts +0 -3
  14. package/dist/index.d.ts.map +0 -1
  15. package/dist/index.js +0 -152
  16. package/dist/index.js.map +0 -1
  17. package/dist/mcp-handler.d.ts +0 -3
  18. package/dist/mcp-handler.d.ts.map +0 -1
  19. package/dist/mcp-handler.js +0 -322
  20. package/dist/mcp-handler.js.map +0 -1
  21. package/dist/security.d.ts +0 -54
  22. package/dist/security.d.ts.map +0 -1
  23. package/dist/security.js +0 -307
  24. package/dist/security.js.map +0 -1
  25. package/dist/tool-detector.d.ts +0 -18
  26. package/dist/tool-detector.d.ts.map +0 -1
  27. package/dist/tool-detector.js +0 -93
  28. package/dist/tool-detector.js.map +0 -1
  29. package/dist/webrtc.d.ts +0 -23
  30. package/dist/webrtc.d.ts.map +0 -1
  31. package/dist/webrtc.js +0 -143
  32. package/dist/webrtc.js.map +0 -1
package/dist/mcp-handler.js DELETED
@@ -1,322 +0,0 @@
1
- import { Server } from '@modelcontextprotocol/sdk/server/index.js';
2
- import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
3
- import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
4
- import { validatePath, validateFile, validateCommand, sanitizeInput, sanitizePath, safeResolvePath, rateLimiters, securityLogger, generateSecureToken } from './security.js';
5
- import * as fs from 'fs';
6
- import * as path from 'path';
7
- // Queue to store commands received from mobile
8
- const commandQueue = [];
9
- const ALLOWED_METHODS = {
10
- 'initialize': true,
11
- 'initialized': true,
12
- 'tools/list': true,
13
- 'tools/call': true,
14
- 'prompts/list': true,
15
- 'prompts/get': true,
16
- 'resources/list': true,
17
- 'resources/read': true,
18
- 'resources/subscribe': true,
19
- 'resources/unsubscribe': true,
20
- 'sampling/createMessage': true,
21
- 'logging/setLevel': true,
22
- 'completion/complete': true
23
- };
24
- function isMethodAllowed(method) {
25
- return ALLOWED_METHODS[method] === true;
26
- }
27
- export async function setupMCPServer(webrtc) {
28
- // Create MCP server
29
- const server = new Server({
30
- name: 'mobilecoder-mcp',
31
- version: '1.0.0',
32
- }, {
33
- capabilities: {
34
- tools: {},
35
- },
36
- });
37
- // Set up error handling
38
- server.onerror = (error) => {
39
- console.error('[MCP Error]', error);
40
- securityLogger.log('mcp_server_error', { error: error.message || 'Unknown error' }, 'medium');
41
- };
42
- // List available tools
43
- server.setRequestHandler(ListToolsRequestSchema, async () => {
44
- return {
45
- tools: [
46
- {
47
- name: 'get_next_command',
48
- description: 'Get next pending command from mobile device',
49
- inputSchema: {
50
- type: 'object',
51
- properties: {},
52
- },
53
- },
54
- {
55
- name: 'send_message',
56
- description: 'Send a message or status update to mobile device',
57
- inputSchema: {
58
- type: 'object',
59
- properties: {
60
- message: {
61
- type: 'string',
62
- description: 'The message to send to user',
63
- },
64
- },
65
- required: ['message'],
66
- },
67
- },
68
- {
69
- name: 'list_directory',
70
- description: 'List files and directories in a path',
71
- inputSchema: {
72
- type: 'object',
73
- properties: {
74
- path: {
75
- type: 'string',
76
- description: 'The directory path to list (relative to cwd)',
77
- },
78
- },
79
- },
80
- },
81
- {
82
- name: 'read_file',
83
- description: 'Read contents of a file',
84
- inputSchema: {
85
- type: 'object',
86
- properties: {
87
- path: {
88
- type: 'string',
89
- description: 'The file path to read',
90
- },
91
- },
92
- required: ['path'],
93
- },
94
- },
95
- ],
96
- };
97
- });
98
- // Handle tool calls from MCP (Claude/Cursor)
99
- server.setRequestHandler(CallToolRequestSchema, async (request) => {
100
- const { name, arguments: args } = request.params;
101
- if (name === 'get_next_command') {
102
- const command = commandQueue.shift();
103
- if (!command) {
104
- return { content: [{ type: 'text', text: 'No pending commands.' }] };
105
- }
106
- return { content: [{ type: 'text', text: command }] };
107
- }
108
- if (name === 'send_message') {
109
- const message = args?.message;
110
- if (!message) {
111
- return { content: [{ type: 'text', text: 'Error: Message is required' }], isError: true };
112
- }
113
- // Sanitize message content
114
- const sanitizedMessage = sanitizeInput(message);
115
- // Check if message contains diff data
116
- if (typeof args === 'object' && args.diff) {
117
- webrtc.send({
118
- type: 'result',
119
- data: {
120
- diff: args.diff,
121
- oldCode: args.oldCode,
122
- newCode: args.newCode,
123
- fileName: args.fileName
124
- },
125
- timestamp: Date.now()
126
- });
127
- }
128
- else {
129
- webrtc.send({ type: 'result', data: sanitizedMessage, timestamp: Date.now() });
130
- }
131
- return { content: [{ type: 'text', text: `Message sent to mobile: ${typeof args === 'object' ? 'Diff data' : sanitizedMessage}` }] };
132
- }
133
- if (name === 'list_directory') {
134
- try {
135
- const requestId = generateSecureToken(16);
136
- const fileList = await handleListDirectory(process.cwd(), args, requestId);
137
- return { content: [{ type: 'text', text: JSON.stringify(fileList) }] };
138
- }
139
- catch (error) {
140
- return { content: [{ type: 'text', text: error.message }], isError: true };
141
- }
142
- }
143
- if (name === 'read_file') {
144
- try {
145
- const requestId = generateSecureToken(16);
146
- const content = await handleReadFile(process.cwd(), args, requestId);
147
- return { content: [{ type: 'text', text: content }] };
148
- }
149
- catch (error) {
150
- return { content: [{ type: 'text', text: error.message }], isError: true };
151
- }
152
- }
153
- return { content: [{ type: 'text', text: `Unknown tool: ${name}` }], isError: true };
154
- });
155
- // Connect WebRTC listeners
156
- webrtc.onConnect(() => {
157
- securityLogger.log('mobile_device_connected', { timestamp: Date.now() }, 'low');
158
- });
159
- webrtc.onMessage(async (message) => {
160
- // Detailed logging for debugging
161
- if (message.type !== 'pong') {
162
- console.log('═══════════════════════════════════════');
163
- console.log(`📥 [MCP] Incoming: ${message.type || message.method || 'unknown'}`);
164
- if (message.id)
165
- console.log(`ID: ${message.id}`);
166
- if (webrtc.getDebug()) {
167
- console.log('Full:', JSON.stringify(message, null, 2));
168
- }
169
- console.log('═══════════════════════════════════════');
170
- }
171
- // Handle MCP method calls (JSON-RPC)
172
- if (message.method) {
173
- if (!isMethodAllowed(message.method)) {
174
- console.warn(`⚠️ [Security] Blocked method: ${message.method}`);
175
- webrtc.send({
176
- jsonrpc: "2.0",
177
- id: message.id,
178
- error: {
179
- code: -32001,
180
- message: "Command blocked for security reasons",
181
- data: { blocked: message.method }
182
- }
183
- });
184
- return;
185
- }
186
- console.log(`✅ [Security] Allowed method: ${message.method}`);
187
- }
188
- // Handle command queueing
189
- if (message.type === 'command' && message.text) {
190
- const sanitizedCommand = sanitizeInput(message.text);
191
- // Rate limiting
192
- if (!rateLimiters.commands.isAllowed('command')) {
193
- securityLogger.logRateLimitExceeded('command', 'queue_command');
194
- webrtc.send({
195
- type: 'error',
196
- data: 'Rate limit exceeded. Please try again later.',
197
- timestamp: Date.now()
198
- });
199
- return;
200
- }
201
- // Command validation
202
- const commandValidation = validateCommand(sanitizedCommand);
203
- if (!commandValidation.valid) {
204
- securityLogger.logBlockedCommand(sanitizedCommand, commandValidation.error || 'Unknown reason');
205
- webrtc.send({
206
- type: 'error',
207
- data: 'Command blocked for security reasons.',
208
- timestamp: Date.now()
209
- });
210
- return;
211
- }
212
- commandQueue.push(sanitizedCommand);
213
- }
214
- // Handle direct tool calls from mobile (for File Explorer)
215
- if (message.type === 'tool_call') {
216
- const { tool, data, id } = message;
217
- try {
218
- let result;
219
- if (tool === 'list_directory') {
220
- result = await handleListDirectory(process.cwd(), data, id);
221
- }
222
- else if (tool === 'read_file') {
223
- result = await handleReadFile(process.cwd(), data, id);
224
- }
225
- else {
226
- throw new Error(`Unknown tool: ${tool}`);
227
- }
228
- webrtc.send({
229
- type: 'tool_result',
230
- id: id, // Echo back ID for correlation
231
- tool: tool,
232
- data: result,
233
- timestamp: Date.now()
234
- });
235
- }
236
- catch (error) {
237
- securityLogger.log('tool_execution_failed', { tool, error: error.message }, 'medium');
238
- webrtc.send({
239
- type: 'tool_result',
240
- id: id,
241
- tool: tool,
242
- error: error.message,
243
- timestamp: Date.now()
244
- });
245
- }
246
- }
247
- });
248
- // Start MCP server with stdio transport
249
- const transport = new StdioServerTransport();
250
- await server.connect(transport);
251
- }
252
- // Helper functions for file system operations
253
- async function handleListDirectory(cwd, args, requestId) {
254
- const dirPath = args?.path || '.';
255
- const sanitizedPath = sanitizePath(dirPath);
256
- // Rate limiting
257
- if (!rateLimiters.fileOperations.isAllowed(requestId || 'unknown')) {
258
- securityLogger.logRateLimitExceeded(requestId || 'unknown', 'list_directory');
259
- throw new Error('Rate limit exceeded for directory operations');
260
- }
261
- // Security validation
262
- const pathValidation = validatePath(sanitizedPath, cwd);
263
- if (!pathValidation.valid) {
264
- securityLogger.logPathTraversal(sanitizedPath, path.resolve(cwd, sanitizedPath));
265
- throw new Error(`Access denied: ${pathValidation.error}`);
266
- }
267
- try {
268
- const resolvedPath = await safeResolvePath(cwd, sanitizedPath);
269
- const stats = await fs.promises.stat(resolvedPath);
270
- if (!stats.isDirectory()) {
271
- throw new Error('Path is not a directory');
272
- }
273
- const files = await fs.promises.readdir(resolvedPath, { withFileTypes: true });
274
- const fileList = files.map((f) => ({
275
- name: f.name,
276
- isDirectory: f.isDirectory(),
277
- path: path.join(sanitizedPath, f.name).replace(/\\/g, '/'), // Normalize paths
278
- }));
279
- // Sort: directories first, then files
280
- fileList.sort((a, b) => {
281
- if (a.isDirectory === b.isDirectory) {
282
- return a.name.localeCompare(b.name);
283
- }
284
- return a.isDirectory ? -1 : 1;
285
- });
286
- return fileList;
287
- }
288
- catch (error) {
289
- securityLogger.log('directory_list_error', { path: sanitizedPath, error: error.message }, 'medium');
290
- throw new Error(`Error listing directory: ${error.message}`);
291
- }
292
- }
293
- async function handleReadFile(cwd, args, requestId) {
294
- const filePath = args?.path;
295
- if (!filePath)
296
- throw new Error('Path is required');
297
- const sanitizedPath = sanitizePath(filePath);
298
- // Rate limiting
299
- if (!rateLimiters.fileOperations.isAllowed(requestId || 'unknown')) {
300
- securityLogger.logRateLimitExceeded(requestId || 'unknown', 'read_file');
301
- throw new Error('Rate limit exceeded for file operations');
302
- }
303
- // Security validation
304
- const fileValidation = validateFile(sanitizedPath, cwd);
305
- if (!fileValidation.valid) {
306
- securityLogger.log('file_access_denied', { path: sanitizedPath, reason: fileValidation.error }, 'high');
307
- throw new Error(`Access denied: ${fileValidation.error}`);
308
- }
309
- try {
310
- const resolvedPath = await safeResolvePath(cwd, sanitizedPath);
311
- const stats = await fs.promises.stat(resolvedPath);
312
- if (stats.isDirectory()) {
313
- throw new Error('Path is a directory, not a file');
314
- }
315
- return await fs.promises.readFile(resolvedPath, 'utf-8');
316
- }
317
- catch (error) {
318
- securityLogger.log('file_read_error', { path: sanitizedPath, error: error.message }, 'medium');
319
- throw new Error(`Error reading file: ${error.message}`);
320
- }
321
- }
322
- //# sourceMappingURL=mcp-handler.js.map
package/dist/mcp-handler.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"mcp-handler.js","sourceRoot":"","sources":["../src/mcp-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,aAAa,EACb,YAAY,EACZ,eAAe,EACf,YAAY,EACZ,cAAc,EACd,mBAAmB,EACpB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAG7B,+CAA+C;AAC/C,MAAM,YAAY,GAAa,EAAE,CAAC;AAElC,MAAM,eAAe,GAA4B;IAC/C,YAAY,EAAE,IAAI;IAClB,aAAa,EAAE,IAAI;IACnB,YAAY,EAAE,IAAI;IAClB,YAAY,EAAE,IAAI;IAClB,cAAc,EAAE,IAAI;IACpB,aAAa,EAAE,IAAI;IACnB,gBAAgB,EAAE,IAAI;IACtB,gBAAgB,EAAE,IAAI;IACtB,qBAAqB,EAAE,IAAI;IAC3B,uBAAuB,EAAE,IAAI;IAC7B,wBAAwB,EAAE,IAAI;IAC9B,kBAAkB,EAAE,IAAI;IACxB,qBAAqB,EAAE,IAAI;CAC5B,CAAC;AAEF,SAAS,eAAe,CAAC,MAAc;IACrC,OAAO,eAAe,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC;AAC1C,CAAC;AAGD,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAAwB;IAC3D,oBAAoB;IACpB,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;SACV;KACF,CACF,CAAC;IAEF,wBAAwB;IACxB,MAAM,CAAC,OAAO,GAAG,CAAC,KAAU,EAAE,EAAE;QAC9B,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;QACpC,cAAc,CAAC,GAAG,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,IAAI,eAAe,EAAE,EAAE,QAAQ,CAAC,CAAC;IAChG,CAAC,CAAC;IAEF,uBAAuB;IACvB,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO;YACL,KAAK,EAAE;gBACL;oBACE,IAAI,EAAE,kBAAkB;oBACxB,WAAW,EAAE,6CAA6C;oBAC1D,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE,EAAE;qBACf;iBACF;gBACD;oBACE,IAAI,EAAE,cAAc;oBACpB,WAAW,EAAE,kDAAkD;oBAC/D,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,OAAO,EAAE;gCACP,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,6BAA6B;6BAC3C;yBACF;wBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;qBACtB;iBACF;gBACD;oBACE,IAAI,EAAE,gBAAgB;oBACtB,WAAW,EAAE,sCAAsC;oBACnD,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,IAAI,EAAE;gCACJ,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,8CAA8C;6BAC5D;yBACF;qBACF;iBACF;gBACD;oBACE,IAAI,EAAE,WAAW;oBACjB,WAAW,EAAE,yBAAyB;oBACtC,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,UAAU,EAAE;4BACV,IAAI,EAAE;gCACJ,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,uBAAuB;6BACrC;yBACF;wBACD,QAAQ,EAAE,CAAC,MAAM,CAAC;qBACnB;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,6CAA6C;IAC7C,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACrE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAEjD,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC;YACrC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,EAAE,CAAC;YACvE,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;QACxD,CAAC;QAED,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAI,IAA6B,EAAE,OAAO,CAAC;YACxD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,4BAA4B,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC5F,CAAC;YAED,2BAA2B;YAC3B,MAAM,gBAAgB,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;YAEhD,sCAAsC;YACtC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAK,IAAY,CAAC,IAAI,EAAE,CAAC;gBACnD,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE;wBACJ,IAAI,EAAG,IAAY,CAAC,IAAI;wBACxB,OAAO,EAAG,IAAY,CAAC,OAAO;wBAC9B,OAAO,EAAG,IAAY,CAAC,OAAO;wBAC9B,QAAQ,EAAG,IAAY,CAAC,QAAQ;qBACjC;oBACD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACjF,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,2BAA2B,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,gBAAgB,EAAE,EAAE,CAAC,EAAE,CAAC;QACvI,CAAC;QAED,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAW,EAAE,SAAS,CAAC,CAAC;gBAClF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACzE,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC;gBAC1C,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAW,EAAE,SAAS,CAAC,CAAC;gBAC5E,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;YACxD,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAC3B,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE;QACpB,cAAc,CAAC,GAAG,CAAC,yBAAyB,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;IAClF,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,OAAY,EAAE,EAAE;QACtC,iCAAiC;QACjC,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,sBAAsB,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;YACjF,IAAI,OAAO,CAAC,EAAE;gBAAE,OAAO,CAAC,GAAG,CAAC,OAAO,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;YACjD,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;gBACtB,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACzD,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;QACzD,CAAC;QAED,qCAAqC;QACrC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC,iCAAiC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;gBAChE,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EAAE,KAAK;oBACd,EAAE,EAAE,OAAO,CAAC,EAAE;oBACd,KAAK,EAAE;wBACL,IAAI,EAAE,CAAC,KAAK;wBACZ,OAAO,EAAE,sCAAsC;wBAC/C,IAAI,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE;qBAClC;iBACF,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,gCAAgC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAChE,CAAC;QACD,0BAA0B;QAC1B,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/C,MAAM,gBAAgB,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAErD,gBAAgB;YAChB,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;gBAChD,cAAc,CAAC,oBAAoB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;gBAChE,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,8CAA8C;oBACpD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,qBAAqB;YACrB,MAAM,iBAAiB,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;YAC5D,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;gBAC7B,cAAc,CAAC,iBAAiB,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,KAAK,IAAI,gBAAgB,CAAC,CAAC;gBAChG,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,uCAAuC;oBAC7C,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACtC,CAAC;QAED,2DAA2D;QAC3D,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACjC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC;YAEnC,IAAI,CAAC;gBACH,IAAI,MAAM,CAAC;gBACX,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBAC9B,MAAM,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC9D,CAAC;qBAAM,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;oBAChC,MAAM,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;gBACzD,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;gBAC3C,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,aAAa;oBACnB,EAAE,EAAE,EAAE,EAAE,+BAA+B;oBACvC,IAAI,EAAE,IAAI;oBACV,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,cAAc,CAAC,GAAG,CAAC,uBAAuB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;gBACtF,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,aAAa;oBACnB,EAAE,EAAE,EAAE;oBACN,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,KAAK,CAAC,OAAO;oBACpB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,wCAAwC;IACxC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC;AAED,8CAA8C;AAC9C,KAAK,UAAU,mBAAmB,CAAC,GAAW,EAAE,IAAuB,EAAE,SAAkB;IACzF,MAAM,OAAO,GAAG,IAAI,EAAE,IAAI,IAAI,GAAG,CAAC;IAClC,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAE5C,gBAAgB;IAChB,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,EAAE,CAAC;QACnE,cAAc,CAAC,oBAAoB,CAAC,SAAS,IAAI,SAAS,EAAE,gBAAgB,CAAC,CAAC;QAC9E,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IACxD,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC1B,cAAc,CAAC,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC,CAAC;QACjF,MAAM,IAAI,KAAK,CAAC,kBAAkB,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/E,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACjC,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,kBAAkB;SAC/E,CAAC,CAAC,CAAC;QAEJ,sCAAsC;QACtC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACrB,IAAI,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpC,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACtC,CAAC;YACD,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,cAAc,CAAC,GAAG,CAAC,sBAAsB,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;QACpG,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAW,EAAE,IAAuB,EAAE,SAAkB;IACpF,MAAM,QAAQ,GAAG,IAAI,EAAE,IAAI,CAAC;IAC5B,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAEnD,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE7C,gBAAgB;IAChB,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,EAAE,CAAC;QACnE,cAAc,CAAC,oBAAoB,CAAC,SAAS,IAAI,SAAS,EAAE,WAAW,CAAC,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IACxD,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC1B,cAAc,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,cAAc,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,CAAC;QACxG,MAAM,IAAI,KAAK,CAAC,kBAAkB,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,cAAc,CAAC,GAAG,CAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC/F,MAAM,IAAI,KAAK,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC"}
package/dist/security.d.ts DELETED
@@ -1,54 +0,0 @@
1
- export declare const SECURITY_CONFIG: {
2
- maxFileSize: number;
3
- maxRequestsPerMinute: number;
4
- maxRequestsPerHour: number;
5
- allowedFileExtensions: string[];
6
- blockedPaths: string[];
7
- blockedFilePatterns: RegExp[];
8
- };
9
- declare class RateLimiter {
10
- private maxRequests;
11
- private windowMs;
12
- private requests;
13
- constructor(maxRequests: number, windowMs: number);
14
- isAllowed(identifier: string): boolean;
15
- cleanup(): void;
16
- }
17
- export declare const rateLimiters: {
18
- perMinute: RateLimiter;
19
- perHour: RateLimiter;
20
- fileOperations: RateLimiter;
21
- commands: RateLimiter;
22
- };
23
- export declare const ALLOWED_COMMANDS: Set<string>;
24
- export declare function safeResolvePath(base: string, userInput: string): Promise<string>;
25
- export declare function validatePath(filePath: string, cwd: string): {
26
- valid: boolean;
27
- error?: string;
28
- };
29
- export declare function validateFile(filePath: string, cwd: string): {
30
- valid: boolean;
31
- error?: string;
32
- };
33
- export declare function validateCommand(command: string): {
34
- valid: boolean;
35
- error?: string;
36
- };
37
- export declare function sanitizeInput(input: string): string;
38
- export declare function sanitizePath(input: string): string;
39
- export declare class SecurityLogger {
40
- private static instance;
41
- private logFile;
42
- private constructor();
43
- static getInstance(): SecurityLogger;
44
- log(event: string, details: any, severity?: 'low' | 'medium' | 'high'): void;
45
- logBlockedCommand(command: string, reason: string): void;
46
- logPathTraversal(attemptedPath: string, resolvedPath: string): void;
47
- logRateLimitExceeded(identifier: string, operation: string): void;
48
- logSuspiciousActivity(activity: string, details: any): void;
49
- }
50
- export declare const securityLogger: SecurityLogger;
51
- export declare function generateSecureToken(length?: number): string;
52
- export declare function validateSessionToken(token: string): boolean;
53
- export {};
54
- //# sourceMappingURL=security.d.ts.map
package/dist/security.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,eAAe;;;;;;;CAiC3B,CAAC;AAGF,cAAM,WAAW;IAGH,OAAO,CAAC,WAAW;IAAU,OAAO,CAAC,QAAQ;IAFzD,OAAO,CAAC,QAAQ,CAA8E;gBAE1E,WAAW,EAAE,MAAM,EAAU,QAAQ,EAAE,MAAM;IAEjE,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IA6BtC,OAAO,IAAI,IAAI;CAQhB;AAED,eAAO,MAAM,YAAY;;;;;CAKxB,CAAC;AAGF,eAAO,MAAM,gBAAgB,aAI3B,CAAC;AAGH,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA8BtF;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAoB9F;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CA4B9F;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAmDnF;AAGD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAOnD;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAKlD;AAGD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAiB;IACxC,OAAO,CAAC,OAAO,CAAS;IAExB,OAAO;IAIP,MAAM,CAAC,WAAW,IAAI,cAAc;IAOpC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAE,KAAK,GAAG,QAAQ,GAAG,MAAiB,GAAG,IAAI;IA0BtF,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAIxD,gBAAgB,CAAC,aAAa,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAInE,oBAAoB,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAIjE,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,IAAI;CAG5D;AAED,eAAO,MAAM,cAAc,gBAA+B,CAAC;AAW3D,wBAAgB,mBAAmB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAE/D;AAGD,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAa3D"}