npm - monomind - Versions diffs - 1.7.0 → 1.9.0 - Mend

monomind 1.7.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (562) hide show

package/packages/@monomind/cli/dist/src/mcp-tools/claims-tools.js CHANGED Viewed

@@ -4,10 +4,10 @@
  * Implements MCP tools for ADR-016: Collaborative Issue Claims
  * Provides programmatic access to claim operations for MCP clients.
  *
- * @module @monoes/cli/mcp-tools/claims
+ * @module @monomind/cli/mcp-tools/claims
  */
 // File-based persistence
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync } from 'fs';
 import { join, resolve } from 'path';
 const CLAIMS_DIR = '.monomind/claims';
 const CLAIMS_FILE = 'claims.json';
@@ -34,7 +34,10 @@ function loadClaims() {
 }
 function saveClaims(store) {
     ensureClaimsDir();
-    writeFileSync(getClaimsPath(), JSON.stringify(store, null, 2), 'utf-8');
+    const dest = getClaimsPath();
+    const tmp = `${dest}.${process.pid}.${Date.now()}.tmp`;
+    writeFileSync(tmp, JSON.stringify(store, null, 2), 'utf-8');
+    renameSync(tmp, dest);
 }
 function formatClaimant(claimant) {
     return claimant.type === 'human'
@@ -78,13 +81,22 @@ export const claimsTools = [
             const issueId = input.issueId;
             const claimantStr = input.claimant;
             const context = input.context;
+            const RESERVED_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (!issueId || issueId.length > 256 || RESERVED_KEYS.has(issueId)) {
+                return { success: false, error: 'Invalid issueId' };
+            }
             const claimant = parseClaimant(claimantStr);
             if (!claimant) {
                 return { success: false, error: 'Invalid claimant format. Use "human:userId:name" or "agent:agentId:agentType"' };
             }
             const store = loadClaims();
-            // Check if already claimed
-            if (store.claims[issueId]) {
+            const MAX_CLAIMS = 10000;
+            if (Object.keys(store.claims).length >= MAX_CLAIMS) {
+                return { success: false, error: 'Claims store at capacity' };
+            }
+            // Check if already claimed (Object.hasOwn defends against bracket access
+            // resolving to inherited Object.prototype methods like `toString`)
+            if (Object.hasOwn(store.claims, issueId)) {
                 const existing = store.claims[issueId];
                 return {
                     success: false,
@@ -137,15 +149,19 @@ export const claimsTools = [
             const issueId = input.issueId;
             const claimantStr = input.claimant;
             const reason = input.reason;
+            const RESERVED_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (!issueId || typeof issueId !== 'string' || issueId.length > 256 || RESERVED_KEYS.has(issueId)) {
+                return { success: false, error: 'Invalid issueId' };
+            }
             const claimant = parseClaimant(claimantStr);
             if (!claimant) {
                 return { success: false, error: 'Invalid claimant format' };
             }
             const store = loadClaims();
-            const claim = store.claims[issueId];
-            if (!claim) {
+            if (!Object.hasOwn(store.claims, issueId)) {
                 return { success: false, error: 'Issue is not claimed' };
             }
+            const claim = store.claims[issueId];
             // Verify ownership
             if (formatClaimant(claim.claimant) !== formatClaimant(claimant)) {
                 return { success: false, error: 'Only the current claimant can release' };
@@ -197,16 +213,20 @@ export const claimsTools = [
             const toStr = input.to;
             const reason = input.reason;
             const progress = input.progress || 0;
+            const RESERVED_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (!issueId || typeof issueId !== 'string' || issueId.length > 256 || RESERVED_KEYS.has(issueId)) {
+                return { success: false, error: 'Invalid issueId' };
+            }
             const from = parseClaimant(fromStr);
             const to = parseClaimant(toStr);
             if (!from || !to) {
                 return { success: false, error: 'Invalid claimant format' };
             }
             const store = loadClaims();
-            const claim = store.claims[issueId];
-            if (!claim) {
+            if (!Object.hasOwn(store.claims, issueId)) {
                 return { success: false, error: 'Issue is not claimed' };
             }
+            const claim = store.claims[issueId];
             if (formatClaimant(claim.claimant) !== formatClaimant(from)) {
                 return { success: false, error: 'Only the current claimant can request handoff' };
             }
@@ -246,15 +266,19 @@ export const claimsTools = [
         handler: async (input) => {
             const issueId = input.issueId;
             const claimantStr = input.claimant;
+            const RESERVED_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (!issueId || typeof issueId !== 'string' || issueId.length > 256 || RESERVED_KEYS.has(issueId)) {
+                return { success: false, error: 'Invalid issueId' };
+            }
             const claimant = parseClaimant(claimantStr);
             if (!claimant) {
                 return { success: false, error: 'Invalid claimant format' };
             }
             const store = loadClaims();
-            const claim = store.claims[issueId];
-            if (!claim) {
+            if (!Object.hasOwn(store.claims, issueId)) {
                 return { success: false, error: 'Issue is not claimed' };
             }
+            const claim = store.claims[issueId];
             if (claim.status !== 'handoff-pending') {
                 return { success: false, error: 'No pending handoff for this issue' };
             }
@@ -294,6 +318,10 @@ export const claimsTools = [
                     description: 'New status',
                     enum: ['active', 'paused', 'blocked', 'review-requested', 'completed'],
                 },
+                claimant: {
+                    type: 'string',
+                    description: 'Claimant identifier (must match current owner)',
+                },
                 note: {
                     type: 'string',
                     description: 'Status note or reason',
@@ -308,13 +336,27 @@ export const claimsTools = [
         handler: async (input) => {
             const issueId = input.issueId;
             const status = input.status;
+            const claimantStr = input.claimant;
             const note = input.note;
             const progress = input.progress;
+            const RESERVED_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (!issueId || typeof issueId !== 'string' || issueId.length > 256 || RESERVED_KEYS.has(issueId)) {
+                return { success: false, error: 'Invalid issueId' };
+            }
             const store = loadClaims();
-            const claim = store.claims[issueId];
-            if (!claim) {
+            if (!Object.hasOwn(store.claims, issueId)) {
                 return { success: false, error: 'Issue is not claimed' };
             }
+            const claim = store.claims[issueId];
+            if (claimantStr) {
+                const claimant = parseClaimant(claimantStr);
+                if (!claimant) {
+                    return { success: false, error: 'Invalid claimant format' };
+                }
+                if (formatClaimant(claim.claimant) !== formatClaimant(claimant)) {
+                    return { success: false, error: 'Only the current claimant can update status' };
+                }
+            }
             const now = new Date().toISOString();
             claim.status = status;
             claim.statusChangedAt = now;
@@ -411,11 +453,15 @@ export const claimsTools = [
             const reason = input.reason;
             const preferredTypes = input.preferredTypes;
             const context = input.context;
+            const RESERVED_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (!issueId || typeof issueId !== 'string' || issueId.length > 256 || RESERVED_KEYS.has(issueId)) {
+                return { success: false, error: 'Invalid issueId' };
+            }
             const store = loadClaims();
-            const claim = store.claims[issueId];
-            if (!claim) {
+            if (!Object.hasOwn(store.claims, issueId)) {
                 return { success: false, error: 'Issue is not claimed' };
             }
+            const claim = store.claims[issueId];
             const now = new Date().toISOString();
             claim.status = 'stealable';
             claim.statusChangedAt = now;
@@ -457,16 +503,20 @@ export const claimsTools = [
         handler: async (input) => {
             const issueId = input.issueId;
             const stealerStr = input.stealer;
+            const RESERVED_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (!issueId || typeof issueId !== 'string' || issueId.length > 256 || RESERVED_KEYS.has(issueId)) {
+                return { success: false, error: 'Invalid issueId' };
+            }
             const stealer = parseClaimant(stealerStr);
             if (!stealer) {
                 return { success: false, error: 'Invalid claimant format' };
             }
             const store = loadClaims();
-            const claim = store.claims[issueId];
-            const stealableInfo = store.stealable[issueId];
-            if (!claim) {
+            if (!Object.hasOwn(store.claims, issueId)) {
                 return { success: false, error: 'Issue is not claimed' };
             }
+            const claim = store.claims[issueId];
+            const stealableInfo = Object.hasOwn(store.stealable, issueId) ? store.stealable[issueId] : undefined;
             if (!stealableInfo) {
                 return { success: false, error: 'Issue is not stealable' };
             }

package/packages/@monomind/cli/dist/src/mcp-tools/config-tools.js CHANGED Viewed

@@ -3,7 +3,7 @@
  *
  * Tool definitions for configuration management with file persistence.
  */
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync, statSync } from 'node:fs';
 import { join } from 'node:path';
 import { getProjectCwd } from './types.js';
 // Storage paths
@@ -34,12 +34,22 @@ function ensureConfigDir() {
         mkdirSync(dir, { recursive: true, mode: 0o700 });
     }
 }
+const MAX_CONFIG_STORE_BYTES = 5 * 1024 * 1024; // 5 MB
 function loadConfigStore() {
     try {
         const path = getConfigPath();
         if (existsSync(path)) {
+            if (statSync(path).size > MAX_CONFIG_STORE_BYTES) {
+                return { values: { ...DEFAULT_CONFIG }, scopes: {}, version: '3.0.0', updatedAt: new Date().toISOString() };
+            }
             const data = readFileSync(path, 'utf-8');
-            return JSON.parse(data);
+            const parsed = JSON.parse(data);
+            return {
+                values: filterDangerousKeys(parsed.values ?? {}),
+                scopes: filterDangerousKeys(parsed.scopes ?? {}),
+                version: typeof parsed.version === 'string' ? parsed.version : '3.0.0',
+                updatedAt: typeof parsed.updatedAt === 'string' ? parsed.updatedAt : new Date().toISOString(),
+            };
         }
     }
     catch {
@@ -55,7 +65,10 @@ function loadConfigStore() {
 function saveConfigStore(store) {
     ensureConfigDir();
     store.updatedAt = new Date().toISOString();
-    writeFileSync(getConfigPath(), JSON.stringify(store, null, 2), 'utf-8');
+    const dest = getConfigPath();
+    const tmpPath = `${dest}.${process.pid}.${Date.now()}.tmp`;
+    writeFileSync(tmpPath, JSON.stringify(store, null, 2), 'utf-8');
+    renameSync(tmpPath, dest);
 }
 function getNestedValue(obj, key) {
     const parts = key.split('.');
@@ -71,11 +84,18 @@ function getNestedValue(obj, key) {
     return current;
 }
 const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
-function filterDangerousKeys(obj) {
+function filterDangerousKeys(obj, depth = 0) {
     const filtered = {};
+    if (depth > 20)
+        return filtered;
     for (const [key, value] of Object.entries(obj)) {
         if (!DANGEROUS_KEYS.has(key)) {
-            filtered[key] = value;
+            if (value !== null && typeof value === 'object' && !Array.isArray(value)) {
+                filtered[key] = filterDangerousKeys(value, depth + 1);
+            }
+            else {
+                filtered[key] = value;
+            }
         }
     }
     return filtered;
@@ -156,6 +176,14 @@ export const configTools = [
             const key = input.key;
             const value = input.value;
             const scope = input.scope || 'default';
+            for (const seg of key.split('.')) {
+                if (DANGEROUS_KEYS.has(seg)) {
+                    return { success: false, error: `Forbidden key segment: "${seg}"` };
+                }
+            }
+            if (DANGEROUS_KEYS.has(scope)) {
+                return { success: false, error: `Forbidden scope: "${scope}"` };
+            }
             const previousValue = store.values[key];
             if (scope === 'default') {
                 store.values[key] = value;

package/packages/@monomind/cli/dist/src/mcp-tools/coordination-tools.js CHANGED Viewed

@@ -9,7 +9,7 @@
  * - Useful for single-machine workflow orchestration
  */
 import { getProjectCwd } from './types.js';
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync } from 'node:fs';
 import { join } from 'node:path';
 // Storage paths
 const STORAGE_DIR = '.monomind';
@@ -61,7 +61,10 @@ function loadCoordStore() {
 }
 function saveCoordStore(store) {
     ensureCoordDir();
-    writeFileSync(getCoordPath(), JSON.stringify(store, null, 2), 'utf-8');
+    const dest = getCoordPath();
+    const tmp = dest + '.tmp';
+    writeFileSync(tmp, JSON.stringify(store, null, 2), 'utf-8');
+    renameSync(tmp, dest);
 }
 export const coordinationTools = [
     {
@@ -302,8 +305,22 @@ export const coordinationTools = [
                     active: nodes.filter(n => n.status === 'active').length,
                 };
             }
+            const FORBIDDEN_NODE_IDS = new Set(['__proto__', 'constructor', 'prototype']);
+            const MAX_NODES = 1000;
+            const MAX_NODE_ID_LEN = 200;
             if (action === 'add') {
                 const nodeId = input.nodeId || `node-${Date.now()}`;
+                if (typeof nodeId !== 'string' || nodeId.length === 0 || nodeId.length > MAX_NODE_ID_LEN) {
+                    return { success: false, error: 'Invalid nodeId' };
+                }
+                if (FORBIDDEN_NODE_IDS.has(nodeId)) {
+                    return { success: false, error: 'Forbidden node ID' };
+                }
+                // Cap to prevent unbounded growth → disk exhaustion DoS via repeated
+                // add calls. Allow re-add of existing node (no growth in that case).
+                if (Object.keys(store.nodes).length >= MAX_NODES && !Object.hasOwn(store.nodes, nodeId)) {
+                    return { success: false, error: `Node limit reached (${MAX_NODES})` };
+                }
                 store.nodes[nodeId] = {
                     id: nodeId,
                     status: 'active',
@@ -320,7 +337,13 @@ export const coordinationTools = [
             }
             if (action === 'remove') {
                 const nodeId = input.nodeId;
-                if (!store.nodes[nodeId]) {
+                // Match the `add` denylist + Object.hasOwn so a tampered store.json
+                // can't have its inherited Object.prototype slots exposed via remove.
+                if (typeof nodeId !== 'string' || nodeId.length === 0 || nodeId.length > MAX_NODE_ID_LEN ||
+                    FORBIDDEN_NODE_IDS.has(nodeId)) {
+                    return { success: false, error: 'Invalid nodeId' };
+                }
+                if (!Object.hasOwn(store.nodes, nodeId)) {
                     return { success: false, error: 'Node not found' };
                 }
                 delete store.nodes[nodeId];
@@ -334,7 +357,15 @@ export const coordinationTools = [
             }
             if (action === 'heartbeat') {
                 const nodeId = input.nodeId;
-                if (store.nodes[nodeId]) {
+                if (!nodeId || typeof nodeId !== 'string' || ['__proto__', 'constructor', 'prototype'].includes(nodeId)) {
+                    return {
+                        success: false,
+                        action: 'heartbeat',
+                        nodeId,
+                        error: 'Invalid node ID',
+                    };
+                }
+                if (Object.hasOwn(store.nodes, nodeId)) {
                     store.nodes[nodeId].lastHeartbeat = new Date().toISOString();
                     store.nodes[nodeId].status = 'active';
                     saveCoordStore(store);
@@ -441,6 +472,25 @@ export const coordinationTools = [
                         };
                     }
                 }
+                if (consensus.pending.length >= 200) {
+                    return { success: false, error: 'Pending proposals limit (200) reached. Resolve existing proposals first.' };
+                }
+                // Validate proposal size and shape — schema only declares object,
+                // so without these checks an attacker could submit a 10MB blob 200x
+                // and inflate store.json to 2GB on every saveCoordStore.
+                if (input.proposal === null || typeof input.proposal !== 'object' || Array.isArray(input.proposal)) {
+                    return { success: false, error: 'proposal must be a plain object' };
+                }
+                let proposalSerialized;
+                try {
+                    proposalSerialized = JSON.stringify(input.proposal);
+                }
+                catch {
+                    return { success: false, error: 'proposal contains non-serializable values' };
+                }
+                if (proposalSerialized.length > 64 * 1024) {
+                    return { success: false, error: 'proposal exceeds 64KB limit' };
+                }
                 consensus.pending.push({
                     proposalId,
                     type: 'coordination',
@@ -544,6 +594,11 @@ export const coordinationTools = [
                         term: p.term,
                         byzantineDetected: p.byzantineVoters?.length ? p.byzantineVoters : undefined,
                     });
+                    // Cap consensus history to prevent unbounded growth
+                    const MAX_CONSENSUS_HISTORY = 1000;
+                    if (consensus.history.length > MAX_CONSENSUS_HISTORY) {
+                        consensus.history = consensus.history.slice(-MAX_CONSENSUS_HISTORY);
+                    }
                     consensus.pending = consensus.pending.filter(x => x.proposalId !== p.proposalId);
                 }
                 saveCoordStore(store);

package/packages/@monomind/cli/dist/src/mcp-tools/daa-tools.js CHANGED Viewed

@@ -9,7 +9,7 @@
  * - Useful for workflow orchestration and state tracking
  */
 import { getProjectCwd } from './types.js';
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync, statSync } from 'node:fs';
 import { join } from 'node:path';
 // Storage paths
 const STORAGE_DIR = '.monomind';
@@ -31,6 +31,12 @@ function loadDAAStore() {
     try {
         const path = getDAAPath();
         if (existsSync(path)) {
+            // Cap on disk read so a planted multi-GB store.json can't OOM the daemon
+            // on first MCP call.
+            const stat = statSync(path);
+            if (stat.size > 25 * 1024 * 1024) {
+                return { agents: {}, workflows: {}, knowledge: {}, version: '3.0.0' };
+            }
             return JSON.parse(readFileSync(path, 'utf-8'));
         }
     }
@@ -41,7 +47,11 @@ function loadDAAStore() {
 }
 function saveDAAStore(store) {
     ensureDAADir();
-    writeFileSync(getDAAPath(), JSON.stringify(store, null, 2), 'utf-8');
+    // Unique tmp filename so concurrent daa_* MCP calls cannot collide on the
+    // same .tmp path mid-write.
+    const tmpPath = `${getDAAPath()}.${process.pid}.${Date.now()}.tmp`;
+    writeFileSync(tmpPath, JSON.stringify(store, null, 2), 'utf-8');
+    renameSync(tmpPath, getDAAPath());
 }
 export const daaTools = [
     {
@@ -81,6 +91,9 @@ export const daaTools = [
                 createdAt: new Date().toISOString(),
                 lastActivity: new Date().toISOString(),
             };
+            if (['__proto__', 'constructor', 'prototype'].includes(id)) {
+                return { success: false, error: 'Forbidden agent ID' };
+            }
             store.agents[id] = agent;
             saveDAAStore(store);
             // Store agent in AgentDB for searchable agent registry
@@ -123,9 +136,12 @@ export const daaTools = [
             required: ['agentId'],
         },
         handler: async (input) => {
-            const store = loadDAAStore();
             const agentId = input.agentId;
-            const agent = store.agents[agentId];
+            if (typeof agentId !== 'string' || ['__proto__', 'constructor', 'prototype'].includes(agentId)) {
+                return { success: false, error: 'Invalid agent id' };
+            }
+            const store = loadDAAStore();
+            const agent = Object.hasOwn(store.agents, agentId) ? store.agents[agentId] : undefined;
             if (!agent) {
                 return { success: false, error: 'Agent not found' };
             }
@@ -179,8 +195,14 @@ export const daaTools = [
             required: ['id', 'name'],
         },
         handler: async (input) => {
-            const store = loadDAAStore();
             const id = input.id;
+            // Reject prototype-pollution keys: writing to store.workflows['__proto__']
+            // mutates Object.prototype for the process.
+            if (typeof id !== 'string' || id.length === 0 || id.length > 256 ||
+                ['__proto__', 'constructor', 'prototype'].includes(id)) {
+                return { success: false, error: 'Invalid workflow id' };
+            }
+            const store = loadDAAStore();
             const workflow = {
                 id,
                 name: input.name,
@@ -218,9 +240,12 @@ export const daaTools = [
             required: ['workflowId'],
         },
         handler: async (input) => {
-            const store = loadDAAStore();
             const workflowId = input.workflowId;
-            const workflow = store.workflows[workflowId];
+            if (typeof workflowId !== 'string' || ['__proto__', 'constructor', 'prototype'].includes(workflowId)) {
+                return { success: false, error: 'Invalid workflow id' };
+            }
+            const store = loadDAAStore();
+            const workflow = Object.hasOwn(store.workflows, workflowId) ? store.workflows[workflowId] : undefined;
             if (!workflow) {
                 return { success: false, error: 'Workflow not found' };
             }
@@ -290,7 +315,12 @@ export const daaTools = [
                 _storedIn = 'agentdb';
             }
             catch { /* AgentDB not available */ }
-            // Backward compat: always persist in JSON store
+            // Backward compat: always persist in JSON store (cap at 1000 entries)
+            if (Object.keys(store.knowledge).length >= 1000) {
+                const oldest = Object.keys(store.knowledge)[0];
+                if (oldest)
+                    delete store.knowledge[oldest];
+            }
             store.knowledge[knowledgeId] = knowledgeEntry;
             saveDAAStore(store);
             return {
@@ -322,7 +352,10 @@ export const daaTools = [
             const store = loadDAAStore();
             const agentId = input.agentId;
             if (agentId) {
-                const agent = store.agents[agentId];
+                if (typeof agentId !== 'string' || ['__proto__', 'constructor', 'prototype'].includes(agentId)) {
+                    return { success: false, error: 'Invalid agent id' };
+                }
+                const agent = Object.hasOwn(store.agents, agentId) ? store.agents[agentId] : undefined;
                 if (!agent) {
                     return { success: false, error: 'Agent not found' };
                 }
@@ -375,7 +408,10 @@ export const daaTools = [
             const agentId = input.agentId;
             const action = input.action || 'analyze';
             if (agentId) {
-                const agent = store.agents[agentId];
+                if (typeof agentId !== 'string' || ['__proto__', 'constructor', 'prototype'].includes(agentId)) {
+                    return { success: false, error: 'Invalid agent id' };
+                }
+                const agent = Object.hasOwn(store.agents, agentId) ? store.agents[agentId] : undefined;
                 if (!agent) {
                     return { success: false, error: 'Agent not found' };
                 }

package/packages/@monomind/cli/dist/src/mcp-tools/embeddings-tools.js CHANGED Viewed

@@ -4,12 +4,38 @@
  * Tool definitions for ONNX embeddings with hyperbolic support and neural substrate.
  * Implements ADR-024: Embeddings MCP Tools
  */
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync } from 'fs';
 import { join, resolve } from 'path';
 // Configuration paths
 const CONFIG_DIR = '.monomind';
 const EMBEDDINGS_CONFIG = 'embeddings.json';
 const MODELS_DIR = 'models';
+// Input validation caps — embeddings handlers operate on caller-supplied text and
+// vectors. Without these caps an attacker can pass a 100M-entry array and OOM the
+// process, or a 50MB string and saturate the hash-fallback embedding loop.
+const MAX_TEXT_LENGTH = 64 * 1024;
+const MAX_VECTOR_DIM = 8192;
+function validateText(t, field) {
+    if (typeof t !== 'string')
+        throw new Error(`${field}: must be a string`);
+    if (t.length > MAX_TEXT_LENGTH)
+        throw new Error(`${field}: text too long (max ${MAX_TEXT_LENGTH})`);
+    return t;
+}
+function validateVector(v, field) {
+    if (!Array.isArray(v))
+        throw new Error(`${field}: must be a number[]`);
+    if (v.length === 0)
+        throw new Error(`${field}: empty vector`);
+    if (v.length > MAX_VECTOR_DIM)
+        throw new Error(`${field}: vector too large (max ${MAX_VECTOR_DIM})`);
+    for (let i = 0; i < v.length; i++) {
+        if (typeof v[i] !== 'number' || !Number.isFinite(v[i])) {
+            throw new Error(`${field}: contains non-finite value at index ${i}`);
+        }
+    }
+    return v;
+}
 function getConfigPath() {
     return resolve(join(CONFIG_DIR, EMBEDDINGS_CONFIG));
 }
@@ -33,7 +59,10 @@ function loadConfig() {
 }
 function saveConfig(config) {
     ensureConfigDir();
-    writeFileSync(getConfigPath(), JSON.stringify(config, null, 2), 'utf-8');
+    const dest = getConfigPath();
+    const tmp = dest + '.tmp';
+    writeFileSync(tmp, JSON.stringify(config, null, 2), 'utf-8');
+    renameSync(tmp, dest);
 }
 // Real ONNX embedding generation via memory-initializer
 let realEmbeddingFn = null;
@@ -229,7 +258,13 @@ export const embeddingsTools = [
                     error: 'Embeddings not initialized. Run embeddings/init first.',
                 };
             }
-            const text = input.text;
+            let text;
+            try {
+                text = validateText(input.text, 'text');
+            }
+            catch (e) {
+                return { success: false, error: e.message };
+            }
             const useHyperbolic = input.hyperbolic === true && config.hyperbolic.enabled;
             // Generate real ONNX embedding
             const embedding = await generateRealEmbedding(text, config.dimension);
@@ -289,8 +324,14 @@ export const embeddingsTools = [
                     error: 'Embeddings not initialized. Run embeddings/init first.',
                 };
             }
-            const text1 = input.text1;
-            const text2 = input.text2;
+            let text1, text2;
+            try {
+                text1 = validateText(input.text1, 'text1');
+                text2 = validateText(input.text2, 'text2');
+            }
+            catch (e) {
+                return { success: false, error: e.message };
+            }
             const metric = input.metric || 'cosine';
             // Generate real ONNX embeddings for both texts
             const [emb1, emb2] = await Promise.all([