nodebench-mcp 2.31.2 → 2.32.0

package/dist/security/commandSandbox.js

@@ -0,0 +1,159 @@
+/**
+ * commandSandbox.ts — Command execution with allow-list enforcement.
+ *
+ * Replaces raw execSync calls with validated, audited execution.
+ * Uses allow-list (not deny-list) for command prefixes.
+ */
+import { execSync } from "node:child_process";
+import { SecurityError } from "./SecurityError.js";
+import { getSecurityConfig } from "./config.js";
+// Allow-list of safe command prefixes
+const ALLOWED_PREFIXES = [
+    // Version control
+    "git ",
+    // Node.js ecosystem
+    "node ",
+    "npm ",
+    "npx ",
+    "pnpm ",
+    "yarn ",
+    "bun ",
+    // TypeScript/JavaScript
+    "tsc ",
+    "tsx ",
+    "vitest ",
+    "jest ",
+    // Python
+    "python ",
+    "python3 ",
+    "pip ",
+    "pytest ",
+    // Build tools
+    "cargo ",
+    "go ",
+    "make ",
+    "cmake ",
+    "gcc ",
+    "g++ ",
+    "clang ",
+    // Safe read-only commands
+    "ls",
+    "dir",
+    "cat ",
+    "head ",
+    "tail ",
+    "wc ",
+    "grep ",
+    "rg ",
+    "find ",
+    "which ",
+    "where ",
+    "type ",
+    // Info commands
+    "echo ",
+    "date",
+    "pwd",
+    "hostname",
+    "uname ",
+    "whoami",
+    "env",
+    "printenv",
+    // Package managers
+    "apt ",
+    "brew ",
+    "choco ",
+    "winget ",
+    // Containers
+    "docker ",
+    "docker-compose ",
+    "podman ",
+    // Network (SSRF handled separately by urlValidator)
+    "curl ",
+    "wget ",
+    "ping ",
+    "nslookup ",
+    "dig ",
+];
+// Shell metacharacters that enable command chaining/injection
+const DANGEROUS_METACHAR_RE = /[;`$]|\$\(|&&|\|\||>>|<<|>\s*\/|<\s*\//;
+const PIPE_RE = /\|(?!\|)/; // Single pipe (not ||)
+function isAllowedCommand(command, extraPrefixes) {
+    const trimmed = command.trim().toLowerCase();
+    const allPrefixes = [...ALLOWED_PREFIXES, ...extraPrefixes];
+    for (const prefix of allPrefixes) {
+        if (trimmed === prefix.trim() || trimmed.startsWith(prefix)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Execute a command with security validation.
+ *
+ * @throws SecurityError if command is not on allow-list or contains injection
+ */
+export function safeExec(command, opts) {
+    const config = getSecurityConfig();
+    const trimmedCommand = command.trim();
+    if (!trimmedCommand) {
+        return { stdout: "", stderr: "Empty command", exitCode: 1, timedOut: false, durationMs: 0 };
+    }
+    // In permissive mode, skip validation
+    if (config.mode !== "permissive") {
+        // Check allow-list
+        const extraPrefixes = [
+            ...config.extraExecAllowList,
+            ...(opts?.additionalPrefixes ?? []),
+        ];
+        if (!isAllowedCommand(trimmedCommand, extraPrefixes)) {
+            if (config.mode === "audit_only") {
+                // Log but proceed
+            }
+            else {
+                throw new SecurityError("EXEC_BLOCKED", `Command "${trimmedCommand.substring(0, 60)}..." is not on the allow-list. ` +
+                    `Allowed prefixes: ${ALLOWED_PREFIXES.slice(0, 10).join(", ")}...`);
+            }
+        }
+        // Check for shell metacharacters (injection prevention)
+        if (DANGEROUS_METACHAR_RE.test(trimmedCommand)) {
+            throw new SecurityError("EXEC_METACHAR", `Command contains dangerous shell metacharacters: ${trimmedCommand.substring(0, 60)}`);
+        }
+        // Check pipes separately (allowed if opts.allowPipes)
+        if (!opts?.allowPipes && PIPE_RE.test(trimmedCommand)) {
+            throw new SecurityError("EXEC_METACHAR", `Command contains pipe operator. Use allowPipes option if intended: ${trimmedCommand.substring(0, 60)}`);
+        }
+    }
+    const timeout = Math.min(opts?.timeout ?? 30_000, config.maxExecTimeoutMs);
+    const maxBuffer = opts?.maxBuffer ?? 10 * 1024 * 1024;
+    const cwd = opts?.cwd ?? process.cwd();
+    const start = Date.now();
+    try {
+        const stdout = execSync(trimmedCommand, {
+            cwd,
+            timeout,
+            encoding: "utf-8",
+            stdio: ["pipe", "pipe", "pipe"],
+            maxBuffer,
+        });
+        return {
+            stdout: (stdout ?? "").slice(0, 50_000),
+            stderr: "",
+            exitCode: 0,
+            timedOut: false,
+            durationMs: Date.now() - start,
+        };
+    }
+    catch (err) {
+        const timedOut = err.killed === true || err.signal === "SIGTERM";
+        return {
+            stdout: (err.stdout ?? "").slice(0, 50_000),
+            stderr: (err.stderr ?? "").slice(0, 10_000),
+            exitCode: err.status ?? 1,
+            timedOut,
+            durationMs: Date.now() - start,
+        };
+    }
+}
+/** Export for testing */
+export const _ALLOWED_PREFIXES = ALLOWED_PREFIXES;
+//# sourceMappingURL=commandSandbox.js.map

package/dist/security/commandSandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commandSandbox.js","sourceRoot":"","sources":["../../src/security/commandSandbox.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAuBhD,sCAAsC;AACtC,MAAM,gBAAgB,GAAG;IACvB,kBAAkB;IAClB,MAAM;IACN,oBAAoB;IACpB,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,MAAM;IACN,wBAAwB;IACxB,MAAM;IACN,MAAM;IACN,SAAS;IACT,OAAO;IACP,SAAS;IACT,SAAS;IACT,UAAU;IACV,MAAM;IACN,SAAS;IACT,cAAc;IACd,QAAQ;IACR,KAAK;IACL,OAAO;IACP,QAAQ;IACR,MAAM;IACN,MAAM;IACN,QAAQ;IACR,0BAA0B;IAC1B,IAAI;IACJ,KAAK;IACL,MAAM;IACN,OAAO;IACP,OAAO;IACP,KAAK;IACL,OAAO;IACP,KAAK;IACL,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,gBAAgB;IAChB,OAAO;IACP,MAAM;IACN,KAAK;IACL,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,KAAK;IACL,UAAU;IACV,mBAAmB;IACnB,MAAM;IACN,OAAO;IACP,QAAQ;IACR,SAAS;IACT,aAAa;IACb,SAAS;IACT,iBAAiB;IACjB,SAAS;IACT,oDAAoD;IACpD,OAAO;IACP,OAAO;IACP,OAAO;IACP,WAAW;IACX,MAAM;CACP,CAAC;AAEF,8DAA8D;AAC9D,MAAM,qBAAqB,GAAG,wCAAwC,CAAC;AACvE,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,uBAAuB;AAEnD,SAAS,gBAAgB,CACvB,OAAe,EACf,aAAuB;IAEvB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,CAAC,GAAG,gBAAgB,EAAE,GAAG,aAAa,CAAC,CAAC;IAE5D,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;QACjC,IAAI,OAAO,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAe,EAAE,IAAmB;IAC3D,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;IACnC,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAEtC,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;IAC9F,CAAC;IAED,sCAAsC;IACtC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACjC,mBAAmB;QACnB,MAAM,aAAa,GAAG;YACpB,GAAG,MAAM,CAAC,kBAAkB;YAC5B,GAAG,CAAC,IAAI,EAAE,kBAAkB,IAAI,EAAE,CAAC;SACpC,CAAC;QAEF,IAAI,CAAC,gBAAgB,CAAC,cAAc,EAAE,aAAa,CAAC,EAAE,CAAC;YACrD,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,kBAAkB;YACpB,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,aAAa,CACrB,cAAc,EACd,YAAY,cAAc,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,iCAAiC;oBAC1E,qBAAqB,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,IAAI,qBAAqB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,aAAa,CACrB,eAAe,EACf,oDAAoD,cAAc,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CACtF,CAAC;QACJ,CAAC;QAED,sDAAsD;QACtD,IAAI,CAAC,IAAI,EAAE,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,aAAa,CACrB,eAAe,EACf,sEAAsE,cAAc,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;IACtD,MAAM,GAAG,GAAG,IAAI,EAAE,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAEvC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,cAAc,EAAE;YACtC,GAAG;YACH,OAAO;YACP,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,SAAS;SACV,CAAC,CAAC;QAEH,OAAO;YACL,MAAM,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC;YACvC,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,CAAC;YACX,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,KAAK,IAAI,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC;QACjE,OAAO;YACL,MAAM,EAAE,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC;YAC3C,MAAM,EAAE,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC;YAC3C,QAAQ,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC;YACzB,QAAQ;YACR,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;AACH,CAAC;AAED,yBAAyB;AACzB,MAAM,CAAC,MAAM,iBAAiB,GAAG,gBAAgB,CAAC"}

package/dist/security/config.d.ts

@@ -0,0 +1,23 @@
+/**
+ * config.ts — Centralized security configuration.
+ *
+ * Reads from env vars at startup, cached for the process lifetime.
+ * Test helpers follow the embeddingProvider.ts pattern.
+ */
+export type SecurityMode = "strict" | "permissive" | "audit_only";
+export interface SecurityConfig {
+    /** strict = block + log, permissive = allow all, audit_only = log but don't block */
+    mode: SecurityMode;
+    /** Filesystem roots tools are allowed to access (default: cwd) */
+    allowedRoots: string[];
+    /** Max command execution timeout in ms (hard cap) */
+    maxExecTimeoutMs: number;
+    /** Whether audit logging is enabled */
+    auditEnabled: boolean;
+    /** Additional command prefixes allowed beyond the built-in list */
+    extraExecAllowList: string[];
+}
+export declare function getSecurityConfig(): SecurityConfig;
+export declare function setSecurityConfig(partial: Partial<SecurityConfig>): void;
+/** Test helper — reset to defaults */
+export declare function _resetSecurityConfigForTesting(): void;

package/dist/security/config.js

@@ -0,0 +1,43 @@
+/**
+ * config.ts — Centralized security configuration.
+ *
+ * Reads from env vars at startup, cached for the process lifetime.
+ * Test helpers follow the embeddingProvider.ts pattern.
+ */
+import * as path from "node:path";
+const DEFAULT_CONFIG = {
+    mode: "strict",
+    allowedRoots: [process.cwd()],
+    maxExecTimeoutMs: 60_000,
+    auditEnabled: true,
+    extraExecAllowList: [],
+};
+let _config = null;
+export function getSecurityConfig() {
+    if (_config)
+        return _config;
+    const mode = process.env.NODEBENCH_SECURITY_MODE ?? "strict";
+    const rootsEnv = process.env.NODEBENCH_ALLOWED_ROOTS;
+    const allowedRoots = rootsEnv
+        ? rootsEnv.split(",").map((r) => path.resolve(r.trim()))
+        : [process.cwd()];
+    const timeoutEnv = process.env.NODEBENCH_EXEC_TIMEOUT_MS;
+    const maxExecTimeoutMs = timeoutEnv
+        ? Math.min(parseInt(timeoutEnv, 10) || 60_000, 60_000)
+        : 60_000;
+    const auditEnabled = process.env.NODEBENCH_AUDIT_ENABLED !== "false";
+    const extraEnv = process.env.NODEBENCH_EXEC_ALLOWLIST;
+    const extraExecAllowList = extraEnv
+        ? extraEnv.split(",").map((s) => s.trim())
+        : [];
+    _config = { mode, allowedRoots, maxExecTimeoutMs, auditEnabled, extraExecAllowList };
+    return _config;
+}
+export function setSecurityConfig(partial) {
+    _config = { ...getSecurityConfig(), ...partial };
+}
+/** Test helper — reset to defaults */
+export function _resetSecurityConfigForTesting() {
+    _config = null;
+}
+//# sourceMappingURL=config.js.map

package/dist/security/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/security/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAiBlC,MAAM,cAAc,GAAmB;IACrC,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IAC7B,gBAAgB,EAAE,MAAM;IACxB,YAAY,EAAE,IAAI;IAClB,kBAAkB,EAAE,EAAE;CACvB,CAAC;AAEF,IAAI,OAAO,GAA0B,IAAI,CAAC;AAE1C,MAAM,UAAU,iBAAiB;IAC/B,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,MAAM,IAAI,GAAI,OAAO,CAAC,GAAG,CAAC,uBAAwC,IAAI,QAAQ,CAAC;IAC/E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACrD,MAAM,YAAY,GAAG,QAAQ;QAC3B,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAEpB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACzD,MAAM,gBAAgB,GAAG,UAAU;QACjC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,IAAI,MAAM,EAAE,MAAM,CAAC;QACtD,CAAC,CAAC,MAAM,CAAC;IAEX,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,OAAO,CAAC;IAErE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;IACtD,MAAM,kBAAkB,GAAG,QAAQ;QACjC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1C,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAC;IACrF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAgC;IAChE,OAAO,GAAG,EAAE,GAAG,iBAAiB,EAAE,EAAE,GAAG,OAAO,EAAE,CAAC;AACnD,CAAC;AAED,sCAAsC;AACtC,MAAM,UAAU,8BAA8B;IAC5C,OAAO,GAAG,IAAI,CAAC;AACjB,CAAC"}

package/dist/security/credentialRedactor.d.ts

@@ -0,0 +1,22 @@
+/**
+ * credentialRedactor.ts — Redacts secrets from tool outputs.
+ *
+ * Applied at the response serialization layer in index.ts so every tool
+ * output is automatically sanitized without individual tool changes.
+ */
+export interface RedactOpts {
+    /** Skip specific patterns (by label) */
+    skipPatterns?: string[];
+}
+/**
+ * Redact secrets from a string output.
+ *
+ * @returns The sanitized string with secrets replaced by [REDACTED:label]
+ */
+export declare function redactSecrets(output: string, opts?: RedactOpts): string;
+/**
+ * Redact secrets from a structured object (recursively processes string values).
+ */
+export declare function redactObject(obj: unknown): unknown;
+/** Test helper — reset env secrets cache */
+export declare function _resetEnvSecretsForTesting(): void;

package/dist/security/credentialRedactor.js

@@ -0,0 +1,118 @@
+/**
+ * credentialRedactor.ts — Redacts secrets from tool outputs.
+ *
+ * Applied at the response serialization layer in index.ts so every tool
+ * output is automatically sanitized without individual tool changes.
+ */
+const SECRET_PATTERNS = [
+    // OpenAI
+    { re: /sk-[a-zA-Z0-9]{20,}/g, label: "OPENAI_KEY" },
+    { re: /sk-proj-[a-zA-Z0-9_-]{40,}/g, label: "OPENAI_PROJECT_KEY" },
+    // Anthropic
+    { re: /sk-ant-[a-zA-Z0-9_-]{20,}/g, label: "ANTHROPIC_KEY" },
+    // GitHub
+    { re: /ghp_[a-zA-Z0-9]{36}/g, label: "GITHUB_PAT" },
+    { re: /gho_[a-zA-Z0-9]{36}/g, label: "GITHUB_OAUTH" },
+    { re: /github_pat_[a-zA-Z0-9_]{20,}/g, label: "GITHUB_FINE_PAT" },
+    // npm
+    { re: /npm_[a-zA-Z0-9]{36}/g, label: "NPM_TOKEN" },
+    // Google
+    { re: /AIza[a-zA-Z0-9_-]{35}/g, label: "GOOGLE_API_KEY" },
+    // AWS
+    { re: /AKIA[A-Z0-9]{16}/g, label: "AWS_ACCESS_KEY" },
+    { re: /(?:aws_secret_access_key\s*=\s*)[a-zA-Z0-9/+=]{40}/gi, label: "AWS_SECRET_KEY" },
+    // Slack
+    { re: /xoxb-[a-zA-Z0-9-]+/g, label: "SLACK_BOT_TOKEN" },
+    { re: /xoxp-[a-zA-Z0-9-]+/g, label: "SLACK_USER_TOKEN" },
+    // Private keys
+    { re: /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g, label: "PRIVATE_KEY" },
+    // Generic secrets in key=value format
+    {
+        re: /(?:password|passwd|pwd|secret|token|api[_-]?key|auth[_-]?token)\s*[:=]\s*['"][^'"]{8,}['"]/gi,
+        label: "CREDENTIAL",
+    },
+    // Bearer tokens
+    { re: /Bearer\s+[a-zA-Z0-9._-]{20,}/g, label: "BEARER_TOKEN" },
+    // Figma
+    { re: /figd_[a-zA-Z0-9_-]{20,}/g, label: "FIGMA_TOKEN" },
+    // Stripe
+    { re: /sk_(?:live|test)_[a-zA-Z0-9]{24,}/g, label: "STRIPE_KEY" },
+    // Twilio
+    { re: /SK[a-f0-9]{32}/g, label: "TWILIO_KEY" },
+];
+// Dynamic env-var based redaction: build a set of known secret values from process.env
+const SECRET_ENV_KEYS = [
+    "KEY",
+    "SECRET",
+    "TOKEN",
+    "PASSWORD",
+    "PASS",
+    "CREDENTIAL",
+    "AUTH",
+    "API_KEY",
+];
+let _envSecrets = null;
+function getEnvSecrets() {
+    if (_envSecrets)
+        return _envSecrets;
+    _envSecrets = new Set();
+    for (const [key, value] of Object.entries(process.env)) {
+        if (!value || value.length < 8)
+            continue;
+        const upperKey = key.toUpperCase();
+        if (SECRET_ENV_KEYS.some((s) => upperKey.includes(s))) {
+            _envSecrets.add(value);
+        }
+    }
+    return _envSecrets;
+}
+/**
+ * Redact secrets from a string output.
+ *
+ * @returns The sanitized string with secrets replaced by [REDACTED:label]
+ */
+export function redactSecrets(output, opts) {
+    if (!output || typeof output !== "string")
+        return output;
+    const skip = new Set(opts?.skipPatterns ?? []);
+    let result = output;
+    // Pattern-based redaction
+    for (const { re, label } of SECRET_PATTERNS) {
+        if (skip.has(label))
+            continue;
+        // Reset regex lastIndex (they're global)
+        re.lastIndex = 0;
+        result = result.replace(re, `[REDACTED:${label}]`);
+    }
+    // Dynamic env-var redaction
+    const envSecrets = getEnvSecrets();
+    for (const secret of envSecrets) {
+        if (result.includes(secret)) {
+            // Use a safe replacement that doesn't leak length info
+            result = result.replaceAll(secret, "[REDACTED:ENV_VALUE]");
+        }
+    }
+    return result;
+}
+/**
+ * Redact secrets from a structured object (recursively processes string values).
+ */
+export function redactObject(obj) {
+    if (typeof obj === "string")
+        return redactSecrets(obj);
+    if (Array.isArray(obj))
+        return obj.map(redactObject);
+    if (obj && typeof obj === "object") {
+        const result = {};
+        for (const [key, value] of Object.entries(obj)) {
+            result[key] = redactObject(value);
+        }
+        return result;
+    }
+    return obj;
+}
+/** Test helper — reset env secrets cache */
+export function _resetEnvSecretsForTesting() {
+    _envSecrets = null;
+}
+//# sourceMappingURL=credentialRedactor.js.map

package/dist/security/credentialRedactor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentialRedactor.js","sourceRoot":"","sources":["../../src/security/credentialRedactor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAYH,MAAM,eAAe,GAAoB;IACvC,SAAS;IACT,EAAE,EAAE,EAAE,sBAAsB,EAAE,KAAK,EAAE,YAAY,EAAE;IACnD,EAAE,EAAE,EAAE,6BAA6B,EAAE,KAAK,EAAE,oBAAoB,EAAE;IAClE,YAAY;IACZ,EAAE,EAAE,EAAE,4BAA4B,EAAE,KAAK,EAAE,eAAe,EAAE;IAC5D,SAAS;IACT,EAAE,EAAE,EAAE,sBAAsB,EAAE,KAAK,EAAE,YAAY,EAAE;IACnD,EAAE,EAAE,EAAE,sBAAsB,EAAE,KAAK,EAAE,cAAc,EAAE;IACrD,EAAE,EAAE,EAAE,+BAA+B,EAAE,KAAK,EAAE,iBAAiB,EAAE;IACjE,MAAM;IACN,EAAE,EAAE,EAAE,sBAAsB,EAAE,KAAK,EAAE,WAAW,EAAE;IAClD,SAAS;IACT,EAAE,EAAE,EAAE,wBAAwB,EAAE,KAAK,EAAE,gBAAgB,EAAE;IACzD,MAAM;IACN,EAAE,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE,gBAAgB,EAAE;IACpD,EAAE,EAAE,EAAE,sDAAsD,EAAE,KAAK,EAAE,gBAAgB,EAAE;IACvF,QAAQ;IACR,EAAE,EAAE,EAAE,qBAAqB,EAAE,KAAK,EAAE,iBAAiB,EAAE;IACvD,EAAE,EAAE,EAAE,qBAAqB,EAAE,KAAK,EAAE,kBAAkB,EAAE;IACxD,eAAe;IACf,EAAE,EAAE,EAAE,yDAAyD,EAAE,KAAK,EAAE,aAAa,EAAE;IACvF,sCAAsC;IACtC;QACE,EAAE,EAAE,8FAA8F;QAClG,KAAK,EAAE,YAAY;KACpB;IACD,gBAAgB;IAChB,EAAE,EAAE,EAAE,+BAA+B,EAAE,KAAK,EAAE,cAAc,EAAE;IAC9D,QAAQ;IACR,EAAE,EAAE,EAAE,0BAA0B,EAAE,KAAK,EAAE,aAAa,EAAE;IACxD,SAAS;IACT,EAAE,EAAE,EAAE,oCAAoC,EAAE,KAAK,EAAE,YAAY,EAAE;IACjE,SAAS;IACT,EAAE,EAAE,EAAE,iBAAiB,EAAE,KAAK,EAAE,YAAY,EAAE;CAC/C,CAAC;AAEF,uFAAuF;AACvF,MAAM,eAAe,GAAG;IACtB,KAAK;IACL,QAAQ;IACR,OAAO;IACP,UAAU;IACV,MAAM;IACN,YAAY;IACZ,MAAM;IACN,SAAS;CACV,CAAC;AAEF,IAAI,WAAW,GAAuB,IAAI,CAAC;AAE3C,SAAS,aAAa;IACpB,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IAEpC,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QACzC,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,MAAc,EAAE,IAAiB;IAC7D,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC;IAEzD,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,YAAY,IAAI,EAAE,CAAC,CAAC;IAC/C,IAAI,MAAM,GAAG,MAAM,CAAC;IAEpB,0BAA0B;IAC1B,KAAK,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,eAAe,EAAE,CAAC;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,SAAS;QAC9B,yCAAyC;QACzC,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;QACjB,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,aAAa,KAAK,GAAG,CAAC,CAAC;IACrD,CAAC;IAED,4BAA4B;IAC5B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;QAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,uDAAuD;YACvD,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;IACvD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAA8B,CAAC,EAAE,CAAC;YAC1E,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,0BAA0B;IACxC,WAAW,GAAG,IAAI,CAAC;AACrB,CAAC"}

package/dist/security/index.d.ts

@@ -0,0 +1,20 @@
+/**
+ * security/ — NodeBench MCP Security Module
+ *
+ * Single import for all security primitives:
+ *   import { safePath, safeExec, safeUrl, redactSecrets, auditLog } from '../security/index.js';
+ *
+ * Addresses Reddit concern: "how many out of these 260 tools steal passwords?"
+ * Answer: Zero, with this module enforcing boundaries at 4 layers:
+ *   1. Path sandboxing — blocks reads outside project + sensitive files
+ *   2. Command sandboxing — allow-list replaces bypassable deny-list
+ *   3. URL validation — SSRF protection blocks private IPs/metadata endpoints
+ *   4. Credential redaction — strips secrets from all tool outputs
+ */
+export { SecurityError, type SecurityErrorCode } from "./SecurityError.js";
+export { type SecurityConfig, type SecurityMode, getSecurityConfig, setSecurityConfig, _resetSecurityConfigForTesting, } from "./config.js";
+export { safePath, type SafePathOpts } from "./pathSandbox.js";
+export { safeExec, type SafeExecOpts, type ExecResult, _ALLOWED_PREFIXES } from "./commandSandbox.js";
+export { safeUrl, safeUrlWithDnsCheck, type UrlValidationOpts } from "./urlValidator.js";
+export { redactSecrets, redactObject, _resetEnvSecretsForTesting } from "./credentialRedactor.js";
+export { auditLog, getAuditLog, flushAuditLog, type AuditEntry, _resetAuditForTesting, } from "./auditLog.js";

package/dist/security/index.js

@@ -0,0 +1,21 @@
+/**
+ * security/ — NodeBench MCP Security Module
+ *
+ * Single import for all security primitives:
+ *   import { safePath, safeExec, safeUrl, redactSecrets, auditLog } from '../security/index.js';
+ *
+ * Addresses Reddit concern: "how many out of these 260 tools steal passwords?"
+ * Answer: Zero, with this module enforcing boundaries at 4 layers:
+ *   1. Path sandboxing — blocks reads outside project + sensitive files
+ *   2. Command sandboxing — allow-list replaces bypassable deny-list
+ *   3. URL validation — SSRF protection blocks private IPs/metadata endpoints
+ *   4. Credential redaction — strips secrets from all tool outputs
+ */
+export { SecurityError } from "./SecurityError.js";
+export { getSecurityConfig, setSecurityConfig, _resetSecurityConfigForTesting, } from "./config.js";
+export { safePath } from "./pathSandbox.js";
+export { safeExec, _ALLOWED_PREFIXES } from "./commandSandbox.js";
+export { safeUrl, safeUrlWithDnsCheck } from "./urlValidator.js";
+export { redactSecrets, redactObject, _resetEnvSecretsForTesting } from "./credentialRedactor.js";
+export { auditLog, getAuditLog, flushAuditLog, _resetAuditForTesting, } from "./auditLog.js";
+//# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,aAAa,EAA0B,MAAM,oBAAoB,CAAC;AAC3E,OAAO,EAGL,iBAAiB,EACjB,iBAAiB,EACjB,8BAA8B,GAC/B,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,QAAQ,EAAqB,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAsC,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACtG,OAAO,EAAE,OAAO,EAAE,mBAAmB,EAA0B,MAAM,mBAAmB,CAAC;AACzF,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAClG,OAAO,EACL,QAAQ,EACR,WAAW,EACX,aAAa,EAEb,qBAAqB,GACtB,MAAM,eAAe,CAAC"}

package/dist/security/pathSandbox.d.ts

@@ -0,0 +1,23 @@
+/**
+ * pathSandbox.ts — Filesystem boundary enforcement.
+ *
+ * Every tool that reads/writes files should call safePath() before fs access.
+ * Blocks path traversal, symlink escape, and access to sensitive directories.
+ */
+export interface SafePathOpts {
+    /** Override default allowed roots from config */
+    allowedRoots?: string[];
+    /** Allow access to home directory (still blocks sensitive subdirs) */
+    allowHome?: boolean;
+    /** Allow access to temp directory */
+    allowTemp?: boolean;
+    /** Skip boundary check entirely (use for known-safe internal paths) */
+    skipBoundaryCheck?: boolean;
+}
+/**
+ * Validate and resolve a file path against security boundaries.
+ *
+ * @throws SecurityError if the path violates boundaries
+ * @returns The resolved, validated absolute path
+ */
+export declare function safePath(inputPath: string, opts?: SafePathOpts): string;

package/dist/security/pathSandbox.js

@@ -0,0 +1,160 @@
+/**
+ * pathSandbox.ts — Filesystem boundary enforcement.
+ *
+ * Every tool that reads/writes files should call safePath() before fs access.
+ * Blocks path traversal, symlink escape, and access to sensitive directories.
+ */
+import * as fs from "node:fs";
+import * as os from "node:os";
+import * as path from "node:path";
+import { SecurityError } from "./SecurityError.js";
+import { getSecurityConfig } from "./config.js";
+// Sensitive paths that are ALWAYS blocked, even if within allowed roots
+const SENSITIVE_DIRS = [
+    ".ssh",
+    ".gnupg",
+    ".gpg",
+    ".aws",
+    ".azure",
+    ".config/gcloud",
+    ".kube",
+    ".docker",
+    ".ethereum",
+    ".solana",
+    ".phantom",
+    ".bitcoin",
+    ".metamask",
+    ".config/gh",
+    ".git-credentials",
+];
+const SENSITIVE_FILE_PATTERNS = [
+    /\.env(\.\w+)?$/i,
+    /\.pem$/i,
+    /\.key$/i,
+    /\.p12$/i,
+    /\.pfx$/i,
+    /\.jks$/i,
+    /id_rsa$/i,
+    /id_ed25519$/i,
+    /id_ecdsa$/i,
+    /\.npmrc$/i,
+    /\.netrc$/i,
+    /credentials\.json$/i,
+    /service[_-]?account.*\.json$/i,
+    /wallet.*\.json$/i,
+    /keystore.*\.json$/i,
+    /seed(phrase)?.*\.(txt|json|md)$/i,
+    /mnemonic.*\.(txt|json|md)$/i,
+    /private[_-]?key/i,
+];
+function expandTilde(p) {
+    if (!p)
+        return p;
+    if (p === "~")
+        return os.homedir();
+    if (p.startsWith("~/") || p.startsWith("~\\"))
+        return path.join(os.homedir(), p.slice(2));
+    return p;
+}
+function isSensitivePath(resolved) {
+    const home = os.homedir();
+    const relative = path.relative(home, resolved);
+    // Check sensitive directories
+    for (const dir of SENSITIVE_DIRS) {
+        const sensitiveFull = path.join(home, dir);
+        if (resolved === sensitiveFull ||
+            resolved.startsWith(sensitiveFull + path.sep)) {
+            return true;
+        }
+    }
+    // Check sensitive file patterns
+    const basename = path.basename(resolved);
+    for (const pattern of SENSITIVE_FILE_PATTERNS) {
+        if (pattern.test(basename))
+            return true;
+    }
+    // Block /etc/shadow, /etc/passwd on Unix
+    if (process.platform !== "win32") {
+        if (resolved === "/etc/shadow" || resolved === "/etc/passwd")
+            return true;
+    }
+    return false;
+}
+function isWithinRoots(resolved, roots) {
+    for (const root of roots) {
+        const normalizedRoot = path.resolve(root);
+        if (resolved === normalizedRoot ||
+            resolved.startsWith(normalizedRoot + path.sep)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Validate and resolve a file path against security boundaries.
+ *
+ * @throws SecurityError if the path violates boundaries
+ * @returns The resolved, validated absolute path
+ */
+export function safePath(inputPath, opts) {
+    const config = getSecurityConfig();
+    // In permissive mode, just resolve and return
+    if (config.mode === "permissive") {
+        const expanded = expandTilde(String(inputPath ?? "").trim());
+        if (!expanded)
+            throw new Error("path is required");
+        return path.isAbsolute(expanded)
+            ? expanded
+            : path.resolve(process.cwd(), expanded);
+    }
+    const raw = String(inputPath ?? "").trim();
+    if (!raw)
+        throw new Error("path is required");
+    const expanded = expandTilde(raw);
+    const resolved = path.isAbsolute(expanded)
+        ? path.resolve(expanded)
+        : path.resolve(process.cwd(), expanded);
+    // Always check sensitive paths (even in audit_only mode this is a hard block)
+    if (isSensitivePath(resolved)) {
+        throw new SecurityError("PATH_SENSITIVE", `Access denied: ${path.basename(resolved)} is a sensitive file/directory`);
+    }
+    // Skip boundary check if explicitly requested (for internal paths)
+    if (opts?.skipBoundaryCheck)
+        return resolved;
+    // Build allowed roots
+    const roots = [...(opts?.allowedRoots ?? config.allowedRoots)];
+    if (opts?.allowHome)
+        roots.push(os.homedir());
+    if (opts?.allowTemp)
+        roots.push(os.tmpdir());
+    // Boundary check
+    if (!isWithinRoots(resolved, roots)) {
+        if (config.mode === "audit_only") {
+            // Log but don't block
+            return resolved;
+        }
+        throw new SecurityError("PATH_TRAVERSAL", `Path "${raw}" resolves outside allowed boundaries`);
+    }
+    // Symlink check — resolve the real path and re-verify
+    try {
+        if (fs.existsSync(resolved)) {
+            const stat = fs.lstatSync(resolved);
+            if (stat.isSymbolicLink()) {
+                const realPath = fs.realpathSync(resolved);
+                if (isSensitivePath(realPath)) {
+                    throw new SecurityError("PATH_SYMLINK", `Symlink "${raw}" resolves to sensitive path`);
+                }
+                if (!isWithinRoots(realPath, roots) && config.mode !== "audit_only") {
+                    throw new SecurityError("PATH_SYMLINK", `Symlink "${raw}" resolves outside allowed boundaries`);
+                }
+            }
+        }
+    }
+    catch (e) {
+        if (e instanceof SecurityError)
+            throw e;
+        // File doesn't exist yet (write case) — boundary check above is sufficient
+    }
+    return resolved;
+}
+//# sourceMappingURL=pathSandbox.js.map

package/dist/security/pathSandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pathSandbox.js","sourceRoot":"","sources":["../../src/security/pathSandbox.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAahD,wEAAwE;AACxE,MAAM,cAAc,GAAG;IACrB,MAAM;IACN,QAAQ;IACR,MAAM;IACN,MAAM;IACN,QAAQ;IACR,gBAAgB;IAChB,OAAO;IACP,SAAS;IACT,WAAW;IACX,SAAS;IACT,UAAU;IACV,UAAU;IACV,WAAW;IACX,YAAY;IACZ,kBAAkB;CACnB,CAAC;AAEF,MAAM,uBAAuB,GAAG;IAC9B,iBAAiB;IACjB,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU;IACV,cAAc;IACd,YAAY;IACZ,WAAW;IACX,WAAW;IACX,qBAAqB;IACrB,+BAA+B;IAC/B,kBAAkB;IAClB,oBAAoB;IACpB,kCAAkC;IAClC,6BAA6B;IAC7B,kBAAkB;CACnB,CAAC;AAEF,SAAS,WAAW,CAAC,CAAS;IAC5B,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC;IACjB,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,EAAE,CAAC,OAAO,EAAE,CAAC;IACnC,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC;QAC3C,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7C,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAE/C,8BAA8B;IAC9B,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC3C,IACE,QAAQ,KAAK,aAAa;YAC1B,QAAQ,CAAC,UAAU,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,EAC7C,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzC,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;QAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;IAC1C,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,IAAI,QAAQ,KAAK,aAAa,IAAI,QAAQ,KAAK,aAAa;YAAE,OAAO,IAAI,CAAC;IAC5E,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB,EAAE,KAAe;IACtD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC1C,IACE,QAAQ,KAAK,cAAc;YAC3B,QAAQ,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,EAC9C,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,QAAQ,CAAC,SAAiB,EAAE,IAAmB;IAC7D,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAC9B,CAAC,CAAC,QAAQ;YACV,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAE9C,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QACxC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QACxB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;IAE1C,8EAA8E;IAC9E,IAAI,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,aAAa,CACrB,gBAAgB,EAChB,kBAAkB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,gCAAgC,CAC1E,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,IAAI,IAAI,EAAE,iBAAiB;QAAE,OAAO,QAAQ,CAAC;IAE7C,sBAAsB;IACtB,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;IAC/D,IAAI,IAAI,EAAE,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9C,IAAI,IAAI,EAAE,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;IAE7C,iBAAiB;IACjB,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;QACpC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACjC,sBAAsB;YACtB,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,MAAM,IAAI,aAAa,CACrB,gBAAgB,EAChB,SAAS,GAAG,uCAAuC,CACpD,CAAC;IACJ,CAAC;IAED,sDAAsD;IACtD,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACpC,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC1B,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;gBAC3C,IAAI,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9B,MAAM,IAAI,aAAa,CACrB,cAAc,EACd,YAAY,GAAG,8BAA8B,CAC9C,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACpE,MAAM,IAAI,aAAa,CACrB,cAAc,EACd,YAAY,GAAG,uCAAuC,CACvD,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,aAAa;YAAE,MAAM,CAAC,CAAC;QACxC,2EAA2E;IAC7E,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/security/urlValidator.d.ts

@@ -0,0 +1,23 @@
+/**
+ * urlValidator.ts — SSRF protection for HTTP tools.
+ *
+ * Blocks private IPs, internal hostnames, and dangerous schemes.
+ */
+export interface UrlValidationOpts {
+    /** Allow requests to private/internal IPs (for known internal services) */
+    allowPrivate?: boolean;
+    /** Additional blocked hostnames */
+    blockedHostnames?: string[];
+}
+/**
+ * Validate a URL for SSRF safety.
+ *
+ * @throws SecurityError if URL targets private infrastructure
+ * @returns The validated URL string
+ */
+export declare function safeUrl(url: string, opts?: UrlValidationOpts): string;
+/**
+ * Async version that also checks DNS resolution for rebinding attacks.
+ * Use this for user-facing tools where the hostname isn't known-safe.
+ */
+export declare function safeUrlWithDnsCheck(url: string, opts?: UrlValidationOpts): Promise<string>;