onion-ai 1.0.2 → 1.0.3

package/dist/middleware.d.ts

@@ -10,8 +10,14 @@ type MiddlewareNext = () => Promise<void> | void;
  * @example
  * app.use(onionRing(new OnionAI(), { promptField: 'body.query' }));
  */
+interface MinimalRequest extends Record<string, any> {
+    body?: any;
+    query?: any;
+    params?: any;
+    onionThreats?: string[];
+}
 export declare function onionRing(onion: OnionAI, options?: {
     promptField?: string;
     outputField?: string;
-}): (req: any, res: any, next: MiddlewareNext) => Promise<void>;
+}): <T extends MinimalRequest>(req: T, res: unknown, next: MiddlewareNext) => Promise<void>;
 export {};

package/dist/middleware.js

@@ -1,18 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.onionRing = onionRing;
-/**
- * Creates an Express/Connect style middleware for OnionAI.
- *
- * @param onion - The OnionAI instance
- * @param options - Configuration for mapping request body fields
- * @returns Middleware function
- *
- * @example
- * app.use(onionRing(new OnionAI(), { promptField: 'body.query' }));
- */
 function onionRing(onion, options = {}) {
     const promptPath = options.promptField || 'body.prompt';
+    // Using generic T for Request to allow users to pass their own types if needed, defaulting to MinimalRequest
     return async (req, res, next) => {
         try {
             // 1. Resolve prompt from request
@@ -24,7 +15,7 @@ function onionRing(onion, options = {}) {
                 });
                 // 2. Replace the prompt in the request body with the sanitized version
                 setNestedValue(req, promptPath, safePrompt);
-                if (!safePrompt && req.onionThreats?.length > 0) {
+                if (!safePrompt && req.onionThreats && req.onionThreats.length > 0) {
                     // Option: Block request entirely if heavily compromised? 
                     // For now, we pass the empty/sanitized string. 
                     // Users can check req.onionThreats to decide to 400.
@@ -40,12 +31,12 @@ function onionRing(onion, options = {}) {
 }
 // Helpers
 function getNestedValue(obj, path) {
-    return path.split('.').reduce((acc, part) => acc && acc[part], obj);
+    return path.split('.').reduce((acc, part) => (acc && typeof acc === 'object' ? acc[part] : undefined), obj);
 }
 function setNestedValue(obj, path, value) {
     const parts = path.split('.');
     const last = parts.pop();
-    const target = parts.reduce((acc, part) => acc && acc[part], obj);
+    const target = parts.reduce((acc, part) => (acc && typeof acc === 'object' ? acc[part] : undefined), obj);
     if (target && last) {
         target[last] = value;
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "onion-ai",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "Layered security for AI prompting - input sanitization, injection protection, and output validation.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -33,22 +33,15 @@
   "author": "Himanshu Mamgain",
   "license": "MIT",
   "dependencies": {
-    "dompurify": "^3.0.6",
-    "jsdom": "^22.1.0",
     "validator": "^13.11.0",
     "xss": "^1.0.14",
-    "xss-filters": "^1.2.7",
     "zod": "^3.22.4"
   },
   "devDependencies": {
-    "@ai-sdk/provider": "^3.0.1",
-    "@types/dompurify": "^3.0.5",
     "@types/jest": "^30.0.0",
-    "@types/jsdom": "^21.1.6",
     "@types/node": "^20.10.5",
     "@types/validator": "^13.11.7",
     "jest": "^30.2.0",
-    "openai": "^6.15.0",
     "ts-jest": "^29.4.6",
     "ts-node": "^10.9.2",
     "typescript": "^5.3.3"