pindex 1.5.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (84) hide show
  1. package/README.md +25 -11
  2. package/dist/cli/daemon.d.ts +1 -1
  3. package/dist/cli/daemon.d.ts.map +1 -1
  4. package/dist/cli/daemon.js +25 -6
  5. package/dist/cli/daemon.js.map +1 -1
  6. package/dist/cli/federate.d.ts.map +1 -1
  7. package/dist/cli/federate.js +5 -12
  8. package/dist/cli/federate.js.map +1 -1
  9. package/dist/cli/index.js +6 -2
  10. package/dist/cli/index.js.map +1 -1
  11. package/dist/cli/init.d.ts.map +1 -1
  12. package/dist/cli/init.js +2 -1
  13. package/dist/cli/init.js.map +1 -1
  14. package/dist/cli/project-detector.d.ts +7 -0
  15. package/dist/cli/project-detector.d.ts.map +1 -1
  16. package/dist/cli/project-detector.js +28 -5
  17. package/dist/cli/project-detector.js.map +1 -1
  18. package/dist/cli/setup.d.ts.map +1 -1
  19. package/dist/cli/setup.js +3 -5
  20. package/dist/cli/setup.js.map +1 -1
  21. package/dist/db/queries.d.ts +14 -0
  22. package/dist/db/queries.d.ts.map +1 -1
  23. package/dist/db/queries.js +22 -3
  24. package/dist/db/queries.js.map +1 -1
  25. package/dist/federation/repo-set.js +3 -1
  26. package/dist/federation/repo-set.js.map +1 -1
  27. package/dist/federation/repos-env.d.ts +16 -0
  28. package/dist/federation/repos-env.d.ts.map +1 -0
  29. package/dist/federation/repos-env.js +27 -0
  30. package/dist/federation/repos-env.js.map +1 -0
  31. package/dist/gui/server.d.ts.map +1 -1
  32. package/dist/gui/server.js +63 -23
  33. package/dist/gui/server.js.map +1 -1
  34. package/dist/index.js +16 -31
  35. package/dist/index.js.map +1 -1
  36. package/dist/indexer/detect-languages.d.ts +10 -0
  37. package/dist/indexer/detect-languages.d.ts.map +1 -0
  38. package/dist/indexer/detect-languages.js +36 -0
  39. package/dist/indexer/detect-languages.js.map +1 -0
  40. package/dist/indexer/index.d.ts +2 -0
  41. package/dist/indexer/index.d.ts.map +1 -1
  42. package/dist/indexer/index.js +21 -9
  43. package/dist/indexer/index.js.map +1 -1
  44. package/dist/indexer/parser.d.ts.map +1 -1
  45. package/dist/indexer/parser.js +36 -5
  46. package/dist/indexer/parser.js.map +1 -1
  47. package/dist/indexer/summarizer.d.ts.map +1 -1
  48. package/dist/indexer/summarizer.js +3 -0
  49. package/dist/indexer/summarizer.js.map +1 -1
  50. package/dist/memory/retention.d.ts +16 -0
  51. package/dist/memory/retention.d.ts.map +1 -0
  52. package/dist/memory/retention.js +32 -0
  53. package/dist/memory/retention.js.map +1 -0
  54. package/dist/monitoring/server.d.ts.map +1 -1
  55. package/dist/monitoring/server.js +22 -1
  56. package/dist/monitoring/server.js.map +1 -1
  57. package/dist/monitoring/ui/dashboard.js +83 -31
  58. package/dist/monitoring/ui/esc.js +17 -0
  59. package/dist/monitoring/ui/index.html +17 -11
  60. package/dist/monitoring/ui/styles.css +24 -4
  61. package/dist/server-config.d.ts +18 -0
  62. package/dist/server-config.d.ts.map +1 -0
  63. package/dist/server-config.js +41 -0
  64. package/dist/server-config.js.map +1 -0
  65. package/dist/server.d.ts.map +1 -1
  66. package/dist/server.js +5 -1
  67. package/dist/server.js.map +1 -1
  68. package/dist/tools/get_dependencies.d.ts.map +1 -1
  69. package/dist/tools/get_dependencies.js +3 -0
  70. package/dist/tools/get_dependencies.js.map +1 -1
  71. package/dist/tools/get_doc_chunk.d.ts.map +1 -1
  72. package/dist/tools/get_doc_chunk.js +3 -0
  73. package/dist/tools/get_doc_chunk.js.map +1 -1
  74. package/dist/tools/get_file_summary.d.ts.map +1 -1
  75. package/dist/tools/get_file_summary.js +5 -0
  76. package/dist/tools/get_file_summary.js.map +1 -1
  77. package/dist/tools/schemas.d.ts.map +1 -1
  78. package/dist/tools/schemas.js +10 -2
  79. package/dist/tools/schemas.js.map +1 -1
  80. package/dist/util/net.d.ts +25 -0
  81. package/dist/util/net.d.ts.map +1 -0
  82. package/dist/util/net.js +50 -0
  83. package/dist/util/net.js.map +1 -0
  84. package/package.json +5 -5
@@ -1,6 +1,14 @@
1
1
  import { z } from 'zod';
2
2
  // ─── Zod Schemas for MCP Tool Input Validation ──────────────────────────────
3
3
  const reposField = z.array(z.string()).optional();
4
+ /** A project-relative path that may not be absolute or contain ".." traversal
5
+ * segments. Defense-in-depth on top of the runtime resolveWithinRoot guard. */
6
+ const safeRelPath = z
7
+ .string()
8
+ .min(1)
9
+ .refine((p) => !p.startsWith('/') &&
10
+ !/^[A-Za-z]:[\\/]/.test(p) &&
11
+ !p.split(/[\\/]/).includes('..'), { message: 'Path must be project-relative and contain no ".." segments' });
4
12
  export const SearchSymbolsSchema = z.object({
5
13
  query: z.string().min(1),
6
14
  limit: z.number().int().positive().optional(),
@@ -38,13 +46,13 @@ export const GetProjectOverviewSchema = z.object({
38
46
  repos: reposField,
39
47
  });
40
48
  export const ReindexSchema = z.object({
41
- target: z.string().optional(),
49
+ target: safeRelPath.optional(),
42
50
  });
43
51
  export const GetTokenStatsSchema = z.object({
44
52
  session_id: z.string().optional(),
45
53
  });
46
54
  export const StartComparisonSchema = z.object({
47
- label: z.string().min(1),
55
+ label: z.string().min(1).max(200),
48
56
  mode: z.enum(['indexed', 'baseline']),
49
57
  });
50
58
  export const SearchDocsSchema = z.object({
@@ -1 +1 @@
1
- {"version":3,"file":"schemas.js","sourceRoot":"","sources":["../../src/tools/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,+EAA+E;AAE/E,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;AAElD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC7C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC7C,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE;IAChE,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1C,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC9B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;CACtC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC7C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnD,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACtD,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH,+EAA+E;AAC/E,oEAAoE;AAEpE,MAAM,CAAC,MAAM,YAAY,GAAgC;IACvD,cAAc,EAAE,mBAAmB;IACnC,UAAU,EAAE,eAAe;IAC3B,WAAW,EAAE,gBAAgB;IAC7B,gBAAgB,EAAE,oBAAoB;IACtC,WAAW,EAAE,gBAAgB;IAC7B,gBAAgB,EAAE,qBAAqB;IACvC,oBAAoB,EAAE,wBAAwB;IAC9C,OAAO,EAAE,aAAa;IACtB,eAAe,EAAE,mBAAmB;IACpC,gBAAgB,EAAE,qBAAqB;IACvC,WAAW,EAAE,gBAAgB;IAC7B,aAAa,EAAE,iBAAiB;IAChC,YAAY,EAAE,iBAAiB;IAC/B,kBAAkB,EAAE,sBAAsB;CAC3C,CAAC"}
1
+ {"version":3,"file":"schemas.js","sourceRoot":"","sources":["../../src/tools/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,+EAA+E;AAE/E,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;AAElD;gFACgF;AAChF,MAAM,WAAW,GAAG,CAAC;KAClB,MAAM,EAAE;KACR,GAAG,CAAC,CAAC,CAAC;KACN,MAAM,CACL,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;IAClB,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAClC,EAAE,OAAO,EAAE,4DAA4D,EAAE,CAC1E,CAAC;AAEJ,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC7C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC7C,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE;IAChE,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1C,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,MAAM,EAAE,WAAW,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACjC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;CACtC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC7C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnD,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACtD,KAAK,EAAE,UAAU;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH,+EAA+E;AAC/E,oEAAoE;AAEpE,MAAM,CAAC,MAAM,YAAY,GAAgC;IACvD,cAAc,EAAE,mBAAmB;IACnC,UAAU,EAAE,eAAe;IAC3B,WAAW,EAAE,gBAAgB;IAC7B,gBAAgB,EAAE,oBAAoB;IACtC,WAAW,EAAE,gBAAgB;IAC7B,gBAAgB,EAAE,qBAAqB;IACvC,oBAAoB,EAAE,wBAAwB;IAC9C,OAAO,EAAE,aAAa;IACtB,eAAe,EAAE,mBAAmB;IACpC,gBAAgB,EAAE,qBAAqB;IACvC,WAAW,EAAE,gBAAgB;IAC7B,aAAa,EAAE,iBAAiB;IAChC,YAAY,EAAE,iBAAiB;IAC/B,kBAAkB,EAAE,sBAAsB;CAC3C,CAAC"}
@@ -0,0 +1,25 @@
1
+ /**
2
+ * Loopback / origin helpers shared by the monitoring and GUI dashboards.
3
+ *
4
+ * The dashboards expose project paths, symbol names and session data. They bind
5
+ * to 127.0.0.1 by default, but loopback binding alone does not stop a malicious
6
+ * web page in the developer's browser from reaching them (DNS rebinding for HTTP,
7
+ * Cross-Site WebSocket Hijacking for WS, CSRF for side-effecting routes). These
8
+ * helpers implement a loopback-only Host/Origin policy that closes those gaps
9
+ * while still allowing an explicit non-loopback opt-in via PINDEX_BIND_HOST.
10
+ */
11
+ /** True if the hostname (no port, brackets stripped) is the loopback interface. */
12
+ export declare function isLoopbackHostname(hostname: string): boolean;
13
+ /** Extracts the hostname from a Host/authority header, dropping any port.
14
+ * Handles bracketed IPv6 literals such as `[::1]:7843`. */
15
+ export declare function hostnameFromHeader(hostHeader: string | undefined): string;
16
+ /** True when the dashboards should enforce a loopback-only Host/Origin policy.
17
+ * Enforcement is on by default and only disabled when the operator explicitly
18
+ * binds to a non-loopback interface via PINDEX_BIND_HOST (accepting the risk). */
19
+ export declare function loopbackEnforced(): boolean;
20
+ /** True if a request with the given Host header is permitted under the policy. */
21
+ export declare function isAllowedHost(hostHeader: string | undefined): boolean;
22
+ /** True if an Origin is acceptable: a loopback origin, or no Origin at all
23
+ * (non-browser clients such as the CLI / curl never send one). */
24
+ export declare function isAllowedOrigin(origin: string | undefined): boolean;
25
+ //# sourceMappingURL=net.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"net.d.ts","sourceRoot":"","sources":["../../src/util/net.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,mFAAmF;AACnF,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAG5D;AAED;4DAC4D;AAC5D,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAKzE;AAED;;mFAEmF;AACnF,wBAAgB,gBAAgB,IAAI,OAAO,CAE1C;AAED,kFAAkF;AAClF,wBAAgB,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAGrE;AAED;mEACmE;AACnE,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAOnE"}
@@ -0,0 +1,50 @@
1
+ /**
2
+ * Loopback / origin helpers shared by the monitoring and GUI dashboards.
3
+ *
4
+ * The dashboards expose project paths, symbol names and session data. They bind
5
+ * to 127.0.0.1 by default, but loopback binding alone does not stop a malicious
6
+ * web page in the developer's browser from reaching them (DNS rebinding for HTTP,
7
+ * Cross-Site WebSocket Hijacking for WS, CSRF for side-effecting routes). These
8
+ * helpers implement a loopback-only Host/Origin policy that closes those gaps
9
+ * while still allowing an explicit non-loopback opt-in via PINDEX_BIND_HOST.
10
+ */
11
+ /** True if the hostname (no port, brackets stripped) is the loopback interface. */
12
+ export function isLoopbackHostname(hostname) {
13
+ const h = hostname.toLowerCase().replace(/^\[|\]$/g, '');
14
+ return h === 'localhost' || h === '127.0.0.1' || h === '::1';
15
+ }
16
+ /** Extracts the hostname from a Host/authority header, dropping any port.
17
+ * Handles bracketed IPv6 literals such as `[::1]:7843`. */
18
+ export function hostnameFromHeader(hostHeader) {
19
+ if (!hostHeader)
20
+ return '';
21
+ const bracketed = /^\[([^\]]+)\]/.exec(hostHeader);
22
+ if (bracketed)
23
+ return bracketed[1];
24
+ return hostHeader.replace(/:\d+$/, '');
25
+ }
26
+ /** True when the dashboards should enforce a loopback-only Host/Origin policy.
27
+ * Enforcement is on by default and only disabled when the operator explicitly
28
+ * binds to a non-loopback interface via PINDEX_BIND_HOST (accepting the risk). */
29
+ export function loopbackEnforced() {
30
+ return isLoopbackHostname(process.env.PINDEX_BIND_HOST ?? '127.0.0.1');
31
+ }
32
+ /** True if a request with the given Host header is permitted under the policy. */
33
+ export function isAllowedHost(hostHeader) {
34
+ if (!loopbackEnforced())
35
+ return true;
36
+ return isLoopbackHostname(hostnameFromHeader(hostHeader));
37
+ }
38
+ /** True if an Origin is acceptable: a loopback origin, or no Origin at all
39
+ * (non-browser clients such as the CLI / curl never send one). */
40
+ export function isAllowedOrigin(origin) {
41
+ if (!origin)
42
+ return true;
43
+ try {
44
+ return isLoopbackHostname(new URL(origin).hostname);
45
+ }
46
+ catch {
47
+ return false;
48
+ }
49
+ }
50
+ //# sourceMappingURL=net.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"net.js","sourceRoot":"","sources":["../../src/util/net.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,mFAAmF;AACnF,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,MAAM,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IACzD,OAAO,CAAC,KAAK,WAAW,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,KAAK,KAAK,CAAC;AAC/D,CAAC;AAED;4DAC4D;AAC5D,MAAM,UAAU,kBAAkB,CAAC,UAA8B;IAC/D,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,CAAC;IAC3B,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACnD,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACnC,OAAO,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AACzC,CAAC;AAED;;mFAEmF;AACnF,MAAM,UAAU,gBAAgB;IAC9B,OAAO,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,WAAW,CAAC,CAAC;AACzE,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,aAAa,CAAC,UAA8B;IAC1D,IAAI,CAAC,gBAAgB,EAAE;QAAE,OAAO,IAAI,CAAC;IACrC,OAAO,kBAAkB,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED;mEACmE;AACnE,MAAM,UAAU,eAAe,CAAC,MAA0B;IACxD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pindex",
3
- "version": "1.5.0",
3
+ "version": "1.7.0",
4
4
  "description": "MCP server providing structural codebase indexing for token-efficient AI coding assistants on medium-to-large projects",
5
5
  "type": "module",
6
6
  "bin": {
@@ -22,6 +22,7 @@
22
22
  "test:coverage": "vitest run --coverage",
23
23
  "test:integration": "npm run build && vitest run --config vitest.integration.config.ts",
24
24
  "bench:index": "npm run build && node scripts/bench-index.mjs",
25
+ "bench:realism": "node scripts/realism-benchmark.mjs",
25
26
  "lint": "tsc --noEmit",
26
27
  "prepublishOnly": "npm run build",
27
28
  "start": "node dist/index.js",
@@ -38,17 +39,17 @@
38
39
  "license": "MIT",
39
40
  "dependencies": {
40
41
  "@modelcontextprotocol/sdk": "^1.0.0",
41
- "better-sqlite3": "^11.5.0",
42
+ "better-sqlite3": "^12.10.0",
42
43
  "chokidar": "^3.6.0",
43
44
  "express": "^4.18.0",
44
45
  "glob": "^10.0.0",
45
46
  "open": "^9.1.0",
46
47
  "tree-sitter": "^0.21.0",
47
48
  "tree-sitter-typescript": "^0.21.0",
48
- "uuid": "^9.0.0",
49
+ "uuid": "^14.0.1",
49
50
  "vscode-jsonrpc": "^8.2.1",
50
51
  "vscode-languageserver-protocol": "^3.17.5",
51
- "ws": "^8.16.0",
52
+ "ws": "^8.21.0",
52
53
  "zod": "^4.3.6"
53
54
  },
54
55
  "optionalDependencies": {
@@ -59,7 +60,6 @@
59
60
  "@types/express": "^4.17.0",
60
61
  "@types/node": "^20.0.0",
61
62
  "@types/supertest": "^6.0.0",
62
- "@types/uuid": "^9.0.0",
63
63
  "@types/ws": "^8.5.0",
64
64
  "@vitest/coverage-v8": "^4.0.18",
65
65
  "supertest": "^6.0.0",