polpo-ai 0.6.18 → 0.6.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/server/security.d.ts +1 -0
  2. package/dist/server/security.d.ts.map +1 -1
  3. package/dist/server/security.js +63 -11
  4. package/dist/server/security.js.map +1 -1
  5. package/package.json +6 -6
package/dist/server/security.d.ts CHANGED
@@ -26,6 +26,7 @@ export declare function redactPolpoState(state: PolpoState): PolpoState;
26
26
  export declare function redactPolpoConfig<T extends PolpoConfig | PolpoFileConfig>(config: T): T;
27
27
  /**
28
28
  * Sanitize a transcript entry by masking sensitive parameter values in tool_use inputs.
29
+ * Recursively descends into nested objects and arrays to catch secrets at any depth.
29
30
  * Only touches entries with `type === "tool_use"` that have an `input` object.
30
31
  * Returns the entry unchanged for all other types (assistant, tool_result, etc.).
31
32
  */
package/dist/server/security.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/server/security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAIpG,kEAAkE;AAClE,eAAO,MAAM,kBAAkB,QAAoD,CAAC;AAIpF;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,WAAW,GAAG,WAAW,CAEjE;AAID,gEAAgE;AAChE,wBAAgB,UAAU,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,CAE3C;AAID,iEAAiE;AACjE,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,CAE9D;AAID,wGAAwG;AACxG,wBAAgB,iBAAiB,CAAC,CAAC,SAAS,WAAW,GAAG,eAAe,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAEvF;AAID;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAqB/F"}
1
+ {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/server/security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAIpG,kEAAkE;AAClE,eAAO,MAAM,kBAAkB,QAAoD,CAAC;AAIpF;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,WAAW,GAAG,WAAW,CAEjE;AAID,gEAAgE;AAChE,wBAAgB,UAAU,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,CAE3C;AAID,iEAAiE;AACjE,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,CAE9D;AAID,wGAAwG;AACxG,wBAAgB,iBAAiB,CAAC,CAAC,SAAS,WAAW,GAAG,eAAe,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAEvF;AA4ED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAW/F"}
package/dist/server/security.js CHANGED
@@ -37,8 +37,70 @@ export function redactPolpoConfig(config) {
37
37
  return config;
38
38
  }
39
39
  // ── Transcript Sanitization ──
40
+ /**
41
+ * Recursively sanitize an object, redacting any string values whose keys
42
+ * match the SENSITIVE_PARAM_RE pattern. Handles nested objects and arrays.
43
+ *
44
+ * @param obj - The object to sanitize.
45
+ * @param depth - Current recursion depth (capped to prevent DoS on cyclic data).
46
+ * @returns A tuple of [sanitized copy, whether any value was redacted].
47
+ */
48
+ const MAX_SANITIZE_DEPTH = 10;
49
+ function sanitizeObject(obj, depth = 0) {
50
+ if (depth > MAX_SANITIZE_DEPTH)
51
+ return [obj, false];
52
+ const result = {};
53
+ let changed = false;
54
+ for (const [key, value] of Object.entries(obj)) {
55
+ if (SENSITIVE_PARAM_RE.test(key) && typeof value === "string") {
56
+ result[key] = "[REDACTED]";
57
+ changed = true;
58
+ }
59
+ else if (value && typeof value === "object" && !Array.isArray(value)) {
60
+ const [sanitized, childChanged] = sanitizeObject(value, depth + 1);
61
+ result[key] = childChanged ? sanitized : value;
62
+ if (childChanged)
63
+ changed = true;
64
+ }
65
+ else if (Array.isArray(value)) {
66
+ const [sanitized, childChanged] = sanitizeArray(value, depth + 1);
67
+ result[key] = childChanged ? sanitized : value;
68
+ if (childChanged)
69
+ changed = true;
70
+ }
71
+ else {
72
+ result[key] = value;
73
+ }
74
+ }
75
+ return [result, changed];
76
+ }
77
+ /**
78
+ * Recursively sanitize an array, descending into nested objects/arrays.
79
+ */
80
+ function sanitizeArray(arr, depth) {
81
+ if (depth > MAX_SANITIZE_DEPTH)
82
+ return [arr, false];
83
+ let changed = false;
84
+ const result = arr.map((item) => {
85
+ if (item && typeof item === "object" && !Array.isArray(item)) {
86
+ const [sanitized, childChanged] = sanitizeObject(item, depth + 1);
87
+ if (childChanged)
88
+ changed = true;
89
+ return childChanged ? sanitized : item;
90
+ }
91
+ if (Array.isArray(item)) {
92
+ const [sanitized, childChanged] = sanitizeArray(item, depth + 1);
93
+ if (childChanged)
94
+ changed = true;
95
+ return childChanged ? sanitized : item;
96
+ }
97
+ return item;
98
+ });
99
+ return [result, changed];
100
+ }
40
101
  /**
41
102
  * Sanitize a transcript entry by masking sensitive parameter values in tool_use inputs.
103
+ * Recursively descends into nested objects and arrays to catch secrets at any depth.
42
104
  * Only touches entries with `type === "tool_use"` that have an `input` object.
43
105
  * Returns the entry unchanged for all other types (assistant, tool_result, etc.).
44
106
  */
@@ -48,17 +110,7 @@ export function sanitizeTranscriptEntry(entry) {
48
110
  const input = entry.input;
49
111
  if (!input || typeof input !== "object")
50
112
  return entry;
51
- const sanitized = {};
52
- let changed = false;
53
- for (const [key, value] of Object.entries(input)) {
54
- if (SENSITIVE_PARAM_RE.test(key) && typeof value === "string") {
55
- sanitized[key] = "[REDACTED]";
56
- changed = true;
57
- }
58
- else {
59
- sanitized[key] = value;
60
- }
61
- }
113
+ const [sanitized, changed] = sanitizeObject(input);
62
114
  if (!changed)
63
115
  return entry;
64
116
  return { ...entry, input: sanitized };
package/dist/server/security.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/server/security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,kBAAkB;AAElB,kEAAkE;AAClE,MAAM,CAAC,MAAM,kBAAkB,GAAG,iDAAiD,CAAC;AAEpF,+BAA+B;AAE/B;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAkB;IAClD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,uBAAuB;AAEvB,gEAAgE;AAChE,MAAM,UAAU,UAAU,CAAC,IAAU;IACnC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,wBAAwB;AAExB,iEAAiE;AACjE,MAAM,UAAU,gBAAgB,CAAC,KAAiB;IAChD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,yBAAyB;AAEzB,wGAAwG;AACxG,MAAM,UAAU,iBAAiB,CAA0C,MAAS;IAClF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gCAAgC;AAEhC;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAA8B;IACpE,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,KAAK,CAAC;IAE5C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC1B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAEtD,MAAM,SAAS,GAA4B,EAAE,CAAC;IAC9C,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;QAC5E,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9D,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAC9B,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IAED,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,OAAO,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;AACxC,CAAC"}
1
+ {"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/server/security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,kBAAkB;AAElB,kEAAkE;AAClE,MAAM,CAAC,MAAM,kBAAkB,GAAG,iDAAiD,CAAC;AAEpF,+BAA+B;AAE/B;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAkB;IAClD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,uBAAuB;AAEvB,gEAAgE;AAChE,MAAM,UAAU,UAAU,CAAC,IAAU;IACnC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,wBAAwB;AAExB,iEAAiE;AACjE,MAAM,UAAU,gBAAgB,CAAC,KAAiB;IAChD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,yBAAyB;AAEzB,wGAAwG;AACxG,MAAM,UAAU,iBAAiB,CAA0C,MAAS;IAClF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gCAAgC;AAEhC;;;;;;;GAOG;AACH,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAE9B,SAAS,cAAc,CACrB,GAA4B,EAC5B,QAAgB,CAAC;IAEjB,IAAI,KAAK,GAAG,kBAAkB;QAAE,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEpD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9D,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAC3B,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;aAAM,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACvE,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,cAAc,CAC9C,KAAgC,EAChC,KAAK,GAAG,CAAC,CACV,CAAC;YACF,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC;YAC/C,IAAI,YAAY;gBAAE,OAAO,GAAG,IAAI,CAAC;QACnC,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,aAAa,CAAC,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAClE,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC;YAC/C,IAAI,YAAY;gBAAE,OAAO,GAAG,IAAI,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IAED,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,GAAc,EACd,KAAa;IAEb,IAAI,KAAK,GAAG,kBAAkB;QAAE,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEpD,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QAC9B,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7D,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,cAAc,CAC9C,IAA+B,EAC/B,KAAK,GAAG,CAAC,CACV,CAAC;YACF,IAAI,YAAY;gBAAE,OAAO,GAAG,IAAI,CAAC;YACjC,OAAO,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;QACzC,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,aAAa,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YACjE,IAAI,YAAY;gBAAE,OAAO,GAAG,IAAI,CAAC;YACjC,OAAO,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC3B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAA8B;IACpE,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,KAAK,CAAC;IAE5C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC1B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAEtD,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,cAAc,CAAC,KAAgC,CAAC,CAAC;IAE9E,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,OAAO,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;AACxC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "polpo-ai",
3
- "version": "0.6.18",
3
+ "version": "0.6.20",
4
4
  "description": "The open backend for AI agents",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -66,10 +66,10 @@
66
66
  "nanoid": "^5.1.2",
67
67
  "yaml": "^2.7.0",
68
68
  "zod": "^4.3.6",
69
- "@polpo-ai/core": "0.6.18",
70
- "@polpo-ai/llm": "0.6.18",
71
- "@polpo-ai/server": "0.6.18",
72
- "@polpo-ai/vault-crypto": "0.6.18"
69
+ "@polpo-ai/server": "0.6.20",
70
+ "@polpo-ai/core": "0.6.20",
71
+ "@polpo-ai/llm": "0.6.20",
72
+ "@polpo-ai/vault-crypto": "0.6.20"
73
73
  },
74
74
  "optionalDependencies": {
75
75
  "better-sqlite3": "^12.6.2",
@@ -77,7 +77,7 @@
77
77
  "nodemailer": "^8.0.1",
78
78
  "playwright-core": "^1.52.0",
79
79
  "postgres": "^3.4.0",
80
- "@polpo-ai/drizzle": "0.6.18"
80
+ "@polpo-ai/drizzle": "0.6.20"
81
81
  },
82
82
  "devDependencies": {
83
83
  "@types/better-sqlite3": "^7.6.13",