sommark 4.0.2 → 4.1.0

package/core/formats.js

@@ -1,14 +1,22 @@
 /**
  * A list of supported output formats for SomMark.
  */
+export const textFormat = "text";
+export const htmlFormat = "html";
+export const markdownFormat = "markdown";
+export const mdxFormat = "mdx";
+export const jsonFormat = "json";
+export const jsoncFormat = "jsonc";
+export const xmlFormat = "xml";
+
 const formats = {
-	textFormat: "text",
-	htmlFormat: "html",
-	markdownFormat: "markdown",
-	mdxFormat: "mdx",
-	jsonFormat: "json",
-	xmlFormat: "xml"
+	textFormat,
+	htmlFormat,
+	markdownFormat,
+	mdxFormat,
+	jsonFormat,
+	jsoncFormat,
+	xmlFormat
 };
 
-export const { textFormat, htmlFormat, markdownFormat, mdxFormat, jsonFormat, xmlFormat } = formats;
 export default formats;

package/core/helpers/config-loader.js

@@ -31,37 +31,42 @@ async function loadConfigFile(configPath) {
  * @returns {Promise<Object>} - The final configuration merged with defaults.
  */
 export async function findAndLoadConfig(targetPath) {
-	let startDir = process.cwd();
+	const cwd = process.cwd();
 	let configPath = null;
+	let startDir = cwd;
 
-	// 1. Check if targetPath is an explicit config file path
+	// 1. Resolve Target Directory
 	if (targetPath) {
 		try {
-			const stats = await fs.stat(targetPath);
-			if (stats.isFile() && targetPath.endsWith(".js")) {
-				configPath = path.resolve(targetPath);
+			const absoluteTarget = path.resolve(cwd, targetPath);
+			const stats = await fs.stat(absoluteTarget);
+			
+			// If target is a .js file, it might be an explicit config (legacy/internal support)
+			if (stats.isFile() && absoluteTarget.endsWith(".js") && !absoluteTarget.endsWith("smark.config.js")) {
+				configPath = absoluteTarget;
 			} else {
-				startDir = stats.isDirectory() ? targetPath : path.dirname(targetPath);
+				startDir = stats.isDirectory() ? absoluteTarget : path.dirname(absoluteTarget);
 			}
 		} catch {
-			// Path doesn't exist
+			// Path doesn't exist, fallback to CWD
 		}
 	}
 
-	// 2. Check the target directory
+	// 2. Check the Target Directory (Highest Priority)
 	if (!configPath) {
-		const localConfig = path.join(startDir, CONFIG_FILE_NAME);
+		const targetConfig = path.join(startDir, CONFIG_FILE_NAME);
 		try {
-			await fs.access(localConfig);
-			configPath = localConfig;
+			await fs.access(targetConfig);
+			configPath = targetConfig;
 		} catch {
-			// No local config found in target dir
+			// No config found in target dir
 		}
 	}
 
-	// 3. Check the current working directory (if different from target dir)
-	if (!configPath && startDir !== process.cwd()) {
-		const cwdConfig = path.join(process.cwd(), CONFIG_FILE_NAME);
+	// 3. Check the Current Working Directory (Fallback)
+	// We only check CWD if it's different from the Target Directory
+	if (!configPath && startDir !== cwd) {
+		const cwdConfig = path.join(cwd, CONFIG_FILE_NAME);
 		try {
 			await fs.access(cwdConfig);
 			configPath = cwdConfig;
@@ -77,6 +82,14 @@ export async function findAndLoadConfig(targetPath) {
 		removeComments: true,
 		placeholders: {},
 		customProps: [],
+		importAliases: {},
+		fallbackTarget: "style",
+		outputValidator: null,
+		baseDir: null,
+		showSpinner: false,
+		generateRuntimeOutput: false,
+		hideRuntimeOutput: false,
+		security: {},
 	};
 
 	if (configPath) {

package/core/helpers/lib.js

@@ -0,0 +1,75 @@
+/**
+ * SomMark Evaluator APIs
+ * 
+ * Provides built-in utility methods safely bound to the sandbox VM.
+ */
+
+// Host-defined compile that will be injected securely
+let hostCompile = null;
+
+export function registerHostCompile(fn) {
+    hostCompile = fn;
+}
+
+// Host-defined settings that will be injected securely
+let hostSettings = {};
+
+export function registerHostSettings(settings) {
+    hostSettings = settings || {};
+}
+
+const manualVersion = "4.1.0";
+const version = await import(new URL("../../package.json", import.meta.url), { with: { type: "json" } })
+    .then(pkg => pkg.default.version || manualVersion)
+    .catch(() => manualVersion);
+
+const SomMark = {
+    version,
+    
+    get settings() {
+        return hostSettings;
+    },
+    
+    // Secure recursive compile implementation
+    compile: async (src, options = {}) => {
+        if (!hostCompile) {
+            throw new Error("Compilation capability is not initialized.");
+        }
+        return hostCompile(src, options);
+    },
+
+    // Wrap string as safe raw HTML to skip automatic escaping
+    raw: (html) => {
+        return { __raw: String(html) };
+    },
+
+    // Register custom tag handlers programmatically within sandboxed environments
+    register: (id, render, options = {}) => {
+        throw new Error("SomMark.register can only be invoked within the sandboxed template logic environment.");
+    },
+
+    // Retrieve active tags by ID
+    get: (id) => {
+        throw new Error("SomMark.get can only be invoked within the sandboxed template logic environment.");
+    },
+
+    // Remove registered output handlers
+    removeOutput: (id) => {
+        throw new Error("SomMark.removeOutput can only be invoked within the sandboxed template logic environment.");
+    },
+
+    // Check if tag IDs are registered
+    includesId: (ids) => {
+        throw new Error("SomMark.includesId can only be invoked within the sandboxed template logic environment.");
+    },
+
+    // Programmatic HTML/XML tag generation utility
+    tag: (tagName) => {
+        throw new Error("SomMark.tag can only be invoked within the sandboxed template logic environment.");
+    }
+};
+
+// Freeze the entire Standard Library to make it completely immutable and tamper-proof
+Object.freeze(SomMark);
+
+export default SomMark;

package/core/helpers/preprocessor.js

@@ -0,0 +1,185 @@
+import path from "node:path";
+import fs from "node:fs";
+import * as acorn from "acorn";
+import evaluator from "../evaluator.js";
+import { transpilerError } from "../errors.js";
+
+/**
+ * Preprocesses a runtime JS block, parsing it with Acorn to locate
+ * SomMark.static("...") and SomMark.import("...") calls, evaluating/loading them,
+ * and replacing them inline with LSP/runtime safety.
+ * 
+ * @param {string} code - The raw javascript runtime code.
+ * @param {string|null} filename - Active template filename for relative imports.
+ * @param {Object} security - Security restrictions from the engine configuration.
+ * @returns {Promise<string>} - The preprocessed code.
+ */
+export async function preprocessRuntimeLogic(code, filename = null, security = {}) {
+	let ast;
+	try {
+		ast = acorn.parse(code, { ecmaVersion: "latest", sourceType: "module" });
+	} catch (err) {
+		// Fallback: If code is not a fully valid JS block (e.g. an expression fragment),
+		// let it pass through to the standard renderer untouched.
+		return code;
+	}
+
+	const matches = [];
+
+	// Recursive AST Traversal to find SomMark.static and SomMark.import calls
+	function traverse(node) {
+		if (!node || typeof node !== "object") return;
+
+		if (
+			node.type === "CallExpression" &&
+			node.callee.type === "MemberExpression" &&
+			node.callee.object.name === "SomMark" &&
+			node.arguments.length > 0
+		) {
+			const propName = node.callee.property.name;
+			if (propName === "static" || propName === "import") {
+				matches.push(node);
+			}
+		}
+
+		for (const key of Object.keys(node)) {
+			const child = node[key];
+			if (Array.isArray(child)) {
+				for (const item of child) traverse(item);
+			} else {
+				traverse(child);
+			}
+		}
+	}
+
+	traverse(ast);
+
+	let preprocessedCode = code;
+
+	if (matches.length > 0) {
+		// Sort matches right-to-left to prevent character offset drifting
+		matches.sort((a, b) => b.start - a.start);
+
+		// Execute/Import and replace inline
+		for (const match of matches) {
+			const propName = match.callee.property.name;
+			const argNode = match.arguments[0];
+			let argValue = "";
+
+			if (argNode.type === "Literal") {
+				argValue = String(argNode.value);
+			} else if (argNode.type === "TemplateLiteral") {
+				argValue = argNode.quasis.map((q) => q.value.cooked).join("");
+			}
+
+			if (propName === "static") {
+				if (!argValue) {
+					transpilerError([
+						`<$red:SomMark.static Argument Error:$> The argument to SomMark.static must be a string.{line}`
+					]);
+				}
+
+				// If the code contains a top-level return statement, wrap it in an async IIFE
+				let finalStaticCode = argValue.trim();
+					if (finalStaticCode.includes("return")) {
+						finalStaticCode = `(async () => {\n${argValue}\n})()`;
+					}
+
+					// Run securely inside the active QuickJS VM sandbox
+					let result;
+					try {
+						result = await evaluator.execute(finalStaticCode);
+					} catch (err) {
+						transpilerError([
+							`<$red:SomMark.static Execution Error:$> ${err.message}{line}`,
+							`<$yellow:Static Code:$> <$blue:${argValue}$>{line}`
+						]);
+					}
+
+					// Serialize the return value safely
+					let serialized = "";
+					if (result === undefined) {
+						serialized = "undefined";
+					} else if (typeof result === "object") {
+						serialized = JSON.stringify(result);
+					} else if (typeof result === "string") {
+						serialized = JSON.stringify(result); // Automatically escapes quotes and special chars
+					} else {
+						serialized = String(result);
+					}
+
+					// Slice out SomMark.static(...) and splice in the serialized value
+					preprocessedCode =
+						preprocessedCode.slice(0, match.start) +
+						serialized +
+						preprocessedCode.slice(match.end);
+			} else if (propName === "import") {
+				if (!argValue) {
+					transpilerError([
+						`<$red:SomMark.import Argument Error:$> The argument to SomMark.import must be a static, non-empty string literal.{line}`
+					]);
+				}
+
+				// Resolve the file path relative to the template's base directory
+				let baseDir = process.cwd();
+				if (filename && filename !== "anonymous") {
+					baseDir = path.dirname(path.resolve(filename));
+				}
+				const resolvedPath = path.resolve(baseDir, argValue);
+
+				// File presence validation
+				if (!fs.existsSync(resolvedPath)) {
+					transpilerError([
+						`<$red:SomMark.import File Error:$> File not found: <$magenta:${argValue}$>{line}`,
+						`<$yellow:Resolved Path:$> <$blue:${resolvedPath}$>{line}`
+					]);
+				}
+
+				// Security Extension restriction validation
+				const ext = path.extname(resolvedPath).toLowerCase();
+				if (security?.allowedExtensions && !security.allowedExtensions.includes(ext)) {
+					transpilerError([
+						`<$red:Security Error:$> File extension <$yellow:${ext}$> is not allowed by security policy.{line}`,
+						`<$yellow:Import path:$> <$blue:${argValue}$>{line}`
+					]);
+				}
+
+				let serialized = "";
+				const content = fs.readFileSync(resolvedPath, "utf-8");
+
+				if (ext === ".json") {
+					// Validate JSON structure
+					let parsed;
+					try {
+						parsed = JSON.parse(content);
+					} catch (err) {
+						transpilerError([
+							`<$red:JSON Parse Error:$> Failed to parse JSON file <$magenta:${argValue}$>:{line}`,
+							`<$yellow:Error:$> ${err.message}{line}`
+						]);
+					}
+					serialized = JSON.stringify(parsed);
+				} else {
+					// Fallback for plain text, .smark, and other extensions: Serialize as JSON-escaped string
+					serialized = JSON.stringify(content);
+				}
+
+				// Slice out SomMark.import(...) and splice in the serialized content
+				preprocessedCode =
+					preprocessedCode.slice(0, match.start) +
+					serialized +
+					preprocessedCode.slice(match.end);
+			}
+		}
+	}
+
+	// LSP / Linter Safety Guard Injection
+	// If the resulting code references the global SomMark keyword, prepend fallback declarations to prevent crashes.
+	const hasSomMarkRef = /\bSomMark\b/.test(preprocessedCode);
+	if (hasSomMarkRef) {
+		const safetyGuard = `/* global SomMark */\nif (typeof globalThis.SomMark === 'undefined') { globalThis.SomMark = { static: (c) => c, import: (c) => c }; }\n`;
+		preprocessedCode = safetyGuard + preprocessedCode;
+	}
+
+	return preprocessedCode;
+}

package/core/helpers/runtimeOutput.js

@@ -0,0 +1,28 @@
+/**
+ * Wraps runtime JavaScript logic inside target-specific scoped structures.
+ * 
+ * @param {string} code - The preprocessed javascript code.
+ * @param {string} format - The active compilation target format (e.g., 'html', 'mdx').
+ * @param {string|null} parentId - The unique tracking identifier of the parent element.
+ * @param {boolean} isGlobal - Whether the script is at the root level or block-level.
+ * @returns {string} - The formatted, target-scoped runtime code.
+ */
+export function wrapRuntimeLogic(code, format, parentId, isGlobal) {
+	const trimmedCode = code
+		.split("\n")
+		.filter(line => line.trim() !== "")
+		.join("\n");
+
+	if (isGlobal || !parentId) {
+		return `\n${trimmedCode}\n`;
+	}
+
+	const lowerFormat = format?.toLowerCase();
+	if (lowerFormat === "html" || lowerFormat === "mdx") {
+		const selfDefinition = `const self = document.querySelector('[data-sommark-id="${parentId}"]');`;
+		return `\n(async function(){${selfDefinition}\nif (self) {\n${trimmedCode}\n}\n})();\n`;
+	}
+
+	// Fallback/Default for other formats: return the raw code untouched
+	return `\n${trimmedCode}\n`;
+}

package/core/labels.js

@@ -7,8 +7,13 @@ export const BLOCK = "Block",
 	INLINE = "Inline",
 	ATBLOCK = "AtBlock",
 	COMMENT = "Comment",
+	COMMENT_BLOCK = "CommentBlock",
 	IMPORT = "Import",
-	USE_MODULE = "$use-module";
+	USE_MODULE = "$use-module",
+	SLOT = "Slot",
+	STATIC_LOGIC = "StaticLogic",
+	RUNTIME_LOGIC = "RuntimeLogic",
+	FOR_EACH = "ForEach";
 
 /**
  * Names for symbols used to separate parts of the code (like commas and colons).
@@ -36,4 +41,6 @@ export const block_id = "Block Identifier",
 	atblock_key = "AtBlock Key",
 	at_end = "Atblock End",
 	/** Reserved keyword for closing blocks */
-	end_keyword = "end";
+	end_keyword = "end",
+	slot_keyword = "slot",
+	for_each_keyword = "for-each";