npm - specra - Versions diffs - 0.1.13 → 0.2.0 - Mend

specra 0.1.13 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (276) hide show

package/LICENSE.MD +25 -4
package/README.md +67 -58
package/config/specra.config.schema.json +16 -0
package/config/svelte-config.js +63 -0
package/dist/api-parser.types.d.ts +59 -0
package/dist/api-parser.types.js +5 -0
package/dist/api.types.d.ts +137 -0
package/dist/api.types.js +5 -0
package/dist/category.d.ts +21 -0
package/dist/category.js +48 -0
package/dist/components/ConfigProvider.svelte +13 -0
package/dist/components/ConfigProvider.svelte.d.ts +31 -0
package/dist/components/docs/Accordion.svelte +18 -0
package/dist/components/docs/Accordion.svelte.d.ts +10 -0
package/dist/components/docs/AccordionItem.svelte +41 -0
package/dist/components/docs/AccordionItem.svelte.d.ts +10 -0
package/dist/components/docs/Badge.svelte +28 -0
package/dist/components/docs/Badge.svelte.d.ts +9 -0
package/dist/components/docs/Breadcrumb.svelte +80 -0
package/dist/components/docs/Breadcrumb.svelte.d.ts +8 -0
package/dist/components/docs/Callout.svelte +96 -0
package/dist/components/docs/Callout.svelte.d.ts +10 -0
package/dist/components/docs/Card.svelte +63 -0
package/dist/components/docs/Card.svelte.d.ts +12 -0
package/dist/components/docs/CardGrid.svelte +24 -0
package/dist/components/docs/CardGrid.svelte.d.ts +8 -0
package/dist/components/docs/CategoryIndex.svelte +110 -0
package/dist/components/docs/CategoryIndex.svelte.d.ts +29 -0
package/dist/components/docs/CodeBlock.svelte +172 -0
package/dist/components/docs/CodeBlock.svelte.d.ts +8 -0
package/dist/components/docs/Column.svelte +25 -0
package/dist/components/docs/Column.svelte.d.ts +8 -0
package/dist/components/docs/Columns.svelte +38 -0
package/dist/components/docs/Columns.svelte.d.ts +13 -0
package/dist/components/docs/DevModeBadge.svelte +15 -0
package/dist/components/docs/DevModeBadge.svelte.d.ts +18 -0
package/dist/components/docs/DocBadge.svelte +28 -0
package/dist/components/docs/DocBadge.svelte.d.ts +9 -0
package/dist/components/docs/DocLayout.svelte +107 -0
package/dist/components/docs/DocLayout.svelte.d.ts +32 -0
package/dist/components/docs/DocLoading.svelte +53 -0
package/dist/components/docs/DocLoading.svelte.d.ts +18 -0
package/dist/components/docs/DocMetadata.svelte +106 -0
package/dist/components/docs/DocMetadata.svelte.d.ts +18 -0
package/dist/components/docs/DocNavigation.svelte +56 -0
package/dist/components/docs/DocNavigation.svelte.d.ts +12 -0
package/dist/components/docs/DocTags.svelte +22 -0
package/dist/components/docs/DocTags.svelte.d.ts +6 -0
package/dist/components/docs/DraftBadge.svelte +10 -0
package/dist/components/docs/DraftBadge.svelte.d.ts +18 -0
package/dist/components/docs/Footer.svelte +72 -0
package/dist/components/docs/Footer.svelte.d.ts +7 -0
package/dist/components/docs/Frame.svelte +27 -0
package/dist/components/docs/Frame.svelte.d.ts +9 -0
package/dist/components/docs/Header.svelte +123 -0
package/dist/components/docs/Header.svelte.d.ts +9 -0
package/dist/components/docs/HeaderWithMenu.svelte +34 -0
package/dist/components/docs/HeaderWithMenu.svelte.d.ts +17 -0
package/dist/components/docs/HotReloadIndicator.svelte +44 -0
package/dist/components/docs/HotReloadIndicator.svelte.d.ts +3 -0
package/dist/components/docs/Icon.svelte +103 -0
package/dist/components/docs/Icon.svelte.d.ts +11 -0
package/dist/components/docs/Image.svelte +88 -0
package/dist/components/docs/Image.svelte.d.ts +11 -0
package/dist/components/docs/ImageCard.svelte +91 -0
package/dist/components/docs/ImageCard.svelte.d.ts +12 -0
package/dist/components/docs/ImageCardGrid.svelte +25 -0
package/dist/components/docs/ImageCardGrid.svelte.d.ts +8 -0
package/dist/components/docs/LayoutProviders.svelte +57 -0
package/dist/components/docs/LayoutProviders.svelte.d.ts +9 -0
package/dist/components/docs/Logo.svelte +25 -0
package/dist/components/docs/Logo.svelte.d.ts +11 -0
package/dist/components/docs/Math.svelte +54 -0
package/dist/components/docs/Math.svelte.d.ts +7 -0
package/dist/components/docs/MdxContent.svelte +41 -0
package/dist/components/docs/MdxHotReload.svelte +78 -0
package/dist/components/docs/MdxHotReload.svelte.d.ts +9 -0
package/dist/components/docs/MdxLayout.svelte +16 -0
package/dist/components/docs/MdxLayout.svelte.d.ts +6 -0
package/dist/components/docs/Mermaid.svelte +88 -0
package/dist/components/docs/Mermaid.svelte.d.ts +7 -0
package/dist/components/docs/MobileDocLayout.svelte +211 -0
package/dist/components/docs/MobileDocLayout.svelte.d.ts +35 -0
package/dist/components/docs/MobileSidebar.svelte +122 -0
package/dist/components/docs/MobileSidebar.svelte.d.ts +31 -0
package/dist/components/docs/MobileSidebarWrapper.svelte +122 -0
package/dist/components/docs/MobileSidebarWrapper.svelte.d.ts +32 -0
package/dist/components/docs/NotFoundContent.svelte +40 -0
package/dist/components/docs/NotFoundContent.svelte.d.ts +6 -0
package/dist/components/docs/SearchHighlight.svelte +116 -0
package/dist/components/docs/SearchHighlight.svelte.d.ts +3 -0
package/dist/components/docs/SearchModal.svelte +239 -0
package/dist/components/docs/SearchModal.svelte.d.ts +9 -0
package/dist/components/docs/Sidebar.svelte +69 -0
package/dist/components/docs/Sidebar.svelte.d.ts +31 -0
package/dist/components/docs/SidebarMenuItems.svelte +344 -0
package/dist/components/docs/SidebarMenuItems.svelte.d.ts +33 -0
package/dist/components/docs/SidebarSkeleton.svelte +50 -0
package/dist/components/docs/SidebarSkeleton.svelte.d.ts +18 -0
package/dist/components/docs/SiteBanner.svelte +92 -0
package/dist/components/docs/SiteBanner.svelte.d.ts +7 -0
package/dist/components/docs/Step.svelte +44 -0
package/dist/components/docs/Step.svelte.d.ts +8 -0
package/dist/components/docs/Steps.svelte +15 -0
package/dist/components/docs/Steps.svelte.d.ts +7 -0
package/dist/components/docs/Tab.svelte +40 -0
package/dist/components/docs/Tab.svelte.d.ts +8 -0
package/dist/components/docs/TabGroups.svelte +183 -0
package/dist/components/docs/TabGroups.svelte.d.ts +25 -0
package/dist/components/docs/TableOfContents.svelte +100 -0
package/dist/components/docs/TableOfContents.svelte.d.ts +9 -0
package/dist/components/docs/Tabs.svelte +69 -0
package/dist/components/docs/Tabs.svelte.d.ts +8 -0
package/dist/components/docs/ThemeToggle.svelte +16 -0
package/dist/components/docs/ThemeToggle.svelte.d.ts +18 -0
package/dist/components/docs/Tooltip.svelte +44 -0
package/dist/components/docs/Tooltip.svelte.d.ts +10 -0
package/dist/components/docs/VersionSwitcher.svelte +95 -0
package/dist/components/docs/VersionSwitcher.svelte.d.ts +7 -0
package/dist/components/docs/Video.svelte +84 -0
package/dist/components/docs/Video.svelte.d.ts +12 -0
package/dist/components/docs/api/ApiEndpoint.svelte +61 -0
package/dist/components/docs/api/ApiEndpoint.svelte.d.ts +11 -0
package/dist/components/docs/api/ApiParams.svelte +80 -0
package/dist/components/docs/api/ApiParams.svelte.d.ts +14 -0
package/dist/components/docs/api/ApiPlayground.svelte +259 -0
package/dist/components/docs/api/ApiPlayground.svelte.d.ts +16 -0
package/dist/components/docs/api/ApiReference.svelte +278 -0
package/dist/components/docs/api/ApiReference.svelte.d.ts +23 -0
package/dist/components/docs/api/ApiResponse.svelte +66 -0
package/dist/components/docs/api/ApiResponse.svelte.d.ts +9 -0
package/dist/components/docs/api/index.d.ts +5 -0
package/dist/components/docs/api/index.js +5 -0
package/dist/components/docs/componentTextProps.d.ts +3 -0
package/dist/components/docs/componentTextProps.js +61 -0
package/dist/components/docs/index.d.ts +54 -0
package/dist/components/docs/index.js +56 -0
package/dist/components/global/VersionNotFound.svelte +48 -0
package/dist/components/global/VersionNotFound.svelte.d.ts +7 -0
package/dist/components/global/index.d.ts +1 -0
package/dist/components/global/index.js +1 -0
package/dist/components/index.d.ts +6 -822
package/dist/components/index.js +11 -3854
package/dist/components/ui/Badge.svelte +48 -0
package/dist/components/ui/Badge.svelte.d.ts +15 -0
package/dist/components/ui/Button.svelte +58 -0
package/dist/components/ui/Button.svelte.d.ts +17 -0
package/dist/components/ui/Dialog.svelte +16 -0
package/dist/components/ui/Dialog.svelte.d.ts +9 -0
package/dist/components/ui/DialogClose.svelte +16 -0
package/dist/components/ui/DialogClose.svelte.d.ts +9 -0
package/dist/components/ui/DialogContent.svelte +43 -0
package/dist/components/ui/DialogContent.svelte.d.ts +10 -0
package/dist/components/ui/DialogDescription.svelte +21 -0
package/dist/components/ui/DialogDescription.svelte.d.ts +9 -0
package/dist/components/ui/DialogFooter.svelte +20 -0
package/dist/components/ui/DialogFooter.svelte.d.ts +9 -0
package/dist/components/ui/DialogHeader.svelte +20 -0
package/dist/components/ui/DialogHeader.svelte.d.ts +9 -0
package/dist/components/ui/DialogTitle.svelte +21 -0
package/dist/components/ui/DialogTitle.svelte.d.ts +9 -0
package/dist/components/ui/Input.svelte +23 -0
package/dist/components/ui/Input.svelte.d.ts +8 -0
package/dist/components/ui/Textarea.svelte +19 -0
package/dist/components/ui/Textarea.svelte.d.ts +7 -0
package/dist/components/ui/index.d.ts +11 -0
package/dist/components/ui/index.js +11 -0
package/dist/config.d.ts +8 -0
package/dist/config.js +9 -0
package/dist/config.schema.json +471 -0
package/dist/config.server.d.ts +46 -0
package/dist/config.server.js +149 -0
package/dist/{mdx-ColN3Cyg.d.mts → config.types.d.ts} +22 -75
package/dist/config.types.js +39 -0
package/dist/dev-utils.d.ts +29 -0
package/dist/dev-utils.js +63 -0
package/dist/index.d.ts +19 -4
package/dist/index.js +25 -4861
package/dist/mdx-cache.d.ts +41 -0
package/dist/mdx-cache.js +160 -0
package/dist/mdx-components.js +50 -1931
package/dist/mdx-security.d.ts +76 -0
package/dist/mdx-security.js +217 -0
package/dist/mdx.d.ts +73 -0
package/dist/mdx.js +1099 -0
package/dist/middleware/index.d.ts +1 -0
package/dist/middleware/index.js +2 -0
package/dist/middleware/security.d.ts +22 -47
package/dist/middleware/security.js +111 -137
package/dist/parsers/base-parser.d.ts +14 -0
package/dist/parsers/base-parser.js +1 -0
package/dist/parsers/index.d.ts +16 -0
package/dist/parsers/index.js +51 -0
package/dist/parsers/openapi-parser.d.ts +18 -0
package/dist/parsers/openapi-parser.js +209 -0
package/dist/parsers/postman-parser.d.ts +20 -0
package/dist/parsers/postman-parser.js +260 -0
package/dist/parsers/specra-parser.d.ts +10 -0
package/dist/parsers/specra-parser.js +18 -0
package/dist/redirects.d.ts +12 -0
package/dist/redirects.js +30 -0
package/dist/remark-code-meta.d.ts +6 -0
package/dist/remark-code-meta.js +21 -0
package/dist/sidebar-utils.d.ts +59 -0
package/dist/sidebar-utils.js +144 -0
package/dist/stores/config.d.ts +20 -0
package/dist/stores/config.js +45 -0
package/dist/stores/index.d.ts +4 -0
package/dist/stores/index.js +4 -0
package/dist/stores/sidebar.d.ts +7 -0
package/dist/stores/sidebar.js +12 -0
package/dist/stores/tabs.d.ts +6 -0
package/dist/stores/tabs.js +41 -0
package/dist/stores/theme.d.ts +7 -0
package/dist/stores/theme.js +75 -0
package/dist/{styles.css → styles/globals.css} +136 -6
package/dist/toc.d.ts +9 -0
package/dist/toc.js +15 -0
package/dist/utils.d.ts +13 -0
package/dist/utils.js +30 -0
package/package.json +47 -90
package/dist/app/api/mdx-watch/route.d.mts +0 -10
package/dist/app/api/mdx-watch/route.d.ts +0 -10
package/dist/app/api/mdx-watch/route.js +0 -118
package/dist/app/api/mdx-watch/route.js.map +0 -1
package/dist/app/api/mdx-watch/route.mjs +0 -91
package/dist/app/api/mdx-watch/route.mjs.map +0 -1
package/dist/chunk-6S3EJVEO.mjs +0 -259
package/dist/chunk-6S3EJVEO.mjs.map +0 -1
package/dist/chunk-BE7EROIW.mjs +0 -212
package/dist/chunk-BE7EROIW.mjs.map +0 -1
package/dist/chunk-CWHRZHZO.mjs +0 -168
package/dist/chunk-CWHRZHZO.mjs.map +0 -1
package/dist/chunk-D5VDVYFY.mjs +0 -1325
package/dist/chunk-D5VDVYFY.mjs.map +0 -1
package/dist/chunk-WMCO2UX5.mjs +0 -585
package/dist/chunk-WMCO2UX5.mjs.map +0 -1
package/dist/chunk-XEMGCPZZ.mjs +0 -475
package/dist/chunk-XEMGCPZZ.mjs.map +0 -1
package/dist/components/index.d.mts +0 -822
package/dist/components/index.js.map +0 -1
package/dist/components/index.mjs +0 -3741
package/dist/components/index.mjs.map +0 -1
package/dist/index.d.mts +0 -4
package/dist/index.js.map +0 -1
package/dist/index.mjs +0 -1897
package/dist/index.mjs.map +0 -1
package/dist/layouts/index.d.mts +0 -34
package/dist/layouts/index.d.ts +0 -34
package/dist/layouts/index.js +0 -453
package/dist/layouts/index.js.map +0 -1
package/dist/layouts/index.mjs +0 -173
package/dist/layouts/index.mjs.map +0 -1
package/dist/lib/index.d.mts +0 -583
package/dist/lib/index.d.ts +0 -583
package/dist/lib/index.js +0 -1595
package/dist/lib/index.js.map +0 -1
package/dist/lib/index.mjs +0 -111
package/dist/lib/index.mjs.map +0 -1
package/dist/mdx-ColN3Cyg.d.ts +0 -352
package/dist/mdx-components.d.mts +0 -86
package/dist/mdx-components.d.ts +0 -86
package/dist/mdx-components.js.map +0 -1
package/dist/mdx-components.mjs +0 -206
package/dist/mdx-components.mjs.map +0 -1
package/dist/middleware/security.d.mts +0 -82
package/dist/middleware/security.js.map +0 -1
package/dist/middleware/security.mjs +0 -84
package/dist/middleware/security.mjs.map +0 -1
package/dist/styles.css.map +0 -1
package/dist/styles.d.mts +0 -2
package/dist/styles.d.ts +0 -2
package/dist/styles.js +0 -2
package/dist/styles.js.map +0 -1
package/dist/styles.mjs +0 -1
package/dist/styles.mjs.map +0 -1

package/dist/mdx-security.d.ts ADDED Viewed

@@ -0,0 +1,76 @@
+/**
+ * MDX Security Layer
+ *
+ * Protects against:
+ * - XSS via malicious MDX expressions
+ * - Path traversal attacks
+ * - Dangerous component usage
+ * - Cross-domain vulnerabilities
+ */
+/**
+ * Sanitize file paths to prevent path traversal attacks
+ * Blocks: ../, ..\, absolute paths, encoded traversal attempts
+ */
+export declare function sanitizePath(userPath: string): string;
+/**
+ * Validate that a file path is within allowed directory
+ */
+export declare function validatePathWithinDirectory(filePath: string, allowedDir: string): boolean;
+/**
+ * Scan MDX content for dangerous patterns
+ * Returns array of detected issues
+ * Note: Skips content inside code blocks to avoid false positives
+ */
+export declare function scanMDXForDangerousPatterns(content: string): string[];
+/**
+ * Sanitize MDX content by removing/escaping dangerous patterns
+ * This is a defensive measure - ideally content should be rejected if dangerous
+ */
+export declare function sanitizeMDXContent(content: string, strict?: boolean): string;
+/**
+ * Content Security Policy configuration
+ * Use this in your Next.js middleware or headers config
+ */
+export declare const CSP_DIRECTIVES: {
+    readonly "default-src": readonly ["'self'"];
+    readonly "script-src": readonly ["'self'", "'unsafe-inline'", "'unsafe-eval'"];
+    readonly "style-src": readonly ["'self'", "'unsafe-inline'"];
+    readonly "img-src": readonly ["'self'", "data:", "https:"];
+    readonly "font-src": readonly ["'self'", "data:"];
+    readonly "connect-src": readonly ["'self'"];
+    readonly "frame-src": readonly ["'self'"];
+    readonly "object-src": readonly ["'none'"];
+    readonly "base-uri": readonly ["'self'"];
+    readonly "form-action": readonly ["'self'"];
+    readonly "frame-ancestors": readonly ["'self'"];
+    readonly "upgrade-insecure-requests": readonly [];
+};
+/**
+ * Generate CSP header value from directives
+ */
+export declare function generateCSPHeader(customDirectives?: Partial<typeof CSP_DIRECTIVES>, production?: boolean): string;
+/**
+ * Allowlist of safe MDX components
+ * Only these components can be used in MDX files
+ */
+export declare const SAFE_MDX_COMPONENTS: Set<string>;
+/**
+ * Validate component usage in MDX
+ */
+export declare function validateMDXComponents(content: string): {
+    valid: boolean;
+    issues: string[];
+};
+/**
+ * Comprehensive MDX security check
+ * Use this before processing MDX content
+ */
+export declare function validateMDXSecurity(content: string, options?: {
+    strictMode?: boolean;
+    allowCustomComponents?: boolean;
+    blockDangerousPatterns?: boolean;
+}): {
+    valid: boolean;
+    issues: string[];
+    sanitized?: string;
+};

package/dist/mdx-security.js ADDED Viewed

@@ -0,0 +1,217 @@
+/**
+ * MDX Security Layer
+ *
+ * Protects against:
+ * - XSS via malicious MDX expressions
+ * - Path traversal attacks
+ * - Dangerous component usage
+ * - Cross-domain vulnerabilities
+ */
+import path from "path";
+/**
+ * Sanitize file paths to prevent path traversal attacks
+ * Blocks: ../, ..\, absolute paths, encoded traversal attempts
+ */
+export function sanitizePath(userPath) {
+    // Decode URI components to catch encoded traversal attempts
+    const decoded = decodeURIComponent(userPath);
+    // Block path traversal patterns
+    if (decoded.includes("../") ||
+        decoded.includes("..\\") ||
+        decoded.includes("%2e%2e") ||
+        decoded.includes("%252e%252e") ||
+        path.isAbsolute(decoded)) {
+        throw new Error("Path traversal detected");
+    }
+    // Normalize and validate the path
+    const normalized = path.normalize(decoded).replace(/\\/g, "/");
+    // Ensure path doesn't escape after normalization
+    if (normalized.startsWith("..") || normalized.includes("/../")) {
+        throw new Error("Invalid path detected");
+    }
+    return normalized;
+}
+/**
+ * Validate that a file path is within allowed directory
+ */
+export function validatePathWithinDirectory(filePath, allowedDir) {
+    const resolvedPath = path.resolve(allowedDir, filePath);
+    const resolvedDir = path.resolve(allowedDir);
+    return resolvedPath.startsWith(resolvedDir + path.sep) || resolvedPath === resolvedDir;
+}
+/**
+ * Dangerous MDX patterns that should be blocked
+ * These patterns can execute arbitrary code during SSR
+ */
+const DANGEROUS_PATTERNS = [
+    // JavaScript execution
+    /eval\s*\(/gi,
+    /Function\s*\(/gi,
+    /import\s*\(/gi,
+    /require\s*\(/gi,
+    // File system access
+    /fs\.[a-z]+/gi,
+    /readFile/gi,
+    /writeFile/gi,
+    /process\.env/gi,
+    // Network requests during SSR (legitimate client-side usage should use components)
+    /fetch\s*\(/gi,
+    // Dangerous Node.js modules
+    /child_process/gi,
+    /exec\s*\(/gi,
+    /spawn\s*\(/gi,
+    // Script tag injection
+    /<script[>\s]/gi,
+    /javascript:/gi,
+    /\bon(abort|blur|cancel|canplay|canplaythrough|change|click|close|contextmenu|cuechange|dblclick|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|ended|error|focus|input|invalid|keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|pause|play|playing|progress|ratechange|reset|resize|scroll|seeked|seeking|select|show|stalled|submit|suspend|timeupdate|toggle|volumechange|waiting|wheel)\s*=/gi, // onclick, onerror, onload, etc.
+];
+/**
+ * Remove code blocks from content to avoid scanning code examples
+ * This prevents false positives from documentation code examples
+ */
+function removeCodeBlocks(content) {
+    // Remove fenced code blocks (```...```)
+    let withoutCodeBlocks = content.replace(/```[\s\S]*?```/g, '');
+    // Remove inline code (`...`)
+    withoutCodeBlocks = withoutCodeBlocks.replace(/`[^`]*`/g, '');
+    return withoutCodeBlocks;
+}
+/**
+ * Scan MDX content for dangerous patterns
+ * Returns array of detected issues
+ * Note: Skips content inside code blocks to avoid false positives
+ */
+export function scanMDXForDangerousPatterns(content) {
+    const issues = [];
+    // Remove code blocks before scanning to avoid false positives
+    const contentWithoutCode = removeCodeBlocks(content);
+    for (const pattern of DANGEROUS_PATTERNS) {
+        const matches = contentWithoutCode.match(pattern);
+        if (matches) {
+            issues.push(`Dangerous pattern detected: ${pattern.source}`);
+        }
+    }
+    return issues;
+}
+/**
+ * Sanitize MDX content by removing/escaping dangerous patterns
+ * This is a defensive measure - ideally content should be rejected if dangerous
+ */
+export function sanitizeMDXContent(content, strict = false) {
+    if (strict) {
+        const issues = scanMDXForDangerousPatterns(content);
+        if (issues.length > 0) {
+            throw new Error(`MDX content contains dangerous patterns: ${issues.join(", ")}`);
+        }
+    }
+    // Remove inline script tags
+    let sanitized = content.replace(/<script[^>]*>[\s\S]*?<\/script>/gi, "");
+    // Remove event handlers from HTML tags
+    sanitized = sanitized.replace(/\s+on\w+\s*=\s*["'][^"']*["']/gi, "");
+    // Remove javascript: protocol
+    sanitized = sanitized.replace(/javascript:/gi, "");
+    return sanitized;
+}
+/**
+ * Content Security Policy configuration
+ * Use this in your Next.js middleware or headers config
+ */
+export const CSP_DIRECTIVES = {
+    "default-src": ["'self'"],
+    "script-src": [
+        "'self'",
+        "'unsafe-inline'", // Required for Next.js
+        "'unsafe-eval'", // Required for dev mode - remove in production
+    ],
+    "style-src": ["'self'", "'unsafe-inline'"], // Required for styled-components/emotion
+    "img-src": ["'self'", "data:", "https:"],
+    "font-src": ["'self'", "data:"],
+    "connect-src": ["'self'"],
+    "frame-src": ["'self'"],
+    "object-src": ["'none'"],
+    "base-uri": ["'self'"],
+    "form-action": ["'self'"],
+    "frame-ancestors": ["'self'"],
+    "upgrade-insecure-requests": [],
+};
+/**
+ * Generate CSP header value from directives
+ */
+export function generateCSPHeader(customDirectives, production = true) {
+    const directives = { ...CSP_DIRECTIVES, ...customDirectives };
+    // Remove unsafe-eval in production
+    if (production && directives["script-src"]) {
+        directives["script-src"] = directives["script-src"].filter((src) => src !== "'unsafe-eval'");
+    }
+    return Object.entries(directives)
+        .map(([key, values]) => `${key} ${values.join(" ")}`)
+        .join("; ");
+}
+/**
+ * Allowlist of safe MDX components
+ * Only these components can be used in MDX files
+ */
+export const SAFE_MDX_COMPONENTS = new Set([
+    // Standard HTML elements (automatically allowed by MDX)
+    "h1", "h2", "h3", "h4", "h5", "h6",
+    "p", "a", "ul", "ol", "li", "code", "pre",
+    "blockquote", "table", "thead", "tbody", "tr", "th", "td",
+    "img", "video", "audio", "br", "hr", "strong", "em",
+    // Custom safe components
+    "Callout", "CodeBlock", "Accordion", "AccordionItem",
+    "Tabs", "Tab", "Image", "Video", "Card", "CardGrid",
+    "ImageCard", "ImageCardGrid", "Steps", "Step",
+    "Icon", "Mermaid", "Math", "Columns", "Column",
+    "Badge", "Tooltip", "Frame",
+    "ApiEndpoint", "ApiParams", "ApiResponse", "ApiPlayground", "ApiReference",
+]);
+/**
+ * Validate component usage in MDX
+ */
+export function validateMDXComponents(content) {
+    const issues = [];
+    // Find all JSX-like component usage
+    const componentRegex = /<([A-Z][a-zA-Z0-9]*)/g;
+    let match;
+    while ((match = componentRegex.exec(content)) !== null) {
+        const componentName = match[1];
+        if (!SAFE_MDX_COMPONENTS.has(componentName)) {
+            issues.push(`Unsafe component detected: ${componentName}`);
+        }
+    }
+    return {
+        valid: issues.length === 0,
+        issues,
+    };
+}
+/**
+ * Comprehensive MDX security check
+ * Use this before processing MDX content
+ */
+export function validateMDXSecurity(content, options = {}) {
+    const { strictMode = false, allowCustomComponents = true, blockDangerousPatterns = true, } = options;
+    const issues = [];
+    // Check for dangerous patterns
+    if (blockDangerousPatterns) {
+        const patternIssues = scanMDXForDangerousPatterns(content);
+        issues.push(...patternIssues);
+    }
+    // Validate components
+    if (!allowCustomComponents) {
+        const componentValidation = validateMDXComponents(content);
+        if (!componentValidation.valid) {
+            issues.push(...componentValidation.issues);
+        }
+    }
+    // In strict mode, reject any issues
+    if (strictMode && issues.length > 0) {
+        return { valid: false, issues };
+    }
+    // Otherwise, sanitize and warn
+    const sanitized = sanitizeMDXContent(content, false);
+    return {
+        valid: true,
+        issues,
+        sanitized,
+    };
+}

package/dist/mdx.d.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import type { I18nConfig } from "./config.types";
+/**
+ * Structured node type for MDX content rendering.
+ * Used to pass a JSON-serializable tree from server to client,
+ * allowing the client-side recursive renderer to instantiate
+ * real Svelte components for custom tags.
+ */
+export interface MdxNode {
+    type: 'html' | 'component';
+    content?: string;
+    name?: string;
+    props?: Record<string, any>;
+    children?: MdxNode[];
+}
+export interface DocMeta {
+    title: string;
+    description?: string;
+    slug?: string;
+    section?: string;
+    group?: string;
+    sidebar?: string;
+    order?: number;
+    sidebar_position?: number;
+    content?: string;
+    last_updated?: string;
+    draft?: boolean;
+    authors?: Array<{
+        id: string;
+        name?: string;
+    }>;
+    tags?: string[];
+    redirect_from?: string[];
+    reading_time?: number;
+    word_count?: number;
+    icon?: string;
+    tab_group?: string;
+    locale?: string;
+    protected?: boolean;
+    isProtected?: boolean;
+}
+export interface Doc {
+    slug: string;
+    filePath: string;
+    title: string;
+    meta: DocMeta;
+    content: string;
+    contentNodes?: MdxNode[];
+    categoryLabel?: string;
+    categoryPosition?: number;
+    categoryCollapsible?: boolean;
+    categoryCollapsed?: boolean;
+    categoryIcon?: string;
+    categoryTabGroup?: string;
+    locale?: string;
+}
+export interface TocItem {
+    id: string;
+    title: string;
+    level: number;
+}
+export declare function getVersions(): string[];
+export declare function getI18nConfig(): I18nConfig | null;
+export declare function getDocBySlug(slug: string, version?: string, locale?: string): Promise<Doc | null>;
+export declare function getAllDocs(version?: string, locale?: string): Doc[];
+export declare function getAdjacentDocs(currentSlug: string, allDocs: Doc[]): {
+    previous?: Doc;
+    next?: Doc;
+};
+export declare function extractTableOfContents(content: string): TocItem[];
+/**
+ * Check if a slug represents a category (has child documents)
+ */
+export declare function isCategoryPage(slug: string, allDocs: Doc[]): boolean;