stow-cli 2.2.1 → 2.2.3

package/dist/chunk-RH4BOSYB.js

@@ -0,0 +1,153 @@
+// src/lib/sanitize-response.ts
+var INJECTION_PATTERNS = [
+  // Direct instruction injection
+  /\b(?:ignore|disregard|forget)\b.*\b(?:previous|above|prior)\b.*\b(?:instructions?|rules?|context)\b/i,
+  // System prompt extraction attempts
+  /\b(?:reveal|show|print|output|display)\b.*\b(?:system\s*prompt|instructions?|rules?)\b/i,
+  // Role hijacking
+  /\byou\s+are\s+(?:now|a)\b/i,
+  // Tool/action injection
+  /\b(?:execute|run|call)\b.*\b(?:command|tool|function|bash|shell)\b/i,
+  // Markdown/XML injection that could affect agent parsing
+  /<\/?(?:system|user|assistant|tool_use|tool_result)\b/i
+];
+var USER_CONTENT_FIELDS = /* @__PURE__ */ new Set([
+  "originalFilename",
+  "filename",
+  "name",
+  "description",
+  "label",
+  "text",
+  "slug",
+  "webhookUrl"
+]);
+function detectInjection(value) {
+  return INJECTION_PATTERNS.some((pattern) => pattern.test(value));
+}
+function sanitizeValue(value) {
+  if (detectInjection(value)) {
+    return `[FLAGGED: potential prompt injection] ${value}`;
+  }
+  return value;
+}
+function sanitizeResponse(data) {
+  if (data === null || data === void 0) {
+    return data;
+  }
+  if (typeof data === "string") {
+    return sanitizeValue(data);
+  }
+  if (Array.isArray(data)) {
+    return data.map((item) => sanitizeResponse(item));
+  }
+  if (typeof data === "object") {
+    const result = {};
+    for (const [key, value] of Object.entries(data)) {
+      if (USER_CONTENT_FIELDS.has(key) && typeof value === "string") {
+        result[key] = sanitizeValue(value);
+      } else if (typeof value === "object" && value !== null) {
+        result[key] = sanitizeResponse(value);
+      } else {
+        result[key] = value;
+      }
+    }
+    return result;
+  }
+  return data;
+}
+
+// src/lib/output.ts
+var _forceHuman = false;
+var _globalFields;
+var _globalNdjson = false;
+function setForceHuman(value) {
+  _forceHuman = value;
+}
+function setGlobalFields(fields) {
+  _globalFields = fields;
+}
+function setGlobalNdjson(value) {
+  _globalNdjson = value;
+}
+function isJsonOutput() {
+  if (_forceHuman) {
+    return false;
+  }
+  return !process.stdout.isTTY;
+}
+function output(data, humanFormatter, options) {
+  const sanitized = sanitizeResponse(data);
+  const unwrapped = _globalFields || _globalNdjson ? unwrapArray(sanitized) : sanitized;
+  const masked = applyFieldMask(unwrapped, _globalFields);
+  if (_globalNdjson && Array.isArray(masked)) {
+    outputNdjson(masked);
+    return;
+  }
+  if (options?.json || isJsonOutput()) {
+    console.log(JSON.stringify(masked, null, 2));
+  } else if (humanFormatter && !_globalFields) {
+    console.log(humanFormatter());
+  } else {
+    console.log(JSON.stringify(masked, null, 2));
+  }
+}
+function outputError(error, code, details) {
+  if (isJsonOutput()) {
+    console.error(
+      JSON.stringify({ error, ...code ? { code } : {}, ...details })
+    );
+  } else {
+    console.error(`Error: ${error}`);
+  }
+  process.exit(1);
+}
+function outputNdjson(items) {
+  for (const item of items) {
+    const sanitized = sanitizeResponse(item);
+    console.log(JSON.stringify(sanitized));
+  }
+}
+function applyFieldMask(data, fields) {
+  if (!fields) {
+    return data;
+  }
+  const fieldSet = new Set(fields.split(",").map((f) => f.trim()));
+  if (Array.isArray(data)) {
+    return data.map((item) => pickFields(item, fieldSet));
+  }
+  if (typeof data === "object" && data !== null) {
+    return pickFields(data, fieldSet);
+  }
+  return data;
+}
+function unwrapArray(data) {
+  if (typeof data !== "object" || data === null || Array.isArray(data)) {
+    return data;
+  }
+  const entries = Object.entries(data);
+  if (entries.length === 1 && Array.isArray(entries[0][1])) {
+    return entries[0][1];
+  }
+  return data;
+}
+function pickFields(obj, fieldSet) {
+  if (typeof obj !== "object" || obj === null) {
+    return {};
+  }
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    if (fieldSet.has(key)) {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+
+export {
+  setForceHuman,
+  setGlobalFields,
+  setGlobalNdjson,
+  isJsonOutput,
+  output,
+  outputError
+};

package/dist/chunk-XVKIRHTX.js

@@ -0,0 +1,29 @@
+// src/lib/parse-json-input.ts
+function stripUndefined(obj) {
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    if (value !== void 0) {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+function parseJsonInput(jsonStr, flagValues) {
+  if (!jsonStr) {
+    return flagValues;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(jsonStr);
+  } catch {
+    throw new Error(`Invalid JSON in --input-json: ${jsonStr.slice(0, 100)}`);
+  }
+  if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+    throw new Error("--input-json must be a JSON object");
+  }
+  return { ...parsed, ...stripUndefined(flagValues) };
+}
+
+export {
+  parseJsonInput
+};