wyrm-mcp 7.2.0 → 7.2.2

package/dist/ulid.js

@@ -1,81 +1 @@
-/**
- * Wyrm ULID — crypto-based monotonic ULID generator (v7 F2, T008).
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- *
- * 26-char Crockford-base32 identifier: 10 chars of millisecond timestamp +
- * 16 chars (80 bits) of crypto randomness. Used as `runs.run_id` (migration 20)
- * so run ids sort lexicographically in creation order — `ORDER BY run_id`
- * is `ORDER BY started-at` for free, with no coordination table.
- *
- * Monotonic within this process: two calls in the same millisecond (or after a
- * backwards clock step) increment the random tail instead of re-rolling, so ids
- * from one generator are ALWAYS strictly increasing. Zero dependencies — built
- * on node:crypto randomBytes (Article I: fully offline, no LLM, no network).
- */
-import { randomBytes } from 'crypto';
-/** Crockford base32 alphabet (no I, L, O, U — unambiguous when read aloud). */
-const ENCODING = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';
-const TIME_LEN = 10; // 48-bit ms timestamp -> 10 base32 chars (good past year 10889)
-const RANDOM_LEN = 16; // 80 bits of randomness -> 16 base32 chars
-let lastTime = -1;
-let lastRandom = [];
-function encodeTime(time) {
-    let out = '';
-    for (let i = 0; i < TIME_LEN; i++) {
-        out = ENCODING[time % 32] + out;
-        time = Math.floor(time / 32);
-    }
-    return out;
-}
-/** 16 uniform base32 digits from crypto randomness (256 % 32 === 0: no modulo bias). */
-function randomDigits() {
-    const bytes = randomBytes(RANDOM_LEN);
-    const digits = new Array(RANDOM_LEN);
-    for (let i = 0; i < RANDOM_LEN; i++)
-        digits[i] = bytes[i] % 32;
-    return digits;
-}
-/**
- * Generate a monotonic ULID. `now` is injectable for tests; defaults to
- * Date.now(). If the clock reads the same ms as (or earlier than) the previous
- * call, the previous timestamp is reused and the random tail incremented —
- * strict lexicographic monotonicity survives same-ms bursts and clock skew.
- */
-export function ulid(now = Date.now()) {
-    let digits;
-    let time = now;
-    if (now <= lastTime) {
-        // Same millisecond or clock went backwards: stay monotonic by reusing the
-        // last timestamp and incrementing the 80-bit random tail by one.
-        time = lastTime;
-        digits = lastRandom.slice();
-        let i = RANDOM_LEN - 1;
-        for (; i >= 0; i--) {
-            if (digits[i] < 31) {
-                digits[i]++;
-                break;
-            }
-            digits[i] = 0;
-        }
-        if (i < 0) {
-            // 2^80 increments in one ms — practically unreachable; re-roll.
-            digits = randomDigits();
-        }
-    }
-    else {
-        digits = randomDigits();
-    }
-    lastTime = time;
-    lastRandom = digits;
-    let tail = '';
-    for (let i = 0; i < RANDOM_LEN; i++)
-        tail += ENCODING[digits[i]];
-    return encodeTime(time) + tail;
-}
-/** Shape check: 26 Crockford-base32 chars (excludes I, L, O, U). */
-export function isUlid(value) {
-    return typeof value === 'string' && /^[0-9A-HJKMNP-TV-Z]{26}$/.test(value);
-}
-//# sourceMappingURL=ulid.js.map
+import{randomBytes as a}from"crypto";const s="0123456789ABCDEFGHJKMNPQRSTVWXYZ",u=10,n=16;let r=-1,f=[];function d(e){let t="";for(let i=0;i<u;i++)t=s[e%32]+t,e=Math.floor(e/32);return t}function c(){const e=a(n),t=new Array(n);for(let i=0;i<n;i++)t[i]=e[i]%32;return t}function m(e=Date.now()){let t,i=e;if(e<=r){i=r,t=f.slice();let o=n-1;for(;o>=0;o--){if(t[o]<31){t[o]++;break}t[o]=0}o<0&&(t=c())}else t=c();r=i,f=t;let l="";for(let o=0;o<n;o++)l+=s[t[o]];return d(i)+l}function D(e){return typeof e=="string"&&/^[0-9A-HJKMNP-TV-Z]{26}$/.test(e)}export{D as isUlid,m as ulid};

package/dist/validate.js

@@ -1,129 +1 @@
-/**
- * Boundary input validation for MCP tool arguments.
- *
- * v7 Pillar 4 (harden by construction) / Constitution Article VII (secure by
- * default). Coerce + validate a tool argument AT THE DISPATCH SEAM so a handler
- * never receives an out-of-contract value — closing the class the v6.14.1
- * `wyrm_prune` SQL-injection belonged to (a string where an integer was assumed).
- *
- * Every validator throws {@link ValidationError} on bad input; the CallTool
- * dispatcher catches it and returns a clean `isError` response — never a crash,
- * never an injection sink. The low-level MCP `Server` treats `inputSchema` as
- * advisory only, so this is the real enforcement layer.
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later
- */
-export class ValidationError extends Error {
-    field;
-    constructor(field, reason) {
-        super(`'${field}' ${reason}`);
-        this.name = 'ValidationError';
-        this.field = field;
-    }
-}
-const isNil = (v) => v === undefined || v === null;
-/** Integer, coerced from a clean numeric string. Returns `default`/undefined when absent. */
-export function asInt(field, v, opts = {}) {
-    if (isNil(v))
-        return opts.default;
-    let n;
-    if (typeof v === 'number')
-        n = v;
-    else if (typeof v === 'string' && /^[+-]?\d+$/.test(v.trim()))
-        n = Number(v.trim());
-    else
-        throw new ValidationError(field, 'must be an integer');
-    if (!Number.isInteger(n))
-        throw new ValidationError(field, 'must be an integer');
-    if (opts.min !== undefined && n < opts.min)
-        throw new ValidationError(field, `must be >= ${opts.min}`);
-    if (opts.max !== undefined && n > opts.max)
-        throw new ValidationError(field, `must be <= ${opts.max}`);
-    return n;
-}
-/** Required integer — throws if absent. */
-export function requireInt(field, v, opts = {}) {
-    const n = asInt(field, v, opts);
-    if (n === undefined)
-        throw new ValidationError(field, 'is required');
-    return n;
-}
-/** Finite number (float allowed). */
-export function asNumber(field, v, opts = {}) {
-    if (isNil(v))
-        return opts.default;
-    let n;
-    if (typeof v === 'number')
-        n = v;
-    else if (typeof v === 'string' && v.trim() !== '' && Number.isFinite(Number(v)))
-        n = Number(v);
-    else
-        throw new ValidationError(field, 'must be a number');
-    if (!Number.isFinite(n))
-        throw new ValidationError(field, 'must be a finite number');
-    if (opts.min !== undefined && n < opts.min)
-        throw new ValidationError(field, `must be >= ${opts.min}`);
-    if (opts.max !== undefined && n > opts.max)
-        throw new ValidationError(field, `must be <= ${opts.max}`);
-    return n;
-}
-/** String with optional length + pattern bounds. */
-export function asString(field, v, opts = {}) {
-    if (isNil(v))
-        return opts.default;
-    if (typeof v !== 'string')
-        throw new ValidationError(field, 'must be a string');
-    if (opts.minLen !== undefined && v.length < opts.minLen)
-        throw new ValidationError(field, `must be at least ${opts.minLen} characters`);
-    if (opts.maxLen !== undefined && v.length > opts.maxLen)
-        throw new ValidationError(field, `must be at most ${opts.maxLen} characters`);
-    if (opts.pattern && !opts.pattern.test(v))
-        throw new ValidationError(field, 'has an invalid format');
-    return v;
-}
-/** Required string — throws if absent. */
-export function requireString(field, v, opts = {}) {
-    const s = asString(field, v, opts);
-    if (s === undefined)
-        throw new ValidationError(field, 'is required');
-    return s;
-}
-/** Boolean, accepting the common truthy/falsey wire encodings (`'1'`/`'0'`, `'true'`/`'false'`, `1`/`0`). */
-export function asBool(field, v, def) {
-    if (isNil(v))
-        return def;
-    if (typeof v === 'boolean')
-        return v;
-    if (v === 'true' || v === '1' || v === 1)
-        return true;
-    if (v === 'false' || v === '0' || v === 0)
-        return false;
-    throw new ValidationError(field, 'must be a boolean');
-}
-/** One of a fixed allowed set. */
-export function asEnum(field, v, allowed, def) {
-    if (isNil(v))
-        return def;
-    if (typeof v !== 'string' || !allowed.includes(v)) {
-        throw new ValidationError(field, `must be one of: ${allowed.join(', ')}`);
-    }
-    return v;
-}
-/** Array of strings, each optionally length-bounded. */
-export function asStringArray(field, v, opts = {}) {
-    if (isNil(v))
-        return undefined;
-    if (!Array.isArray(v))
-        throw new ValidationError(field, 'must be an array');
-    if (opts.maxItems !== undefined && v.length > opts.maxItems)
-        throw new ValidationError(field, `must have at most ${opts.maxItems} items`);
-    return v.map((item, i) => {
-        if (typeof item !== 'string')
-            throw new ValidationError(`${field}[${i}]`, 'must be a string');
-        if (opts.maxLen !== undefined && item.length > opts.maxLen)
-            throw new ValidationError(`${field}[${i}]`, `must be at most ${opts.maxLen} characters`);
-        return item;
-    });
-}
-//# sourceMappingURL=validate.js.map
+class i extends Error{field;constructor(e,n){super(`'${e}' ${n}`),this.name="ValidationError",this.field=e}}const u=r=>r==null;function m(r,e,n={}){if(u(e))return n.default;let t;if(typeof e=="number")t=e;else if(typeof e=="string"&&/^[+-]?\d+$/.test(e.trim()))t=Number(e.trim());else throw new i(r,"must be an integer");if(!Number.isInteger(t))throw new i(r,"must be an integer");if(n.min!==void 0&&t<n.min)throw new i(r,`must be >= ${n.min}`);if(n.max!==void 0&&t>n.max)throw new i(r,`must be <= ${n.max}`);return t}function s(r,e,n={}){const t=m(r,e,n);if(t===void 0)throw new i(r,"is required");return t}function o(r,e,n={}){if(u(e))return n.default;let t;if(typeof e=="number")t=e;else if(typeof e=="string"&&e.trim()!==""&&Number.isFinite(Number(e)))t=Number(e);else throw new i(r,"must be a number");if(!Number.isFinite(t))throw new i(r,"must be a finite number");if(n.min!==void 0&&t<n.min)throw new i(r,`must be >= ${n.min}`);if(n.max!==void 0&&t>n.max)throw new i(r,`must be <= ${n.max}`);return t}function f(r,e,n={}){if(u(e))return n.default;if(typeof e!="string")throw new i(r,"must be a string");if(n.minLen!==void 0&&e.length<n.minLen)throw new i(r,`must be at least ${n.minLen} characters`);if(n.maxLen!==void 0&&e.length>n.maxLen)throw new i(r,`must be at most ${n.maxLen} characters`);if(n.pattern&&!n.pattern.test(e))throw new i(r,"has an invalid format");return e}function w(r,e,n={}){const t=f(r,e,n);if(t===void 0)throw new i(r,"is required");return t}function h(r,e,n){if(u(e))return n;if(typeof e=="boolean")return e;if(e==="true"||e==="1"||e===1)return!0;if(e==="false"||e==="0"||e===0)return!1;throw new i(r,"must be a boolean")}function b(r,e,n,t){if(u(e))return t;if(typeof e!="string"||!n.includes(e))throw new i(r,`must be one of: ${n.join(", ")}`);return e}function x(r,e,n={}){if(!u(e)){if(!Array.isArray(e))throw new i(r,"must be an array");if(n.maxItems!==void 0&&e.length>n.maxItems)throw new i(r,`must have at most ${n.maxItems} items`);return e.map((t,a)=>{if(typeof t!="string")throw new i(`${r}[${a}]`,"must be a string");if(n.maxLen!==void 0&&t.length>n.maxLen)throw new i(`${r}[${a}]`,`must be at most ${n.maxLen} characters`);return t})}}export{i as ValidationError,h as asBool,b as asEnum,m as asInt,o as asNumber,f as asString,x as asStringArray,s as requireInt,w as requireString};