@dollhousemcp/mcp-server
Version:
DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.
100 lines • 3.89 kB
TypeScript
/**
* InputNormalizer - Industry-standard input normalization at the boundary
*
* Architecture Pattern: Defense in Depth - Normalize Once at Entry Point
*
* This utility enforces the principle of "normalize at the boundary" for security:
* - Recursively normalizes ALL string values in input objects
* - Uses UnicodeValidator.normalize() as the single normalization implementation
* - Returns normalized object + aggregated security issues
* - Validators receive clean, pre-normalized data
*
* Security Benefits:
* - Single normalization point (no scattered validateContent calls)
* - Can't forget to normalize a field
* - Separation of concerns (normalization vs validation)
* - Easier to audit and maintain
*
* Usage:
* ```typescript
* // At the validation boundary (GenericElementValidator)
* const normalized = InputNormalizer.normalize(data);
*
* if (normalized.hasHighOrCriticalIssues) {
* return ValidatorHelpers.fail(normalized.errors);
* }
*
* // Now validate the normalized data
* const result = await this.validateFields(normalized.data);
* ```
*
* @see UnicodeValidator.normalize() - Core normalization implementation
* @see GenericElementValidator - Uses this at the boundary
*/
/**
* Result from input normalization
*/
export interface NormalizationResult<T = unknown> {
/** The normalized data structure with all strings normalized */
data: T;
/** Whether normalization detected any issues */
hasIssues: boolean;
/** Whether critical-severity issues were detected */
hasCriticalIssues: boolean;
/** Whether high-or-critical issues were detected that should fail validation (#1782-6) */
hasHighOrCriticalIssues: boolean;
/** All errors detected during normalization (critical issues) */
errors: string[];
/** All warnings detected during normalization (non-critical issues) */
warnings: string[];
/** Detailed issues by path (for debugging) */
issuesByPath: Map<string, string[]>;
/** Highest severity level detected */
maxSeverity?: 'low' | 'medium' | 'high' | 'critical';
}
/**
* InputNormalizer - Recursively normalizes all string values in an object
*
* This class provides a centralized, recursive normalization utility that:
* - Walks object/array structures recursively
* - Normalizes every string value using UnicodeValidator
* - Aggregates security issues across all fields
* - Preserves non-string values unchanged
* - Tracks normalization path for detailed error reporting
*/
export declare class InputNormalizer {
/**
* Normalize all string values in an object/array structure
*
* @param input - Input data to normalize (object, array, or primitive)
* @param path - Current path in object tree (for error tracking)
* @returns Normalization result with normalized data and detected issues
*
* @example
* ```typescript
* const input = {
* name: 'Test\u200BName', // Zero-width space
* description: 'Café', // Legitimate Unicode
* nested: {
* field: 'Val\u202Eue' // Direction override
* }
* };
*
* const result = InputNormalizer.normalize(input);
* console.log(result.data.name); // 'TestName' (cleaned)
* console.log(result.warnings); // ['name: Zero-width characters detected', ...]
* ```
*/
static normalize<T = unknown>(input: T, path?: string): NormalizationResult<T>;
/**
* Quick check if input needs normalization (has suspicious Unicode)
*
* This is an optimization - you can check if normalization is needed
* before doing expensive recursive normalization.
*
* @param input - Input data to check
* @returns True if input contains potentially dangerous Unicode
*/
static needsNormalization(input: unknown): boolean;
}
//# sourceMappingURL=InputNormalizer.d.ts.map