@dollhousemcp/mcp-server
Version:
DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.
112 lines • 3.92 kB
TypeScript
/**
* Secure YAML Parser for DollhouseMCP - For Markdown Files with YAML Frontmatter
*
* IMPORTANT: This parser is specifically designed for Markdown files with YAML frontmatter
* (the format used by personas, skills, templates, and other elements).
*
* USE THIS FOR:
* - Persona files (e.g., creative-writer.md)
* - Skill files (e.g., code-review.md)
* - Template files (e.g., meeting-notes.md)
* - Any Markdown file with YAML frontmatter between --- markers
*
* DO NOT USE THIS FOR:
* - Pure YAML configuration files (use js-yaml directly with FAILSAFE_SCHEMA)
* - JSON files
* - Plain text files without frontmatter
*
* FILE FORMAT EXPECTED:
* ```
* ---
* name: Element Name
* description: Element description
* version: 1.0.0
* ---
*
* # Markdown content here
* The actual content/instructions go here...
* ```
*
* Provides safe YAML parsing that prevents deserialization attacks
* by using a restricted schema and pre-validation.
*
* Security: SEC-003 - YAML parsing vulnerability protection
*/
import matter from 'gray-matter';
export interface SecureParseOptions {
maxYamlSize?: number;
maxContentSize?: number;
allowedKeys?: string[];
validateContent?: boolean;
validateFields?: boolean;
/** Content context for ContentValidator — exempts legitimate patterns (e.g., <script> in templates) */
contentContext?: 'persona' | 'skill' | 'template' | 'agent' | 'memory';
}
export interface ParsedContent {
data: Record<string, any>;
content: string;
excerpt?: string;
}
export declare class SecureYamlParser {
private static readonly DEFAULT_OPTIONS;
private static readonly SAFE_SCHEMA;
private static readonly FIELD_VALIDATORS;
/**
* Parse a Markdown file with YAML frontmatter (Securely)
*
* @param input - The full content of a Markdown file with YAML frontmatter
* @param options - Parsing options for security and validation
* @returns ParsedContent with separated YAML data and Markdown content
*
* @example
* ```typescript
* // For a persona file:
* const personaFile = `---
* name: Creative Writer
* description: A creative writing assistant
* ---
* You are a creative writer...`;
*
* const result = SecureYamlParser.parse(personaFile);
* // result.data = { name: 'Creative Writer', description: '...' }
* // result.content = 'You are a creative writer...'
* ```
*/
static parse(input: string, options?: SecureParseOptions): ParsedContent;
/**
* Create a secure gray-matter compatible parser
*/
static createSecureMatterParser(): {
parse: (input: string) => {
data: Record<string, any>;
content: string;
excerpt: string | undefined;
orig: string;
};
stringify: (content: string, data: any) => string;
};
/**
* Safe wrapper for gray-matter with security validations
*/
static safeMatter(input: string, options?: matter.GrayMatterOption<string, any>, secureOptions?: SecureParseOptions): matter.GrayMatterFile<string>;
/**
* Parse raw YAML content safely (not frontmatter, just plain YAML)
*
* USE THIS FOR:
* - Export package data fields
* - Configuration snippets
* - Any pure YAML string that needs parsing
*
* This uses CORE_SCHEMA which only allows safe basic types:
* - strings, numbers, booleans, null
* - arrays and objects
* - NO custom types, functions, or code execution
*
* @param yamlContent - Raw YAML string to parse
* @param maxSize - Maximum allowed size (default 64KB)
* @returns Parsed object
* @throws SecurityError if content is too large or contains threats
*/
static parseRawYaml(yamlContent: string, maxSize?: number): Record<string, unknown>;
}
//# sourceMappingURL=secureYamlParser.d.ts.map