claude-flow/v3/@claude-flow/cli/dist/src/commands/ruvector/pg-utils.js

Ruflo - Enterprise AI agent orchestration for Claude Code. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration

/**
 * PostgreSQL security utilities for RuVector commands.
 * Prevents SQL injection via identifier interpolation.
 *
 * @module v3/cli/commands/ruvector/pg-utils
 */
/**
 * Valid PostgreSQL identifier pattern.
 * Allows only ASCII letters, digits, and underscores.
 * Must start with a letter or underscore.
 */
const VALID_PG_IDENTIFIER = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
/**
 * Validate a PostgreSQL schema name.
 * Throws if the name contains characters that could enable SQL injection.
 * Safe names are returned as-is (no quoting needed since they match the identifier pattern).
 */
export function validateSchemaName(schema) {
    if (!schema || schema.length === 0) {
        throw new Error('Schema name must not be empty');
    }
    if (schema.length > 63) {
        throw new Error(`Schema name too long (${schema.length} chars, max 63): "${schema}"`);
    }
    if (!VALID_PG_IDENTIFIER.test(schema)) {
        throw new Error(`Invalid schema name: "${schema}". Must contain only letters, digits, and underscores, and start with a letter or underscore.`);
    }
    return schema;
}
/**
 * Validate a PostgreSQL timestamp string.
 * Only allows ISO 8601 format to prevent SQL injection via timestamp fields.
 */
const VALID_TIMESTAMP = /^\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}:\d{2}(\.\d+)?(Z|[+-]\d{2}:?\d{2})?$/;
export function validateTimestamp(value) {
    if (!VALID_TIMESTAMP.test(value)) {
        throw new Error(`Invalid timestamp format: "${value}". Expected ISO 8601.`);
    }
    return value;
}
//# sourceMappingURL=pg-utils.js.map