elasticsearch-mcp
Version:
Secure MCP server for Elasticsearch integration with comprehensive tools and Elastic Cloud support
146 lines • 6.34 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.ExportToCSVArgsSchema = exports.DeleteDocumentArgsSchema = exports.UpdateDocumentArgsSchema = exports.InsertDataArgsSchema = exports.CreateIndexArgsSchema = exports.FetchIndicesArgsSchema = exports.SearchArgsSchema = exports.RefreshSchema = exports.PaginationSchema = exports.SourceSchema = exports.HighlightSchema = exports.AggregationsSchema = exports.SortSchema = exports.QuerySchema = exports.DocumentIdSchema = exports.IndexNameSchema = void 0;
exports.validateIndexName = validateIndexName;
exports.validateDocumentId = validateDocumentId;
exports.validatePagination = validatePagination;
exports.sanitizeQuery = sanitizeQuery;
exports.sanitizeScriptSource = sanitizeScriptSource;
const zod_1 = require("zod");
exports.IndexNameSchema = zod_1.z.string()
.min(1, 'Index name cannot be empty')
.max(255, 'Index name cannot exceed 255 characters')
.regex(/^[a-z0-9_.-]+$/, 'Index name must contain only lowercase letters, numbers, hyphens, underscores, and dots')
.refine(name => !name.startsWith('.') || name.startsWith('.'), 'Index name cannot start with a dot unless it is a system index')
.refine(name => name !== '.' && name !== '..', 'Index name cannot be "." or ".."');
exports.DocumentIdSchema = zod_1.z.string()
.min(1, 'Document ID cannot be empty')
.max(512, 'Document ID cannot exceed 512 characters');
exports.QuerySchema = zod_1.z.record(zod_1.z.unknown());
exports.SortSchema = zod_1.z.array(zod_1.z.record(zod_1.z.unknown()));
exports.AggregationsSchema = zod_1.z.record(zod_1.z.unknown());
exports.HighlightSchema = zod_1.z.record(zod_1.z.unknown());
exports.SourceSchema = zod_1.z.union([
zod_1.z.array(zod_1.z.string()),
zod_1.z.boolean(),
]);
exports.PaginationSchema = zod_1.z.object({
size: zod_1.z.number().int().min(1).max(10000).optional(),
from: zod_1.z.number().int().min(0).optional(),
});
exports.RefreshSchema = zod_1.z.union([
zod_1.z.boolean(),
zod_1.z.literal('wait_for'),
zod_1.z.literal('false'),
zod_1.z.literal('true'),
]).optional();
exports.SearchArgsSchema = zod_1.z.object({
index: exports.IndexNameSchema,
query: exports.QuerySchema.optional(),
size: zod_1.z.number().int().min(1).max(10000).optional(),
from: zod_1.z.number().int().min(0).optional(),
sort: exports.SortSchema.optional(),
aggregations: exports.AggregationsSchema.optional(),
highlight: exports.HighlightSchema.optional(),
source: exports.SourceSchema.optional(),
}).strict();
exports.FetchIndicesArgsSchema = zod_1.z.object({
pattern: zod_1.z.string().optional(),
includeSystemIndices: zod_1.z.boolean().optional(),
sortBy: zod_1.z.enum(['name', 'size', 'docs']).optional(),
}).strict();
exports.CreateIndexArgsSchema = zod_1.z.object({
name: exports.IndexNameSchema,
mappings: zod_1.z.record(zod_1.z.unknown()).optional(),
settings: zod_1.z.record(zod_1.z.unknown()).optional(),
aliases: zod_1.z.array(zod_1.z.string()).optional(),
}).strict();
exports.InsertDataArgsSchema = zod_1.z.object({
index: exports.IndexNameSchema,
document: zod_1.z.record(zod_1.z.unknown()),
id: exports.DocumentIdSchema.optional(),
refresh: exports.RefreshSchema.optional(),
}).strict();
exports.UpdateDocumentArgsSchema = zod_1.z.object({
index: exports.IndexNameSchema,
id: exports.DocumentIdSchema,
document: zod_1.z.record(zod_1.z.unknown()).optional(),
script: zod_1.z.object({
source: zod_1.z.string(),
params: zod_1.z.record(zod_1.z.unknown()).optional(),
}).optional(),
upsert: zod_1.z.boolean().optional(),
refresh: exports.RefreshSchema.optional(),
}).strict().refine(data => data.document || data.script, 'Either document or script must be provided');
exports.DeleteDocumentArgsSchema = zod_1.z.object({
index: exports.IndexNameSchema,
id: exports.DocumentIdSchema.optional(),
query: exports.QuerySchema.optional(),
conflicts: zod_1.z.enum(['abort', 'proceed']).optional(),
refresh: exports.RefreshSchema.optional(),
}).strict().refine(data => data.id || data.query, 'Either id or query must be provided');
exports.ExportToCSVArgsSchema = zod_1.z.object({
index: exports.IndexNameSchema,
query: exports.QuerySchema.optional(),
fields: zod_1.z.array(zod_1.z.string()).optional(),
filename: zod_1.z.string().optional(),
format: zod_1.z.object({
delimiter: zod_1.z.string().length(1).optional(),
quote: zod_1.z.string().length(1).optional(),
escape: zod_1.z.string().length(1).optional(),
header: zod_1.z.boolean().optional(),
}).optional(),
maxRows: zod_1.z.number().int().min(1).max(1000000).optional(),
compress: zod_1.z.boolean().optional(),
}).strict();
function validateIndexName(name) {
return exports.IndexNameSchema.parse(name);
}
function validateDocumentId(id) {
return exports.DocumentIdSchema.parse(id);
}
function validatePagination(params) {
const result = exports.PaginationSchema.parse(params);
return {
size: result.size,
from: result.from,
};
}
function sanitizeQuery(query) {
if (!query)
return undefined;
if (typeof query !== 'object' || Array.isArray(query)) {
throw new Error('Query must be an object');
}
const sanitized = { ...query };
const dangerousKeys = ['script', '_source', 'size', 'from'];
for (const key of dangerousKeys) {
if (key in sanitized && typeof sanitized[key] === 'string') {
const value = sanitized[key];
if (value.includes('System.') || value.includes('Runtime.') || value.includes('Process.')) {
throw new Error(`Potentially dangerous query detected in ${key}`);
}
}
}
return sanitized;
}
function sanitizeScriptSource(source) {
const dangerousPatterns = [
/System\./g,
/Runtime\./g,
/Process\./g,
/java\.lang/g,
/java\.io/g,
/java\.nio/g,
/exec\(/g,
/eval\(/g,
/Function\(/g,
];
for (const pattern of dangerousPatterns) {
if (pattern.test(source)) {
throw new Error('Script contains potentially dangerous code');
}
}
return source;
}
//# sourceMappingURL=schemas.js.map