mlld/dist/chunk-RZIZRJBS.mjs.map

mlld: a modular prompt scripting language

{"version":3,"sources":["../interpreter/core/interpolation-context.ts"],"names":["InterpolationContext","EscapingStrategyFactory","register","context","strategy","strategies","set","getStrategy","get","Map","DefaultEscapingStrategy","escape","value","getContext","_a","ShellCommandEscapingStrategy","escaped","replace","TemplateEscapingStrategy","DataValueEscapingStrategy","getInterpolationContext","directiveType","subtype"],"mappings":";;;AAgBYA,IAAAA,oBAAAA,4BAAAA,qBAAAA,EAAAA;AACgC,EAAAA,qBAAAA,CAAA,SAAA,CAAA,GAAA,SAAA;AAGU,EAAAA,qBAAAA,CAAA,cAAA,CAAA,GAAA,eAAA;AAGI,EAAAA,qBAAAA,CAAA,WAAA,CAAA,GAAA,YAAA;AAGhB,EAAAA,qBAAAA,CAAA,KAAA,CAAA,GAAA,KAAA;AAGK,EAAAA,qBAAAA,CAAA,UAAA,CAAA,GAAA,UAAA;AAGC,EAAAA,qBAAAA,CAAA,WAAA,CAAA,GAAA,YAAA;AAGH,EAAAA,qBAAAA,CAAA,UAAA,CAAA,GAAA,WAAA;AAnBjCA,EAAAA,OAAAA,qBAAAA;;AAyCL,IAAMC,wBAAAA,GAAN,MAAMA,wBAAAA,CAAAA;EAGX,OAAOC,QAAAA,CAASC,SAA+BC,QAAkC,EAAA;AAC/E,IAAKC,IAAAA,CAAAA,UAAAA,CAAWC,GAAIH,CAAAA,OAAAA,EAASC,QAAAA,CAAAA;AAC/B;AAEA,EAAA,OAAOG,YAAYJ,OAAiD,EAAA;AAClE,IAAA,MAAMC,QAAW,GAAA,IAAA,CAAKC,UAAWG,CAAAA,GAAAA,CAAIL,OAAAA,CAAAA;AACrC,IAAA,IAAI,CAACC,QAAU,EAAA;AAEb,MAAO,OAAA,IAAA,CAAKC,UAAWG,CAAAA,GAAAA,CAAG,SAAA,CAAA;AAC5B;AACA,IAAOJ,OAAAA,QAAAA;AACT;AACF,CAAA;AAfaH,MAAAA,CAAAA,wBAAAA,EAAAA,yBAAAA,CAAAA;AACX,aADWA,CAAAA,wBAAAA,EACII,YAAa,kBAAA,IAAII,GAAAA,EAAAA,CAAAA;AAD3B,IAAMR,uBAAN,GAAA;AAzDP,IAAA,EAAA;AA6EA,IAAMS,2BAAN,EAAMA,GAAAA,MAAAA;AACJC,EAAAA,MAAAA,CAAOC,KAAuB,EAAA;AAC5B,IAAOA,OAAAA,KAAAA;AACT;EAEAC,UAAmC,GAAA;AACjC,IAAA,OAAA,SAAA;AACF;AACF,CAAA,EARMH,MAAN,CAAA,EAAA,EAAA,yBAAA,CAAA,EAAA,EAAA,CAAA;AA7EA,IAAAI,GAAAA;AA2FA,IAAMC,4BAAAA,IAAND,MAAA,MAAMC;AACJJ,EAAAA,MAAAA,CAAOC,KAAuB,EAAA;AAC5B,IAAI,IAAA,CAACA,OAAc,OAAA,EAAA;AASnB,IAAA,MAAMI,UAAUJ,KACbK,CAAAA,OAAAA,CAAQ,KAAO,EAAA,MAAA,EACfA,OAAQ,CAAA,IAAA,EAAM,KAAA,CAAA,CACdA,QAAQ,KAAO,EAAA,KAAA,CACfA,CAAAA,OAAAA,CAAQ,MAAM,KAAA,CAAA;AAEjB,IAAOD,OAAAA,OAAAA;AACT;EAEAH,UAAmC,GAAA;AACjC,IAAA,OAAA,eAAA;AACF;AACF,CAvBME,EAAAA,MAAAA,CAAAA,KAAAA,8BAAND,CAAAA,EAAAA,GAAAA,CAAAA;AA3FA,IAAAA,GAAAA;AAuHA,IAAMI,wBAAAA,IAANJ,MAAA,MAAMI;AACJP,EAAAA,MAAAA,CAAOC,KAAuB,EAAA;AAE5B,IAAOA,OAAAA,KAAAA;AACT;EAEAC,UAAmC,GAAA;AACjC,IAAA,OAAA,UAAA;AACF;AACF,CATMK,EAAAA,MAAAA,CAAAA,KAAAA,0BAANJ,CAAAA,EAAAA,GAAAA,CAAAA;AAvHA,IAAAA,GAAAA;AAqIA,IAAMK,yBAAAA,IAANL,MAAA,MAAMK;AACJR,EAAAA,MAAAA,CAAOC,KAAuB,EAAA;AAG5B,IAAOA,OAAAA,KAAAA;AACT;EAEAC,UAAmC,GAAA;AACjC,IAAA,OAAA,YAAA;AACF;AACF,CAVMM,EAAAA,MAAAA,CAAAA,KAAAA,2BAANL,CAAAA,EAAAA,GAAAA,CAAAA;AAeAb,uBAAAA,CAAwBC,QAAQ,CAAA,SAAA,EAA+B,IAAIQ,uBAAAA,EAAAA,CAAAA;AACnET,uBAAAA,CAAwBC,QAAQ,CAAA,eAAA,EAAoC,IAAIa,4BAAAA,EAAAA,CAAAA;AACxEd,uBAAAA,CAAwBC,QAAQ,CAAA,UAAA,EAAgC,IAAIgB,wBAAAA,EAAAA,CAAAA;AACpEjB,uBAAAA,CAAwBC,QAAQ,CAAA,YAAA,EAAiC,IAAIiB,yBAAAA,EAAAA,CAAAA;AAK9D,SAASC,uBAAAA,CAAwBC,eAAwBC,OAAgB,EAAA;AAC9E,EAAI,IAAA,CAACD,eAAe,OAAA,SAAA;AAEpB,EAAA,QAAQA,aAAAA;IACN,KAAK,KAAA;AACH,MAAIC,IAAAA,OAAAA,KAAY,YAAgBA,IAAAA,OAAAA,KAAY,SAAW,EAAA;AACrD,QAAA,OAAA,eAAA;AACF;AACA,MAAA,IAAIA,YAAY,SAAW,EAAA;AACzB,QAAA,OAAA,YAAA;AACF;AACA,MAAA;IAEF,KAAK,MAAA;AACH,MAAA,OAAA,eAAA;IAEF,KAAK,MAAA;AACH,MAAA,OAAA,UAAA;IAEF,KAAK,MAAA;AACH,MAAA,OAAA,YAAA;IAEF,KAAK,MAAA;AACH,MAAA,OAAA,WAAA;IAEF,KAAK,KAAA;AAEH,MAAA,OAAA,UAAA;AACJ;AAEA,EAAA,OAAA,SAAA;AACF;AA/BgBF,MAAAA,CAAAA,uBAAAA,EAAAA,yBAAAA,CAAAA","file":"chunk-RZIZRJBS.mjs","sourcesContent":["// String operations are legitimate in this file for security escaping\n// This file implements security-critical escaping strategies for different execution\n// contexts (shell, URL, etc.). String manipulation here prevents injection attacks\n// by properly escaping special characters based on the target context.\n\n/**\n * Interpolation Context System\n * \n * This module defines how values should be escaped/formatted based on\n * where they're being used. This ensures that:\n * - Shell commands get proper shell escaping\n * - URLs get URL encoding\n * - Templates remain literal\n * - Data values are formatted appropriately\n */\n\nexport enum InterpolationContext {\n  /** Default context - no special escaping */\n  Default = 'default',\n  \n  /** Shell command context - requires shell escaping */\n  ShellCommand = 'shell-command',\n  \n  /** Shell code block context - different escaping rules */\n  ShellCode = 'shell-code',\n  \n  /** URL context - requires URL encoding */\n  Url = 'url',\n  \n  /** Template content - values remain literal */\n  Template = 'template',\n  \n  /** Data value context - JSON-like formatting */\n  DataValue = 'data-value',\n  \n  /** File path context - path normalization */\n  FilePath = 'file-path'\n}\n\n/**\n * Escaping strategy interface\n */\nexport interface EscapingStrategy {\n  /**\n   * Escape a value for safe use in this context\n   */\n  escape(value: string): string;\n  \n  /**\n   * Get the context type\n   */\n  getContext(): InterpolationContext;\n}\n\n/**\n * Factory for creating escaping strategies\n */\nexport class EscapingStrategyFactory {\n  private static strategies = new Map<InterpolationContext, EscapingStrategy>();\n  \n  static register(context: InterpolationContext, strategy: EscapingStrategy): void {\n    this.strategies.set(context, strategy);\n  }\n  \n  static getStrategy(context: InterpolationContext): EscapingStrategy {\n    const strategy = this.strategies.get(context);\n    if (!strategy) {\n      // Fallback to default\n      return this.strategies.get(InterpolationContext.Default)!;\n    }\n    return strategy;\n  }\n}\n\n/**\n * Default escaping - no transformation\n */\nclass DefaultEscapingStrategy implements EscapingStrategy {\n  escape(value: string): string {\n    return value;\n  }\n  \n  getContext(): InterpolationContext {\n    return InterpolationContext.Default;\n  }\n}\n\n/**\n * Shell command escaping strategy\n * Properly escapes values for use in shell commands\n */\nclass ShellCommandEscapingStrategy implements EscapingStrategy {\n  escape(value: string): string {\n    if (!value) return '';\n    \n    // For shell commands, we need to handle the fact that the value\n    // will be used within double quotes in the shell command.\n    // The strategy is to escape characters that have special meaning \n    // in double-quoted strings: \\ $ ` \"\n    // This preserves literal values when interpolating mlld variables\n    \n    // Important: We must escape backslashes first to avoid double-escaping\n    const escaped = value\n      .replace(/\\\\/g, '\\\\\\\\')  // Escape backslashes first\n      .replace(/\"/g, '\\\\\"')    // Escape double quotes\n      .replace(/\\$/g, '\\\\$')   // Escape dollar signs to preserve literal values\n      .replace(/`/g, '\\\\`');   // Escape backticks\n    \n    return escaped;\n  }\n  \n  getContext(): InterpolationContext {\n    return InterpolationContext.ShellCommand;\n  }\n}\n\n/**\n * Template escaping - values remain completely literal\n */\nclass TemplateEscapingStrategy implements EscapingStrategy {\n  escape(value: string): string {\n    // Templates should never modify the value\n    return value;\n  }\n  \n  getContext(): InterpolationContext {\n    return InterpolationContext.Template;\n  }\n}\n\n/**\n * Data value escaping - for use in data contexts\n */\nclass DataValueEscapingStrategy implements EscapingStrategy {\n  escape(value: string): string {\n    // For data values, we might want to ensure proper JSON escaping\n    // but for now, keep it literal\n    return value;\n  }\n  \n  getContext(): InterpolationContext {\n    return InterpolationContext.DataValue;\n  }\n}\n\n/**\n * Initialize default strategies\n */\nEscapingStrategyFactory.register(InterpolationContext.Default, new DefaultEscapingStrategy());\nEscapingStrategyFactory.register(InterpolationContext.ShellCommand, new ShellCommandEscapingStrategy());\nEscapingStrategyFactory.register(InterpolationContext.Template, new TemplateEscapingStrategy());\nEscapingStrategyFactory.register(InterpolationContext.DataValue, new DataValueEscapingStrategy());\n\n/**\n * Helper to determine the appropriate context based on the directive type and subtype\n */\nexport function getInterpolationContext(directiveType?: string, subtype?: string): InterpolationContext {\n  if (!directiveType) return InterpolationContext.Default;\n  \n  switch (directiveType) {\n    case 'run':\n      if (subtype === 'runCommand' || subtype === 'runExec') {\n        return InterpolationContext.ShellCommand;\n      }\n      if (subtype === 'runCode') {\n        return InterpolationContext.ShellCode;\n      }\n      break;\n      \n    case 'exec':\n      return InterpolationContext.ShellCommand;\n      \n    case 'text':\n      return InterpolationContext.Template;\n      \n    case 'data':\n      return InterpolationContext.DataValue;\n      \n    case 'path':\n      return InterpolationContext.FilePath;\n      \n    case 'add':\n      // Add directives output literal content\n      return InterpolationContext.Template;\n  }\n  \n  return InterpolationContext.Default;\n}"]}