/** * Input Validation Limits * * Defines security limits for input validation across MCP tools. * These limits help prevent DoS attacks via malformed or excessive inputs. */ /** * Maximum length for search query strings (characters) * * Prevents memory exhaustion and slow embedding generation for very long queries. * 1000 characters is sufficient for any reasonable search query while preventing abuse. */ export declare const MAX_QUERY_LENGTH = 1000; /** * Maximum length for glob patterns (characters) * * Long patterns can cause performance issues and potential ReDoS. * 200 characters is sufficient for any reasonable file pattern. */ export declare const MAX_GLOB_PATTERN_LENGTH = 200; /** * Maximum number of wildcard characters in a glob pattern * * Excessive wildcards can cause exponential backtracking in pattern matching. * 10 wildcards is more than enough for any legitimate use case. */ export declare const MAX_GLOB_PATTERN_WILDCARDS = 10; /** * Maximum number of brace expansion groups in a glob pattern * * Brace expansion like {a,b,c} can cause combinatorial explosion. * Limit to prevent patterns like {a,b}{c,d}{e,f}... from exploding. */ export declare const MAX_GLOB_BRACE_GROUPS = 5; /** * Maximum total items in brace expansion * * Limits the total number of alternatives across all brace groups. * e.g., {a,b,c,d,e} counts as 5 items. */ export declare const MAX_GLOB_BRACE_ITEMS = 20; /** * Known ReDoS-prone pattern fragments to reject * * These patterns can cause exponential time complexity in regex engines. * While minimatch isn't a regex engine, similar issues can occur. */ export declare const REDOS_PATTERNS: RegExp[]; /** * Validate a glob pattern for safety * * Checks for: * - Length limits * - Wildcard count limits * - ReDoS-prone patterns * - Brace expansion limits * * @param pattern - The glob pattern to validate * @returns Object with valid boolean and optional error message */ export declare function isPatternSafe(pattern: string): { valid: boolean; error?: string; }; /** * Maximum number of chunks that can be generated from a single file. * * Prevents memory exhaustion from maliciously crafted files that would * generate an excessive number of chunks. 1000 chunks is sufficient for * files up to ~4MB with default chunking settings. */ export declare const MAX_CHUNKS_PER_FILE = 1000; /** * Warning threshold for chunks per file (80% of max). * * When reached, a warning is logged to help identify files that * may be approaching the limit. */ export declare const CHUNKS_WARNING_THRESHOLD: number; /** * Maximum number of pending file watcher events. * * Prevents memory exhaustion from rapid file changes that could * overwhelm the event queue. 1000 events is generous for normal * development workflows. */ export declare const MAX_PENDING_FILE_EVENTS = 1000; /** * Warning threshold for pending file events (80% of max). */ export declare const PENDING_EVENTS_WARNING_THRESHOLD: number; /** * Maximum directory traversal depth for gitignore loading. * * Prevents stack overflow and excessive recursion from deeply nested * directory structures. 20 levels is more than sufficient for any * reasonable project structure. */ export declare const MAX_DIRECTORY_DEPTH = 20; /** * Maximum number of files returned from glob operations. * * Prevents memory exhaustion from glob patterns that match too many files. * 100,000 files is a generous limit for even very large projects. */ export declare const MAX_GLOB_RESULTS = 100000; /** * Timeout for glob operations in milliseconds. * * Prevents indefinite hangs from glob operations on slow filesystems * or extremely large directory trees. */ export declare const GLOB_TIMEOUT_MS = 30000; /** * Maximum size for JSON configuration/metadata files in bytes. * * Prevents memory exhaustion from parsing maliciously large JSON files. * 10MB is generous for any reasonable configuration file. */ export declare const MAX_JSON_FILE_SIZE: number; /** * Error thrown when a resource limit is exceeded */ export declare class ResourceLimitError extends Error { readonly limitName: string; readonly actualValue: number; readonly maxValue: number; constructor(limitName: string, actualValue: number, maxValue: number, message?: string); } /** * Safely load and parse a JSON file with size limits. * * Checks file size before reading to prevent memory exhaustion from * maliciously large JSON files. * * @param filePath - Absolute path to the JSON file * @param maxSize - Maximum allowed file size in bytes (default: MAX_JSON_FILE_SIZE) * @returns Parsed JSON content * @throws ResourceLimitError if file exceeds size limit * @throws Error if file doesn't exist or can't be parsed * * @example * ```typescript * const config = await safeLoadJSON('/path/to/config.json'); * ``` */ export declare function safeLoadJSON(filePath: string, maxSize?: number): Promise; /** * Synchronous version of safeLoadJSON. * * @param filePath - Absolute path to the JSON file * @param maxSize - Maximum allowed file size in bytes (default: MAX_JSON_FILE_SIZE) * @returns Parsed JSON content * @throws ResourceLimitError if file exceeds size limit */ export declare function safeLoadJSONSync(filePath: string, maxSize?: number): T; //# sourceMappingURL=limits.d.ts.map