Skip to content

[codex] Validate agent and service identifiers#229

Open
pq198363-ops wants to merge 1 commit into
Agentpay-Org:mainfrom
pq198363-ops:bounty-51-identifier-validation
Open

[codex] Validate agent and service identifiers#229
pq198363-ops wants to merge 1 commit into
Agentpay-Org:mainfrom
pq198363-ops:bounty-51-identifier-validation

Conversation

@pq198363-ops

Copy link
Copy Markdown

Closes #51

Summary

  • Added shared identifier validation for agent and serviceId.
  • Restricted identifiers to letters, numbers, ., _, and -, preserving the existing 256-char agent and 128-char service caps.
  • Rejected ambiguous or unsafe values such as ::, whitespace, newlines, commas, and control characters.
  • Applied validation to usage writes, bulk usage, settlement, service registration, service bulk registration, and path-param read/update routes.
  • Documented the identifier rules in the README.

Validation

RED evidence:

  • npm run build succeeded, then $env:NODE_ENV='test'; node --test dist/identifiers.test.js failed because unsafe identifiers such as bad::agent and newline-containing service IDs were accepted.

GREEN evidence:

  • npm run build
  • $env:NODE_ENV='test'; node --test dist/identifiers.test.js
  • npx prettier --check README.md src/identifiers.ts src/identifiers.test.ts src/routes/usage.ts src/routes/services.ts
  • npm run lint
  • git diff --check
  • Cleaned dist/, then ran npm run build
  • Windows test command: $env:NODE_ENV='test'; node --test dist/*.test.js dist/**/*.test.js

Result: full clean test run passed, 93 tests across 11 suites.

Notes

The validation is intentionally ASCII-only and separator-safe because these IDs flow into ${agent}::${serviceId} keys, path params, events, and exports. Existing valid IDs using alphanumerics, dot, underscore, or hyphen continue to work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add input sanitization and stricter validation for agent/serviceId identifiers

1 participant