refactor: code review fixes — security, architecture, performance#21
Merged
refactor: code review fixes — security, architecture, performance#21
Conversation
Security: - FORGE content safety scan (isCodeSafe) blocks dangerous code patterns - ORACLE max_tokens centralized via getMaxOracleOutputTokens() - Macro data sanitized for prompt injection (sanitizeMacroText) - FORGE protected file prefixes and backslash path traversal check - FORGE line-count uses actual diff, not net line change - API keys stripped from error logs (sanitizeErrorMessage) Architecture: - Extracted shared utils (salvageJSON, stripSurrogates, extractJSON, paths, groupBy) - Cached loadAllJournalEntries() per session with invalidation Performance: - AbortSignal.timeout() on all 14 fetch calls (10-20s) - Phase 1 data fetches parallelized via Promise.allSettled Testing: 73 new tests (214 total across 9 files)
Security:
- ReDoS mitigation: bounded \s+ to \s{1,10} in injection patterns
- GitHub Pages XSS: bias values allowlisted before HTML injection
- resolvedSelfTasks: issueNumber validated, comment HTML stripped + capped
Code Quality:
- Crash handler now logs actual phase, not hardcoded "oracle"
- sessions.json capped to 500 entries (~8 months)
- Debug logging added to 9 empty catch blocks in agent.ts/axiom.ts
Low:
- npm install -> npm ci in GitHub Actions
- dist/ added to .gitignore
- TruffleHog --only-verified flag removed
Testing: 7 new tests (221 total)
Prevents TypeError when Claude API returns partial objects with missing fields (e.g., bias without notes, undefined changePercent).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Comprehensive fixes from architecture, security, and performance review.
Critical (2/2)
isCodeSafe()) blocks dangerous code patterns before writing to diskgetMaxOracleOutputTokens()in security.tsHigh (10/10)
sanitizeMacroText())sanitizeErrorMessage())src/utils.ts(salvageJSON, stripSurrogates, extractJSON, paths, groupBy)loadAllJournalEntries()cached per sessionAbortSignal.timeout()on all 14 fetch callsPromise.allSettledMedium (6/6)
Low (3/4)
npm ciin GitHub Actionsdist/in .gitignore--only-verifiedremovedDeferred
runSession()(separate PR)runAxiomReflection()(separate PR)Test plan
npx tsc --noEmit— clean buildnpx vitest run— 221 tests passing (80 new)