Skip to content

Address PR review comments: type safety, error sanitization, and testing#73

Merged
jlantz merged 5 commits into
claude/adapt-agent-standards-KzMkwfrom
copilot/sub-pr-71
Jan 31, 2026
Merged

Address PR review comments: type safety, error sanitization, and testing#73
jlantz merged 5 commits into
claude/adapt-agent-standards-KzMkwfrom
copilot/sub-pr-71

Conversation

Copilot AI commented Jan 31, 2026

Copy link
Copy Markdown
Contributor

Addresses all review comments from PR #71 on the WASM bridge implementation.

Type Safety

  • Fix UpdateRecordUpdateMultipleRecord in update_multiple signature
  • Fix u32u64 for max_records parameter to match bridge type definitions
  • Update default API version from 62.0 to 65.0 across codebase

Security & Memory

  • Use Arc<str> instead of String for access_token and instance_url fields to reduce credential duplication in memory
  • Sanitize error codes before returning to WASM guests—map internal error types to stable codes (AUTH_ERROR, HTTP_500, RATE_LIMITED) instead of exposing Debug format
// Before: leaked internal type structure
Err(e) => BridgeResult::err(format!("{:?}", e.kind), e.to_string())

// After: stable error codes
Err(e) => {
    let (code, message) = sanitize_rest_error(&e);
    BridgeResult::err(code, message)
}

Documentation & Testing

  • Add integration tests for sf-bridge (module loading, WASM validation)
  • Document testing strategy for sf-guest-sdk at module level—unit tests require Extism runtime, tested via integration and examples
  • Clarify SOQL injection prevention is guest responsibility; host validates structured inputs (IDs, field names)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 3 commits January 31, 2026 12:30
…error sanitization

- Fix type from UpdateRecord to UpdateMultipleRecord in update_multiple
- Fix type from u32 to u64 for max_records parameter
- Update default API version from 62.0 to 65.0 (sf-wasm-types and example)
- Use Arc<str> for access_token and instance_url to reduce memory copies
- Sanitize error codes instead of exposing Debug format to WASM guests
- Update security documentation to clarify SOQL injection responsibility

Co-authored-by: jlantz <1697127+jlantz@users.noreply.github.com>
… sf-guest-sdk

- Add integration tests for sf-bridge (module loading, WASM validation)
- Document why unit tests aren't feasible for sf-guest-sdk (requires Extism runtime)
- Explain that guest SDK is tested via bridge integration tests and examples
- Add busbar-sf-bridge to dev-dependencies for integration tests

Co-authored-by: jlantz <1697127+jlantz@users.noreply.github.com>
- Make invalid WASM test assertion specific (expect rejection at construction)
- Move testing strategy documentation to module-level doc comment for visibility
- Remove duplicate testing notes at end of sf-guest-sdk file

Co-authored-by: jlantz <1697127+jlantz@users.noreply.github.com>
Copilot AI changed the title [WIP] Add WASM bridge for sandboxed Salesforce API access Address PR review comments: type safety, error sanitization, and testing Jan 31, 2026
Copilot AI requested a review from jlantz January 31, 2026 12:41
@jlantz jlantz marked this pull request as ready for review January 31, 2026 20:41
@jlantz jlantz merged commit 356475f into claude/adapt-agent-standards-KzMkw Jan 31, 2026
@jlantz jlantz deleted the copilot/sub-pr-71 branch January 31, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants