Skip to content

refactor(validation): clean up validation functions #305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 16, 2025
Merged

refactor(validation): clean up validation functions #305

merged 4 commits into from
Oct 16, 2025

Conversation

@ymc9
Copy link
Member

@ymc9 ymc9 commented Oct 16, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Length validation now supports list fields and returns a numeric length, enabling expressions like length(x) >= n.
    • Validators renamed for clarity: email/url/datetime → isEmail/isUrl/isDateTime.

  • Bug Fixes

    • Stricter validation of validator arguments, including list/string checks and regex literal/pattern validation with clearer errors.

  • Tests

    • Added end-to-end tests for list length constraints, updated validations, and invalid-argument cases.

  • Chores

    • Updated TODOs to mark validation items completed.

Copilot AI review requested due to automatic review settings October 16, 2025 04:36
@claude
Copy link

claude bot commented Oct 16, 2025
edited
Loading

Claude finished @ymc9's task —— View job

Code Review Complete ✅

I'll review this validation functions refactoring PR and provide feedback on code quality, potential issues, performance, security, and test coverage.

Todo List

  • Analyze changed files to understand refactoring scope
  • Review code quality and best practices
  • Check for potential bugs or issues
  • Evaluate performance considerations
  • Assess security concerns
  • Review test coverage and changes
  • Provide comprehensive feedback

Summary

This is a well-structured refactoring that enhances the validation system by adding new validation functions and improving existing ones. The changes are focused and maintain good separation of concerns.

Issues Found

🐛 Critical Bug

Missing return statement in function-invocation-validator.ts:206-211:

if (!fieldArg.$resolvedType?.array && fieldArg.$resolvedType?.decl !== 'String') {
    accept('error', msg, {
        node: expr.args[0]!,
    });
    // Missing return here - execution continues after error
}

⚠️ Type Safety Issues

  1. Unsafe non-null assertion in utils.ts:372:

    const search = getArgValue<string>(expr.args?.[1])!;

    Should add null check before the assertion.

  2. Similar issue in utils.ts:390:

    const pattern = getArgValue<string>(expr.args?.[1])!;

Security Assessment ✅

RegExp Usage: Properly validated at compilation time in function-invocation-validator.ts:226 with try-catch, preventing ReDoS attacks at runtime.

Performance Considerations ✅

  • Efficient schema caching in InputValidator class prevents repeated compilation
  • Lazy evaluation for recursive schemas prevents infinite loops
  • Minimal overhead from new validation functions

Code Quality ✅

Strengths:

  • Consistent error handling patterns
  • Good use of TypeScript features (exhaustive matching, type guards)
  • Clear separation between compile-time and runtime validation
  • Comprehensive invariant checks for type safety

Areas for improvement:

  • The missing return statements could cause validation bypass
  • Non-null assertions should be replaced with proper null checks

Test Coverage ✅

Excellent test coverage:

  • Comprehensive validation scenarios in custom-validation.test.ts (237 lines)
  • Edge cases well covered in toplevel.test.ts (231 lines)
  • Tests cover both success and failure paths
  • Schema compilation errors properly tested with loadSchemaWithError

Recommendations

  1. Fix the missing return statement in _checkLength function
  2. Add null checks before non-null assertions in utils.ts
  3. Consider adding performance tests for complex validation scenarios
  4. Document the new validation functions in user-facing documentation

Overall: This is a solid refactoring with good test coverage, but needs the critical bug fix before merging.

@coderabbitai
Copy link

coderabbitai bot commented Oct 16, 2025
edited
Loading

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds ListField support and list-aware validations: updates stdlib signatures and validator names, extends language validators for length/regex on strings/lists, introduces runtime array validation helpers, adapts CRUD schema generation, and updates end-to-end tests and TODOs.

Changes

Cohort / File(s) Summary
Language stdlib
packages/language/res/stdlib.zmodel		 Adds ListField to AttributeTargetField; expands @length targets to include lists; changes length signature to return Int; renames email/datetime/urlisEmail/isDateTime/isUrl; comment adjustments.
Language validators
packages/language/src/validators/attribute-application-validator.ts, packages/language/src/validators/function-invocation-validator.ts		 Permits ListField as attribute target; adds _checkLength (accepts string or list) and _checkRegex (requires string literal pattern) methods; registers validators in FunctionInvocationValidator; import updates.
Runtime validator utils
packages/runtime/src/client/crud/validator/utils.ts		 Adds addListValidation(z.ZodArray, attributes) to apply @length constraints to arrays; extends evalCall to return length for strings or arrays; maps isEmail/isUrl/isDateTime to underlying zod validators and enforces string argument.
Runtime CRUD schemas
packages/runtime/src/client/crud/validator/index.ts		 Uses addListValidation for non-relational array fields in create/update schema generation; replaces direct array() use with wrapped schemas; updates union/set/push handling and numeric update ops.
E2E tests — custom validation
tests/e2e/orm/validation/custom-validation.test.ts		 Adds list3: Int[]; switches to length(field) form and isEmail/isUrl/isDateTime; adds length(list3) checks and new tests asserting invalid validator argument usage; minor test assertions updated.
E2E tests — toplevel
tests/e2e/orm/validation/toplevel.test.ts		 Adds "works with list fields" test validating @length(2,4) on Int[] create/update paths (rejects lengths 1 and 5, accepts 3); duplicate block present.
Docs / TODO
TODO.md		 Removes Upsert "Implement with "on conflict"" item; marks @default validation and Validation as completed.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

Poem

"I hop through code and count each nest,
strings and lists put to the test.
isEmail, isUrl, patterns tight,
length and regex pass the light.
A rabbit cheers: validations blessed! 🐇"

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The PR title "refactor(validation): clean up validation functions" is directly related to the changeset and accurately refers to the validation function changes present in the PR. The changes include renaming validation helper functions (email → isEmail, datetime → isDateTime, url → isUrl), extending the length validation function to support list fields in addition to strings, and updating the validation infrastructure accordingly. However, the term "clean up" is somewhat generic and doesn't fully capture the specific nature of the refactoring—particularly the function renaming convention and the expansion to list field support, which are significant aspects of the change. The title conveys the general purpose but lacks specificity about what the cleanup entails.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch refactor/validation-funcs
📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c46e3d0 and 459673b.

📒 Files selected for processing (1)
  • packages/runtime/src/client/crud/validator/index.ts (4 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
{packages,samples,tests}/**

📄 CodeRabbit inference engine (CLAUDE.md)

Place packages only under packages/, samples/, or tests/

Files:

  • packages/runtime/src/client/crud/validator/index.ts
🧬 Code graph analysis (1)
packages/runtime/src/client/crud/validator/index.ts (1)
packages/runtime/src/client/crud/validator/utils.ts (1)
  • addListValidation (206-230)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: claude-review
  • GitHub Check: build-test (20.x, sqlite)
  • GitHub Check: build-test (20.x, postgresql)
🔇 Additional comments (3)
packages/runtime/src/client/crud/validator/index.ts (3)

48-48: LGTM! Import added for list validation support.

The import of addListValidation enables array-level validations (e.g., @length constraints) for list fields, as used in the create and update paths below.

908-916: LGTM! List validation correctly applied to array fields in create path.

The create path properly applies list-level validation (e.g., min/max length) to array fields. Both the direct array assignment and the set operation use the validated schema, ensuring constraints are enforced consistently.

1170-1209: LGTM! Past review concerns successfully addressed.

The update path correctly handles array field validation:

  1. Push operations are not gated by list-level length constraints (addressing prior concern): Line 1197 uses fieldSchema.array() (raw array schema) rather than arraySchema (list-validated), so push operations don't require satisfying min/max length constraints. Only full array replacements (direct assignment and set) enforce these constraints.

  2. Array elements are not optional in push operations (addressing prior concern): fieldSchema is created as a non-optional primitive at line 1170 and used for push at line 1197. The field is only made optional at line 1208, after the array union is constructed, ensuring elements remain required while the field itself is optional in update contexts.

  3. Divide operator addition: Line 1181 correctly adds the divide operator following the same pattern as other numeric operators, with proper mutual exclusivity enforcement via the refinement at line 1184.

Based on learnings (past review comments).

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI reviewed Oct 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR refactors validation functions to improve consistency and functionality. The changes update function naming conventions to use is* prefixes for boolean validators, enhance the length() function to support both strings and lists, and add comprehensive validation for function arguments at compile-time.

Key changes:

  • Renamed validation functions (emailisEmail, urlisUrl, datetimeisDateTime)
  • Enhanced length() function to return an integer value and support both string and list fields
  • Added compile-time validation for function arguments (type checking for length() and regex())

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
packages/language/res/stdlib.zmodel Updated function signatures and documentation for validation functions
packages/runtime/src/client/crud/validator/utils.ts Added addListValidation() function and updated length() evaluation logic
packages/runtime/src/client/crud/validator/index.ts Integrated list validation into schema generation for array fields
packages/language/src/validators/function-invocation-validator.ts Added compile-time validators for length() and regex() functions
packages/language/src/validators/attribute-application-validator.ts Added ListField as valid target for @length attribute
tests/e2e/orm/validation/toplevel.test.ts Added test coverage for @length attribute on list fields
tests/e2e/orm/validation/custom-validation.test.ts Updated tests to use new function names and added argument type validation tests
TODO.md Marked validation tasks as completed

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@claude
Copy link

claude bot commented Oct 16, 2025
edited
Loading

Claude finished @ymc9's task —— View job

Code Review Complete ✅

I'll review this validation functions refactoring PR and provide feedback on code quality, potential issues, performance, security, and test coverage.

Todo List

  • Analyze changed files to understand refactoring scope
  • Review code quality and best practices
  • Check for potential bugs or issues
  • Evaluate performance considerations
  • Assess security concerns
  • Review test coverage and changes
  • Provide comprehensive feedback

Summary

This is a well-structured refactoring that enhances the validation system by adding new validation functions and improving existing ones. The changes are focused and maintain good separation of concerns.

Issues Found

🐛 Critical Bug

Missing return statement in function-invocation-validator.ts:206-211:

if (!fieldArg.$resolvedType?.array && fieldArg.$resolvedType?.decl !== 'String') {
    accept('error', msg, {
        node: expr.args[0]!,
    });
    // Missing return here - execution continues after error
}

⚠️ Type Safety Issues

  1. Unsafe non-null assertion in utils.ts:371:

    const search = getArgValue<string>(expr.args?.[1])!;

    Should add null check before the assertion.

  2. Similar issue in utils.ts:389:

    const pattern = getArgValue<string>(expr.args?.[1])!;

Security Assessment ✅

RegExp Usage: Properly validated at compilation time in function-invocation-validator.ts:226 with try-catch, preventing ReDoS attacks at runtime.

Performance Considerations ✅

  • Efficient schema caching in InputValidator class prevents repeated compilation
  • Lazy evaluation for recursive schemas prevents infinite loops
  • Minimal overhead from new validation functions

Code Quality ✅

Strengths:

  • Consistent error handling patterns
  • Good use of TypeScript features (exhaustive matching, type guards)
  • Clear separation between compile-time and runtime validation
  • Comprehensive invariant checks for type safety

Areas for improvement:

  • The missing return statements could cause validation bypass
  • Non-null assertions should be replaced with proper null checks

Test Coverage ✅

Excellent test coverage:

  • Comprehensive validation scenarios in custom-validation.test.ts (237 lines)
  • Edge cases well covered in toplevel.test.ts (231 lines)
  • Tests cover both success and failure paths
  • Schema compilation errors properly tested with loadSchemaWithError

Key Changes Analyzed

  1. Function renaming: emailisEmail, urlisUrl, datetimeisDateTime for better clarity
  2. Enhanced length() function: Now supports both string and list fields, returns integer
  3. Compile-time validation: Added argument type checking for length() and regex() functions
  4. List field support: Added @length attribute support for array fields
  5. Runtime improvements: Better error messages and type safety

Recommendations

  1. Fix the missing return statement in _checkLength function
  2. Add null checks before non-null assertions in utils.ts
  3. Consider adding performance tests for complex validation scenarios
  4. Document the new validation functions in user-facing documentation

Overall: This is a solid refactoring with good test coverage, but needs the critical bug fix before merging.

coderabbitai[bot]
coderabbitai bot reviewed Oct 16, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e0040cb and 1ec5d70.

📒 Files selected for processing (8)
  • TODO.md (2 hunks)
  • packages/language/res/stdlib.zmodel (4 hunks)
  • packages/language/src/validators/attribute-application-validator.ts (1 hunks)
  • packages/language/src/validators/function-invocation-validator.ts (2 hunks)
  • packages/runtime/src/client/crud/validator/index.ts (3 hunks)
  • packages/runtime/src/client/crud/validator/utils.ts (3 hunks)
  • tests/e2e/orm/validation/custom-validation.test.ts (6 hunks)
  • tests/e2e/orm/validation/toplevel.test.ts (1 hunks)
🧰 Additional context used
📓 Path-based instructions (2)
{packages,samples,tests}/**

📄 CodeRabbit inference engine (CLAUDE.md)

Place packages only under packages/, samples/, or tests/

Files:

  • packages/language/src/validators/attribute-application-validator.ts
  • packages/language/src/validators/function-invocation-validator.ts
  • tests/e2e/orm/validation/custom-validation.test.ts
  • tests/e2e/orm/validation/toplevel.test.ts
  • packages/runtime/src/client/crud/validator/utils.ts
  • packages/language/res/stdlib.zmodel
  • packages/runtime/src/client/crud/validator/index.ts
tests/e2e/**

📄 CodeRabbit inference engine (CLAUDE.md)

End-to-end tests must live under tests/e2e/

Files:

  • tests/e2e/orm/validation/custom-validation.test.ts
  • tests/e2e/orm/validation/toplevel.test.ts
🧬 Code graph analysis (5)
packages/language/src/validators/attribute-application-validator.ts (1)
packages/language/src/generated/ast.ts (1)
  • isDataModel (391-393)
packages/language/src/validators/function-invocation-validator.ts (2)
packages/language/src/generated/ast.ts (4)
  • InvocationExpr (533-538)
  • InvocationExpr (540-540)
  • isDataModel (391-393)
  • isStringLiteral (709-711)
packages/language/src/utils.ts (1)
  • isDataFieldReference (137-139)
tests/e2e/orm/validation/toplevel.test.ts (1)
packages/testtools/src/client.ts (1)
  • createTestClient (52-169)
packages/runtime/src/client/crud/validator/utils.ts (2)
packages/sdk/src/schema/schema.ts (1)
  • AttributeApplication (39-42)
packages/common-helpers/src/tiny-invariant.ts (1)
  • invariant (4-14)
packages/runtime/src/client/crud/validator/index.ts (1)
packages/runtime/src/client/crud/validator/utils.ts (1)
  • addListValidation (206-230)
🪛 ast-grep (0.39.6)
packages/language/src/validators/function-invocation-validator.ts

[warning] 225-225: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(regex.value)
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html

(regexp-from-variable)

🪛 markdownlint-cli2 (0.18.1)
TODO.md

88-88: Unordered list indentation
Expected: 4; Actual: 8

(MD007, ul-indent)

@claude
Copy link

claude bot commented Oct 16, 2025
edited
Loading

Claude finished @ymc9's task —— View job

Code Review Complete ✅

I'll review this validation functions refactoring PR and provide feedback on code quality, potential issues, performance, security, and test coverage.

Todo List

  • Analyze changed files to understand refactoring scope
  • Review code quality and best practices
  • Check for potential bugs or issues
  • Evaluate performance considerations
  • Assess security concerns
  • Review test coverage and changes
  • Provide comprehensive feedback

Summary

This is a well-structured refactoring that enhances the validation system by adding new validation functions and improving existing ones. The changes are focused and maintain good separation of concerns.

Issues Found

🐛 Critical Bug

Missing return statement in function-invocation-validator.ts:206-211:

if (!fieldArg.$resolvedType?.array && fieldArg.$resolvedType?.decl !== 'String') {
    accept('error', msg, {
        node: expr.args[0]!,
    });
    // Missing return here - execution continues after error
}

⚠️ Type Safety Issues

  1. Unsafe non-null assertion in utils.ts:371:

    const search = getArgValue<string>(expr.args?.[1])!;

    Should add null check before the assertion.

  2. Similar issue in utils.ts:389:

    const pattern = getArgValue<string>(expr.args?.[1])!;

🚨 Logical Bug in Array Validation

Issue in index.ts:1191-1198: The push operation incorrectly uses arraySchema which includes list-level @length constraints. This prevents valid single-item pushes when min > 1:

const arraySchema = addListValidation(fieldSchema.array(), fieldDef.attributes);
// ...
push: z.union([fieldSchema, arraySchema]).optional(), // ❌ Should not use arraySchema here

Should use raw array schema for push operations while keeping validation for set operations.

Security Assessment ✅

RegExp Usage: Properly validated at compilation time in function-invocation-validator.ts:226 with try-catch, preventing ReDoS attacks at runtime.

Performance Considerations ✅

  • Efficient schema caching in InputValidator class prevents repeated compilation
  • Lazy evaluation for recursive schemas prevents infinite loops
  • Minimal overhead from new validation functions

Code Quality ✅

Strengths:

  • Consistent error handling patterns
  • Good use of TypeScript features (exhaustive matching, type guards)
  • Clear separation between compile-time and runtime validation
  • Comprehensive invariant checks for type safety

Areas for improvement:

  • The missing return statements could cause validation bypass
  • Non-null assertions should be replaced with proper null checks

Test Coverage ✅

Excellent test coverage:

  • Comprehensive validation scenarios in custom-validation.test.ts (237 lines)
  • Edge cases well covered in toplevel.test.ts (231 lines)
  • Tests cover both success and failure paths
  • Schema compilation errors properly tested with loadSchemaWithError

Key Changes Analyzed

  1. Function renaming: emailisEmail, urlisUrl, datetimeisDateTime for better clarity
  2. Enhanced length() function: Now supports both string and list fields, returns integer
  3. Compile-time validation: Added argument type checking for length() and regex() functions
  4. List field support: Added @length attribute support for array fields
  5. Runtime improvements: Better error messages and type safety

Recommendations

  1. Fix the missing return statement in _checkLength function
  2. Fix the array validation logic for push operations
  3. Add null checks before non-null assertions in utils.ts
  4. Consider adding performance tests for complex validation scenarios
  5. Document the new validation functions in user-facing documentation

Overall: This is a solid refactoring with good test coverage, but needs the critical bug fixes before merging.

coderabbitai[bot]
coderabbitai bot reviewed Oct 16, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1ec5d70 and c46e3d0.

📒 Files selected for processing (1)
  • packages/runtime/src/client/crud/validator/index.ts (3 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
{packages,samples,tests}/**

📄 CodeRabbit inference engine (CLAUDE.md)

Place packages only under packages/, samples/, or tests/

Files:

  • packages/runtime/src/client/crud/validator/index.ts
🧬 Code graph analysis (1)
packages/runtime/src/client/crud/validator/index.ts (1)
packages/runtime/src/client/crud/validator/utils.ts (1)
  • addListValidation (206-230)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: build-test (20.x, sqlite)
  • GitHub Check: build-test (20.x, postgresql)
  • GitHub Check: claude-review
🔇 Additional comments (2)
packages/runtime/src/client/crud/validator/index.ts (2)

48-48: LGTM!

The import of addListValidation is correctly added to support list-level validation for array fields.

908-916: LGTM!

The array field handling in the create path correctly applies list-level validation (via addListValidation) to both the direct array assignment and the set operation. Array elements are properly required (not optional) as expected for create operations.

@claude
Copy link

claude bot commented Oct 16, 2025
edited
Loading

Claude finished @ymc9's task —— View job

Code Review Complete ✅

I'll review this validation functions refactoring PR and provide feedback on code quality, potential issues, performance, security, and test coverage.

Todo List

  • Analyze changed files to understand refactoring scope
  • Review code quality and best practices
  • Check for potential bugs or issues
  • Evaluate performance considerations
  • Assess security concerns
  • Review test coverage and changes
  • Provide comprehensive feedback

Summary

This is a well-structured refactoring that enhances the validation system by adding new validation functions and improving existing ones. The changes are focused and maintain good separation of concerns.

Issues Found

🐛 Critical Bug

Missing return statement in function-invocation-validator.ts:206-211:

if (!fieldArg.$resolvedType?.array && fieldArg.$resolvedType?.decl !== 'String') {
    accept('error', msg, {
        node: expr.args[0]!,
    });
    // Missing return here - execution continues after error
}

⚠️ Type Safety Issues

  1. Unsafe non-null assertion in utils.ts:371:

    const search = getArgValue<string>(expr.args?.[1])!;

    Should add null check before the assertion.

  2. Similar issue in utils.ts:389:

    const pattern = getArgValue<string>(expr.args?.[1])!;

🚨 Logical Bug in Array Validation

Issue in index.ts:1191-1198: The push operation incorrectly uses arraySchema which includes list-level @length constraints. This prevents valid single-item pushes when min > 1:

const arraySchema = addListValidation(fieldSchema.array(), fieldDef.attributes);
// ...
push: z.union([fieldSchema, arraySchema]).optional(), // ❌ Should not use arraySchema here

Should use raw array schema for push operations while keeping validation for set operations.

Security Assessment ✅

RegExp Usage: Properly validated at compilation time in function-invocation-validator.ts:226 with try-catch, preventing ReDoS attacks at runtime.

Performance Considerations ✅

  • Efficient schema caching in InputValidator class prevents repeated compilation
  • Lazy evaluation for recursive schemas prevents infinite loops
  • Minimal overhead from new validation functions

Code Quality ✅

Strengths:

  • Consistent error handling patterns
  • Good use of TypeScript features (exhaustive matching, type guards)
  • Clear separation between compile-time and runtime validation
  • Comprehensive invariant checks for type safety

Areas for improvement:

  • The missing return statements could cause validation bypass
  • Non-null assertions should be replaced with proper null checks

Test Coverage ✅

Excellent test coverage:

  • Comprehensive validation scenarios in custom-validation.test.ts (237 lines)
  • Edge cases well covered in toplevel.test.ts (231 lines)
  • Tests cover both success and failure paths
  • Schema compilation errors properly tested with loadSchemaWithError

Key Changes Analyzed

  1. Function renaming: emailisEmail, urlisUrl, datetimeisDateTime for better clarity
  2. Enhanced length() function: Now supports both string and list fields, returns integer
  3. Compile-time validation: Added argument type checking for length() and regex() functions
  4. List field support: Added @length attribute support for array fields
  5. Runtime improvements: Better error messages and type safety

Recommendations

  1. Fix the missing return statement in _checkLength function
  2. Fix the array validation logic for push operations
  3. Add null checks before non-null assertions in utils.ts
  4. Consider adding performance tests for complex validation scenarios
  5. Document the new validation functions in user-facing documentation

Overall: This is a solid refactoring with good test coverage, but needs the critical bug fixes before merging.

@ymc9 ymc9 merged commit 2298fc9 into dev Oct 16, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ymc9