refactor(types): comprehensive TypeScript type system improvements

Major type system refactoring and error fixes across the codebase: **Type System Improvements:** - Extended OpenFangStreamEvent with 'connected' and 'agents_updated' event types - Added GatewayPong interface for WebSocket pong responses - Added index signature to MemorySearchOptions for Record compatibility - Fixed RawApproval interface with hand_name, run_id properties **Gateway & Protocol Fixes:** - Fixed performHandshake nonce handling in gateway-client.ts - Fixed onAgentStream callback type definitions - Fixed HandRun runId mapping to handle undefined values - Fixed Approval mapping with proper default values **Memory System Fixes:** - Fixed MemoryEntry creation with required properties (lastAccessedAt, accessCount) - Replaced getByAgent with getAll method in vector-memory.ts - Fixed MemorySearchOptions type compatibility **Component Fixes:** - Fixed ReflectionLog property names (filePath→file, proposedContent→suggestedContent) - Fixed SkillMarket suggestSkills async call arguments - Fixed message-virtualization useRef generic type - Fixed session-persistence messageCount type conversion **Code Cleanup:** - Removed unused imports and variables across multiple files - Consolidated StoredError interface (removed duplicate) - Deleted obsolete test files (feedbackStore.test.ts, memory-index.test.ts) **New Features:** - Added browser automation module (Tauri backend) - Added Active Learning Panel component - Added Agent Onboarding Wizard - Added Memory Graph visualization - Added Personality Selector - Added Skill Market store and components Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 08:05:07 +08:00
parent adfd7024df
commit f4efc823e2
80 changed files with 9496 additions and 1390 deletions
--- a/desktop/src/components/CreateTriggerModal.tsx
+++ b/desktop/src/components/CreateTriggerModal.tsx
@@ -20,6 +20,54 @@ import {
  Bell,
 } from 'lucide-react';

+// === ReDoS Protection ===
+
+const MAX_PATTERN_LENGTH = 200;
+const REGEX_TIMEOUT_MS = 100;
+
+// Dangerous regex patterns that can cause catastrophic backtracking
+const DANGEROUS_PATTERNS = [
+  /\([^)]*\+[^)]*\)\+/,      // Nested quantifiers like (a+)+
+  /\([^)]*\*[^)]*\)\*/,      // Nested quantifiers like (a*)*
+  /\([^)]*\+[^)]*\)\*/,      // Mixed nested quantifiers
+  /\([^)]*\*[^)]*\)\+/,      // Mixed nested quantifiers
+  /\.\*\.\*/,                // Multiple greedy wildcards
+  /\.+\.\+/,                 // Multiple greedy wildcards
+  /(.*)\1{3,}/,              // Backreference loops
+];
+
+function validateRegexPattern(pattern: string): { valid: boolean; error?: string } {
+  // Length check
+  if (pattern.length > MAX_PATTERN_LENGTH) {
+    return { valid: false, error: `Pattern too long (max ${MAX_PATTERN_LENGTH} chars)` };
+  }
+
+  // Check for dangerous constructs
+  for (const dangerous of DANGEROUS_PATTERNS) {
+    if (dangerous.test(pattern)) {
+      return { valid: false, error: 'Pattern contains potentially dangerous constructs' };
+    }
+  }
+
+  // Validate syntax and check execution time
+  try {
+    const regex = new RegExp(pattern);
+    const testString = 'a'.repeat(20) + 'b'.repeat(20);
+    const start = Date.now();
+    regex.test(testString);
+    const elapsed = Date.now() - start;
+
+    if (elapsed > REGEX_TIMEOUT_MS) {
+      return { valid: false, error: 'Pattern is too complex (execution timeout)' };
+    }
+
+    return { valid: true };
+  } catch (err: unknown) {
+    const message = err instanceof Error ? err.message : 'Invalid pattern';
+    return { valid: false, error: `Invalid regular expression: ${message}` };
+  }
+}
+
 // === Types ===

 type TriggerType = 'webhook' | 'event' | 'message';
@@ -146,11 +194,10 @@ export function CreateTriggerModal({ isOpen, onClose, onSuccess }: CreateTrigger
        if (!formData.pattern.trim()) {
          newErrors.pattern = 'Pattern is required';
        } else {
-          // Validate regex pattern
-          try {
-            new RegExp(formData.pattern);
-          } catch {
-            newErrors.pattern = 'Invalid regular expression pattern';
+          // Validate regex pattern with ReDoS protection
+          const validation = validateRegexPattern(formData.pattern);
+          if (!validation.valid) {
+            newErrors.pattern = validation.error || 'Invalid pattern';
          }
        }
        break;