Add session size guards for URL and storage with explicit INVALID state handling - PR 11.225

Author: DavidQ

docs/dev/reports/PR_11_225_report.md

@@ -0,0 +1,67 @@
+# PR_11_225 Report - V2 Session Size Guard (URL + Storage Limits)
+
+## Files Changed
+- `tools/workspace-v2/index.js`
+- `tools/asset-browser-v2/index.js`
+- `tools/palette-manager-v2/index.js`
+- `tools/svg-asset-studio-v2/index.js`
+- `tools/tilemap-studio-v2/index.js`
+- `tools/vector-map-editor-v2/index.js`
+- `tests/runtime/V2SessionSize.test.mjs`
+- `docs/dev/reports/PR_11_225_report.md`
+
+## Thresholds Used
+- URL safe length limit: `2000` characters
+- Session payload size limit: `1,048,576` bytes (`1 MB`)
+
+## Guard Behavior
+### Workspace V2
+- Added size guard constants in `workspace-v2`:
+  - `this.urlLengthLimit = 2000`
+  - `this.sessionPayloadBytesLimit = 1024 * 1024`
+- Added payload-byte validation before sessionStorage writes:
+  - `applySessionPayload(...)`
+  - `createSessionAndLaunch(...)`
+- Added URL length guard for share links:
+  - blocks share-link creation when URL exceeds limit
+  - blocks decode when encoded session param exceeds limit
+- On exceed:
+  - operation does not proceed
+  - no truncation
+  - actionable message starts with:
+    - `Session size exceeds allowed limit...`
+
+### V2 Tool Readers
+- Added read-side size validation in all target `tools/*-v2/index.js` files:
+  - checks raw session string length before `JSON.parse`
+  - oversize payload routes to `renderError(...)` with:
+    - `Session size exceeds allowed limit...`
+  - keeps INVALID state behavior explicit
+
+## Runtime Size Tests
+Implemented `tests/runtime/V2SessionSize.test.mjs` cases:
+1. Under limit payload -> `VALID`
+2. Over URL limit payload -> `INVALID` (URL guard)
+3. Over storage limit payload -> `INVALID` (storage guard)
+
+Output:
+- `tmp/v2-session-size-results.json`
+
+## Validation Results
+Commands run:
+1. `node --check tests/runtime/V2SessionSize.test.mjs`  
+Result: **PASS**
+2. `node tests/runtime/V2SessionSize.test.mjs`  
+Result: **PASS**
+3. `node --check tools/workspace-v2/index.js`  
+Result: **PASS**
+
+Additional runtime assertions passed:
+- all five V2 tools contain size-limit read validation
+- no syntax failures in modified V2 tool JS files
+
+## No Fallback Confirmation
+- No payload splitting added.
+- No compression workaround added.
+- No silent truncation added.
+- No fallback/default/demo data introduced.

tests/runtime/V2SessionSize.test.mjs

@@ -0,0 +1,238 @@
+import assert from "node:assert/strict";
+import fs from "node:fs";
+import path from "node:path";
+import { execFileSync } from "node:child_process";
+import { fileURLToPath, pathToFileURL } from "node:url";
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const repoRoot = path.resolve(__dirname, "..", "..");
+const workspaceJsPath = path.join(repoRoot, "tools", "workspace-v2", "index.js");
+const toolsRoot = path.join(repoRoot, "tools");
+const resultsPath = path.join(repoRoot, "tmp", "v2-session-size-results.json");
+
+const URL_LENGTH_LIMIT = 2000;
+const SESSION_PAYLOAD_BYTES_LIMIT = 1024 * 1024;
+const TOOL_IDS = [
+  "asset-browser-v2",
+  "palette-manager-v2",
+  "svg-asset-studio-v2",
+  "tilemap-studio-v2",
+  "vector-map-editor-v2"
+];
+
+function readText(filePath) {
+  return fs.readFileSync(filePath, "utf8");
+}
+
+function checkJsSyntax(jsPath) {
+  try {
+    execFileSync(process.execPath, ["--check", jsPath], {
+      cwd: repoRoot,
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+    return { syntaxValid: true, syntaxError: "" };
+  } catch (error) {
+    return {
+      syntaxValid: false,
+      syntaxError: (error?.stderr || error?.stdout || error?.message || "").toString().trim()
+    };
+  }
+}
+
+function sessionPayloadMetrics(sessionPayload) {
+  const serializedPayload = JSON.stringify(sessionPayload);
+  return {
+    serializedPayload,
+    bytes: new TextEncoder().encode(serializedPayload).length
+  };
+}
+
+function encodeSessionPayload(sessionPayload) {
+  const json = JSON.stringify(sessionPayload);
+  const bytes = new TextEncoder().encode(json);
+  return Buffer.from(bytes).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+}
+
+function validateStorageLimit(sessionPayload) {
+  const metrics = sessionPayloadMetrics(sessionPayload);
+  if (metrics.bytes > SESSION_PAYLOAD_BYTES_LIMIT) {
+    return {
+      state: "INVALID",
+      message: `Session size exceeds allowed limit. Payload is ${metrics.bytes} bytes and limit is ${SESSION_PAYLOAD_BYTES_LIMIT} bytes.`,
+      metrics
+    };
+  }
+  return { state: "VALID", message: "Storage size is within limit.", metrics };
+}
+
+function validateUrlLimit(sessionPayload) {
+  const encoded = encodeSessionPayload(sessionPayload);
+  const shareUrl = new URL("https://example.test/tools/workspace-v2/index.html");
+  shareUrl.searchParams.set("session", encoded);
+  if (shareUrl.toString().length > URL_LENGTH_LIMIT) {
+    return {
+      state: "INVALID",
+      message: `Session size exceeds allowed limit for URL payload. URL length is ${shareUrl.toString().length} and limit is ${URL_LENGTH_LIMIT}.`,
+      encodedLength: encoded.length,
+      urlLength: shareUrl.toString().length
+    };
+  }
+  return {
+    state: "VALID",
+    message: "URL size is within limit.",
+    encodedLength: encoded.length,
+    urlLength: shareUrl.toString().length
+  };
+}
+
+function buildPayload(stringLength) {
+  return {
+    toolId: "asset-browser-v2",
+    payloadJson: {
+      assetCatalog: {
+        name: "Session Size Fixture",
+        entries: [
+          {
+            id: "asset-size-001",
+            label: "Large Entry",
+            kind: "svg",
+            path: `assets/${"x".repeat(stringLength)}.svg`
+          }
+        ]
+      }
+    }
+  };
+}
+
+function validateToolReadGuard(toolId) {
+  const jsPath = path.join(toolsRoot, toolId, "index.js");
+  const jsExists = fs.existsSync(jsPath);
+  const jsText = jsExists ? readText(jsPath) : "";
+  const { syntaxValid, syntaxError } = checkJsSyntax(jsPath);
+  const failures = [];
+  const hasLimitConstant = jsText.includes("this.sessionPayloadBytesLimit = 1024 * 1024");
+  const hasLimitMessage = jsText.includes("Session size exceeds allowed limit.");
+  const hasSerializedSessionVariable = jsText.includes("const serializedSession = window.sessionStorage.getItem(");
+  if (!jsExists) failures.push("Missing tool index.js.");
+  if (!syntaxValid) failures.push("Tool index.js failed syntax check.");
+  if (!hasLimitConstant) failures.push("Missing session payload size limit constant.");
+  if (!hasLimitMessage) failures.push("Missing size limit INVALID message.");
+  if (!hasSerializedSessionVariable) failures.push("Missing serialized session read path.");
+  return {
+    tool: toolId,
+    jsPath: path.relative(repoRoot, jsPath).replace(/\\/g, "/"),
+    jsExists,
+    syntaxValid,
+    syntaxError,
+    hasLimitConstant,
+    hasLimitMessage,
+    hasSerializedSessionVariable,
+    failures
+  };
+}
+
+export function run() {
+  const failures = [];
+  const workspaceJsExists = fs.existsSync(workspaceJsPath);
+  const workspaceJsText = workspaceJsExists ? readText(workspaceJsPath) : "";
+  const workspaceSyntax = checkJsSyntax(workspaceJsPath);
+
+  const hasWorkspaceUrlLimit = workspaceJsText.includes("this.urlLengthLimit = 2000");
+  const hasWorkspaceStorageLimit = workspaceJsText.includes("this.sessionPayloadBytesLimit = 1024 * 1024");
+  const hasStorageGuardMethod = workspaceJsText.includes("validateSessionPayloadSize(sessionPayload)");
+  const hasUrlGuardMessage = workspaceJsText.includes("Session size exceeds allowed limit for URL payload");
+  const hasStorageGuardMessage = workspaceJsText.includes("Session size exceeds allowed limit. Payload is");
+
+  if (!workspaceJsExists) failures.push("Missing tools/workspace-v2/index.js.");
+  if (!workspaceSyntax.syntaxValid) failures.push("tools/workspace-v2/index.js failed syntax check.");
+  if (!hasWorkspaceUrlLimit) failures.push("Missing workspace URL size limit constant.");
+  if (!hasWorkspaceStorageLimit) failures.push("Missing workspace storage size limit constant.");
+  if (!hasStorageGuardMethod) failures.push("Missing workspace validateSessionPayloadSize(sessionPayload).");
+  if (!hasUrlGuardMessage) failures.push("Missing workspace URL size guard message.");
+  if (!hasStorageGuardMessage) failures.push("Missing workspace storage size guard message.");
+
+  const underLimitPayload = buildPayload(200);
+  const overUrlLimitPayload = buildPayload(2600);
+  const overStorageLimitPayload = buildPayload(SESSION_PAYLOAD_BYTES_LIMIT + 5000);
+
+  const underStorageResult = validateStorageLimit(underLimitPayload);
+  const underUrlResult = validateUrlLimit(underLimitPayload);
+  const overUrlStorageResult = validateStorageLimit(overUrlLimitPayload);
+  const overUrlResult = validateUrlLimit(overUrlLimitPayload);
+  const overStorageResult = validateStorageLimit(overStorageLimitPayload);
+  const overStorageUrlResult = validateUrlLimit(overStorageLimitPayload);
+
+  if (underStorageResult.state !== "VALID" || underUrlResult.state !== "VALID") {
+    failures.push("Under-limit payload should be VALID for storage and URL.");
+  }
+  if (overUrlStorageResult.state !== "VALID") {
+    failures.push("URL-over-limit payload should remain storage-valid.");
+  }
+  if (overUrlResult.state !== "INVALID") {
+    failures.push("URL-over-limit payload should be INVALID for URL guard.");
+  }
+  if (overStorageResult.state !== "INVALID") {
+    failures.push("Storage-over-limit payload should be INVALID for storage guard.");
+  }
+  if (!overStorageResult.message.includes("Session size exceeds allowed limit")) {
+    failures.push("Storage-over-limit payload did not produce actionable limit message.");
+  }
+  if (overStorageUrlResult.state !== "INVALID") {
+    failures.push("Storage-over-limit payload should also exceed URL limit.");
+  }
+
+  const toolRows = TOOL_IDS.map(validateToolReadGuard);
+  toolRows.forEach((row) => {
+    row.failures.forEach((entry) => failures.push(`${row.tool}: ${entry}`));
+  });
+
+  fs.mkdirSync(path.dirname(resultsPath), { recursive: true });
+  fs.writeFileSync(resultsPath, `${JSON.stringify({
+    generatedAt: new Date().toISOString(),
+    thresholds: {
+      urlLengthLimit: URL_LENGTH_LIMIT,
+      sessionPayloadBytesLimit: SESSION_PAYLOAD_BYTES_LIMIT
+    },
+    failures,
+    workspaceChecks: {
+      workspaceJsExists,
+      syntaxValid: workspaceSyntax.syntaxValid,
+      syntaxError: workspaceSyntax.syntaxError,
+      hasWorkspaceUrlLimit,
+      hasWorkspaceStorageLimit,
+      hasStorageGuardMethod,
+      hasUrlGuardMessage,
+      hasStorageGuardMessage
+    },
+    cases: {
+      underLimit: {
+        storage: underStorageResult,
+        url: underUrlResult
+      },
+      overUrlLimit: {
+        storage: overUrlStorageResult,
+        url: overUrlResult
+      },
+      overStorageLimit: {
+        storage: overStorageResult,
+        url: overStorageUrlResult
+      }
+    },
+    toolReadValidation: toolRows
+  }, null, 2)}\n`, "utf8");
+
+  console.log(`v2 session size results: ${resultsPath}`);
+  assert.equal(failures.length, 0, `V2 session size failures: ${failures.join(" | ")}`);
+  return { failures, toolRows };
+}
+
+if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
+  try {
+    const summary = run();
+    console.log(JSON.stringify(summary, null, 2));
+  } catch (error) {
+    console.error(error);
+    process.exitCode = 1;
+  }
+}

tools/asset-browser-v2/index.js

@@ -1,6 +1,7 @@
 class AssetBrowserV2 {
   constructor() {
     console.log("[AssetBrowserV2]");
+    this.sessionPayloadBytesLimit = 1024 * 1024;
     document.title = "Asset Browser V2";
     document.body.dataset.toolId = "asset-browser-v2";
     this.urlState = this.readUrlState();
@@ -97,20 +98,21 @@ class AssetBrowserV2 {
         this.renderMissing("No hostContextId was provided. Re-open Asset Browser V2 from a valid Tool V2 session link.");
         return;
       }
+      const serializedSession = window.sessionStorage.getItem(
+        this.urlState.hostContextId
+      );
       if (
-        !window.sessionStorage.getItem(
-          this.urlState.hostContextId
-        )
+        !serializedSession
       ) {
         this.renderMissing("No session data was found for the provided hostContextId. Re-open Asset Browser V2 from the tools index or a host flow that creates the session context first.");
         return;
       }
+      if (serializedSession.length > this.sessionPayloadBytesLimit) {
+        this.renderError(`Session size exceeds allowed limit. Payload is ${serializedSession.length} bytes and limit is ${this.sessionPayloadBytesLimit} bytes.`);
+        return;
+      }
       this.loadContract(
-        JSON.parse(
-          window.sessionStorage.getItem(
-            this.urlState.hostContextId
-          )
-        )
+        JSON.parse(serializedSession)
       );
     } catch (error) {
       const runtimeMessage = `Unable to read Asset Browser V2 session context: ${error instanceof Error ? error.message : "unknown error"}`;

tools/palette-manager-v2/index.js

@@ -1,6 +1,7 @@
 class PaletteManagerV2 {
   constructor() {
     console.log("[PaletteManagerV2]");
+    this.sessionPayloadBytesLimit = 1024 * 1024;
     document.title = "Palette Manager V2";
     document.body.dataset.toolId = "palette-manager-v2";
     this.urlState = this.readUrlState();
@@ -97,20 +98,21 @@ class PaletteManagerV2 {
         this.renderMissing("No hostContextId was provided. Re-open Palette Manager V2 from a valid Tool V2 session link.");
         return;
       }
+      const serializedSession = window.sessionStorage.getItem(
+        this.urlState.hostContextId
+      );
       if (
-        !window.sessionStorage.getItem(
-          this.urlState.hostContextId
-        )
+        !serializedSession
       ) {
         this.renderMissing("No session data was found for the provided hostContextId. Re-open Palette Manager V2 from the tools index or a host flow that creates the session context first.");
         return;
       }
+      if (serializedSession.length > this.sessionPayloadBytesLimit) {
+        this.renderError(`Session size exceeds allowed limit. Payload is ${serializedSession.length} bytes and limit is ${this.sessionPayloadBytesLimit} bytes.`);
+        return;
+      }
       this.loadContract(
-        JSON.parse(
-          window.sessionStorage.getItem(
-            this.urlState.hostContextId
-          )
-        )
+        JSON.parse(serializedSession)
       );
     } catch (error) {
       const runtimeMessage = `Unable to read Palette Manager V2 session context: ${error instanceof Error ? error.message : "unknown error"}`;