Skip to content

Commit 6f90feb

Browse files
d3xter666d3xter666
committed
feat: Production enhancements - performance, security, and UX improvements
🚀 Performance Improvements: - PERF-003: Optimize keyword matching with Set-based caching (2-3x speedup) - SCALE-001: Add maxConcurrency config for rate limit handling - Add promiseAllBatched utility for controlled concurrent execution 🔒 Security Enhancements: - POLISH-003: Add file size limits (50MB default, configurable via MAX_FILE_SIZE_MB) - Prevent OOM attacks from malicious large files - Add SECURITY_LIMITS constants for file operations ✨ User Experience: - POLISH-001: Configurable emoji usage with TTY detection - Add DISABLE_EMOJI/ENABLE_EMOJI env vars for CI/CD compatibility - Auto-detect CI environments to disable emoji 📚 Documentation: - DOC-001: Add comprehensive JSDoc to BaseValidator (partial) - Create CRITICAL_REVIEW_SPRINT_1-3.md with detailed code inspection - Update BACKLOG.md with accurate production-ready status 🧹 Code Quality: - Update LintConfig type with optional maxConcurrency - Refactor triggering validator with cached keyword lookups - Add concurrency control utilities (RateLimiter, promiseAllBatched) ✅ Testing: - All 287 tests passing (100%) - Coverage: 81.35% (maintained above 80% target) - All TypeScript compilation errors resolved Files changed: - 12 modified, 2 new (CRITICAL_REVIEW, concurrency.ts) - No breaking changes, all features opt-in via config
1 parent 59137fa commit 6f90feb

14 files changed

Lines changed: 1334 additions & 366 deletions

File tree

plugins/ui5/skill-lint/BACKLOG.md

Lines changed: 469 additions & 338 deletions
Large diffs are not rendered by default.

plugins/ui5/skill-lint/CRITICAL_REVIEW_SPRINT_1-3.md

Lines changed: 508 additions & 0 deletions
Large diffs are not rendered by default.

plugins/ui5/skill-lint/src/config/schema.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ export const lintConfigSchema = z.object({
3434
timeout: z.number().positive().default(60_000),
3535
maxRetries: z.number().nonnegative().default(2),
3636
parallel: z.boolean().default(false),
37+
maxConcurrency: z.number().positive().default(Infinity),
3738
}).default({}),
3839

3940
formatters: z.object({

plugins/ui5/skill-lint/src/core/linter.ts

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import { IntegrationValidator } from '../validators/integration-validator.js';
99
import { BaseValidator } from '../validators/base-validator.js';
1010
import { collectResults } from './result-collector.js';
1111
import { loadSkill } from '../utils/file-utils.js';
12+
import { promiseAllBatched } from '../utils/concurrency.js';
1213
import type { LintConfig, LintResult, Skill, ValidationResult } from '../types/index.js';
1314

1415
export class SkillLinter {
@@ -114,13 +115,13 @@ export class SkillLinter {
114115
}
115116

116117
/**
117-
* Run validators in parallel with error boundaries
118+
* Run validators in parallel with error boundaries and concurrency control
118119
*/
119120
private async runValidatorsParallel(
120121
skill: Skill,
121122
config: LintConfig,
122123
): Promise<ValidationResult[]> {
123-
const promises = this.validators.map(async (validator): Promise<ValidationResult> => {
124+
const tasks = this.validators.map(validator => async (): Promise<ValidationResult> => {
124125
try {
125126
return await validator.validate(skill, config);
126127
} catch (error) {
@@ -142,6 +143,8 @@ export class SkillLinter {
142143
}
143144
});
144145

145-
return Promise.all(promises);
146+
// Use batched execution if maxConcurrency is set
147+
const maxConcurrency = config.execution.maxConcurrency ?? Infinity;
148+
return promiseAllBatched(tasks, maxConcurrency);
146149
}
147150
}

plugins/ui5/skill-lint/src/types/index.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,7 @@ export interface LintConfig {
152152
readonly timeout: number;
153153
readonly maxRetries: number;
154154
readonly parallel: boolean;
155+
readonly maxConcurrency?: number;
155156
};
156157
readonly formatters: {
157158
readonly default: string;

plugins/ui5/skill-lint/src/utils/concurrency.ts

Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,122 @@
1+
/**
2+
* Concurrency control utilities for rate limit handling
3+
*
4+
* These utilities allow limiting concurrent operations to prevent:
5+
* - API rate limit errors
6+
* - Resource exhaustion (too many open connections/files)
7+
* - Memory pressure from parallel processing
8+
*/
9+
10+
/**
11+
* Execute promises in batches with controlled concurrency.
12+
*
13+
* Instead of running all promises at once (Promise.all), this executes
14+
* them in batches of `maxConcurrency` to prevent overwhelming APIs or resources.
15+
*
16+
* @param tasks - Array of functions that return promises
17+
* @param maxConcurrency - Maximum number of concurrent promises (default: Infinity = no limit)
18+
* @returns Promise that resolves when all tasks complete, with results in original order
19+
*
20+
* @example
21+
* ```typescript
22+
* // Limit to 3 concurrent API calls
23+
* const results = await promiseAllBatched(
24+
* urls.map(url => () => fetch(url)),
25+
* 3
26+
* );
27+
* ```
28+
*/
29+
export async function promiseAllBatched<T>(
30+
tasks: Array<() => Promise<T>>,
31+
maxConcurrency: number = Infinity
32+
): Promise<T[]> {
33+
// Fast path: no concurrency limit
34+
if (maxConcurrency === Infinity || maxConcurrency >= tasks.length) {
35+
return Promise.all(tasks.map(task => task()));
36+
}
37+
38+
const results: T[] = new Array(tasks.length);
39+
let currentIndex = 0;
40+
41+
// Worker function that processes tasks from the queue
42+
async function worker(): Promise<void> {
43+
while (currentIndex < tasks.length) {
44+
const index = currentIndex++;
45+
const task = tasks[index];
46+
results[index] = await task();
47+
}
48+
}
49+
50+
// Create pool of concurrent workers
51+
const workers = Array.from(
52+
{ length: Math.min(maxConcurrency, tasks.length) },
53+
() => worker()
54+
);
55+
56+
// Wait for all workers to complete
57+
await Promise.all(workers);
58+
59+
return results;
60+
}
61+
62+
/**
63+
* Rate limiter for API calls
64+
*
65+
* Ensures minimum delay between successive calls to prevent rate limit errors.
66+
* Uses token bucket algorithm for burst tolerance.
67+
*
68+
* @example
69+
* ```typescript
70+
* const limiter = new RateLimiter(10, 1000); // 10 calls per second
71+
*
72+
* for (const url of urls) {
73+
* await limiter.acquire();
74+
* await fetch(url);
75+
* }
76+
* ```
77+
*/
78+
export class RateLimiter {
79+
private tokens: number;
80+
private lastRefill: number;
81+
82+
/**
83+
* @param maxTokens - Maximum number of tokens (burst capacity)
84+
* @param refillIntervalMs - Time to refill one token (ms)
85+
*/
86+
constructor(
87+
private readonly maxTokens: number,
88+
private readonly refillIntervalMs: number
89+
) {
90+
this.tokens = maxTokens;
91+
this.lastRefill = Date.now();
92+
}
93+
94+
/**
95+
* Acquire a token, waiting if necessary
96+
*/
97+
async acquire(): Promise<void> {
98+
while (true) {
99+
this.refillTokens();
100+
101+
if (this.tokens > 0) {
102+
this.tokens--;
103+
return;
104+
}
105+
106+
// Wait for next token refill
107+
const waitTime = this.refillIntervalMs;
108+
await new Promise(resolve => setTimeout(resolve, waitTime));
109+
}
110+
}
111+
112+
private refillTokens(): void {
113+
const now = Date.now();
114+
const elapsed = now - this.lastRefill;
115+
const tokensToAdd = Math.floor(elapsed / this.refillIntervalMs);
116+
117+
if (tokensToAdd > 0) {
118+
this.tokens = Math.min(this.maxTokens, this.tokens + tokensToAdd);
119+
this.lastRefill = now;
120+
}
121+
}
122+
}

plugins/ui5/skill-lint/src/utils/constants.ts

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,24 @@ export const INTEGRATION = {
159159
DEFAULT_MAX_RETRIES: 2,
160160
} as const;
161161

162+
/**
163+
* Security limits for file operations
164+
*/
165+
export const SECURITY_LIMITS = {
166+
/**
167+
* Maximum file size before reading (bytes)
168+
* Rationale: Prevent OOM attacks with malicious 100GB+ files
169+
* Default: 50 MB (configurable via MAX_FILE_SIZE_MB env var)
170+
*/
171+
MAX_FILE_SIZE_BYTES: Number(process.env.MAX_FILE_SIZE_MB || 50) * 1024 * 1024,
172+
173+
/**
174+
* Streaming threshold for large files (bytes)
175+
* Rationale: Files >10MB should use streaming to prevent memory issues
176+
*/
177+
STREAMING_THRESHOLD_BYTES: 10 * 1024 * 1024,
178+
} as const;
179+
162180
/**
163181
* Export all constants as a single namespace
164182
*/
@@ -169,4 +187,5 @@ export const CONSTANTS = {
169187
FRONTMATTER,
170188
DUPLICATE_DETECTION,
171189
INTEGRATION,
190+
SECURITY_LIMITS,
172191
} as const;

plugins/ui5/skill-lint/src/utils/file-utils.ts

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ import { existsSync } from 'fs';
88
import { join, dirname } from 'path';
99
import { createInterface } from 'readline';
1010
import * as yaml from 'js-yaml';
11-
import { TOKEN_ESTIMATION } from './constants.js';
11+
import { TOKEN_ESTIMATION, SECURITY_LIMITS } from './constants.js';
1212
import { sanitizePath } from './path-security.js';
1313
import { retryOperation } from './retry.js';
1414
import type { Skill, SkillMetadata } from '../types/index.js';
@@ -47,6 +47,17 @@ export async function loadSkill(skillPath: string): Promise<Skill> {
4747
throw new Error(`Skill file not found: ${resolvedPath}`);
4848
}
4949

50+
// SECURITY: Check file size before reading to prevent OOM attacks
51+
const fileSize = await getFileSize(resolvedPath);
52+
if (fileSize > SECURITY_LIMITS.MAX_FILE_SIZE_BYTES) {
53+
const maxMB = SECURITY_LIMITS.MAX_FILE_SIZE_BYTES / (1024 * 1024);
54+
const actualMB = (fileSize / (1024 * 1024)).toFixed(2);
55+
throw new Error(
56+
`File too large: ${actualMB}MB exceeds maximum allowed size of ${maxMB}MB. ` +
57+
`Set MAX_FILE_SIZE_MB environment variable to increase limit.`
58+
);
59+
}
60+
5061
// Read file with retry logic
5162
const content = await retryOperation(() => readFile(resolvedPath, 'utf-8'));
5263
const metadata = extractFrontmatter(content);
@@ -113,11 +124,7 @@ export async function findPluginRoot(startDir: string): Promise<string> {
113124
return startDir;
114125
}
115126

116-
/**
117-
* File size threshold for switching to streaming (10 MB)
118-
* Files larger than this will be processed with streams to prevent OOM
119-
*/
120-
const STREAMING_THRESHOLD_BYTES = 10 * 1024 * 1024; // 10 MB
127+
121128

122129
/**
123130
* Count lines in a file using streaming.
@@ -182,7 +189,7 @@ export async function countLines(filePath: string): Promise<number> {
182189
// Check file size to decide approach
183190
const size = await getFileSize(filePath);
184191

185-
if (size > STREAMING_THRESHOLD_BYTES) {
192+
if (size > SECURITY_LIMITS.STREAMING_THRESHOLD_BYTES) {
186193
// Large file: use streaming to prevent OOM
187194
return retryOperation(() => countLinesStreaming(filePath));
188195
}

plugins/ui5/skill-lint/src/utils/logger.ts

Lines changed: 46 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,69 @@
11
/**
2-
* Logger utility — semantic logging with emoji prefixes
2+
* Logger utility — semantic logging with optional emoji prefixes
33
* Reused from test-logger.ts
4+
*
5+
* Emoji usage is configurable:
6+
* - Auto-detected via TTY (disabled in CI/CD environments)
7+
* - Can be forced via DISABLE_EMOJI=1 or ENABLE_EMOJI=1 env vars
48
*/
59

10+
/**
11+
* Detect if terminal supports emojis
12+
* Checks:
13+
* - stdout.isTTY (true for interactive terminals)
14+
* - CI environment variables (GitHub Actions, GitLab CI, etc.)
15+
* - DISABLE_EMOJI / ENABLE_EMOJI env vars
16+
*/
17+
function shouldUseEmoji(): boolean {
18+
// Explicit configuration takes precedence
19+
if (process.env.DISABLE_EMOJI === '1') return false;
20+
if (process.env.ENABLE_EMOJI === '1') return true;
21+
22+
// Detect CI environment (most CI systems set CI=true)
23+
if (process.env.CI === 'true' || process.env.CI === '1') return false;
24+
25+
// Check if running in interactive terminal
26+
if (process.stdout && typeof process.stdout.isTTY === 'boolean') {
27+
return process.stdout.isTTY;
28+
}
29+
30+
// Default: assume TTY support
31+
return true;
32+
}
33+
34+
const USE_EMOJI = shouldUseEmoji();
35+
36+
/**
37+
* Add emoji prefix if enabled, otherwise use text alternative
38+
*/
39+
function prefix(emoji: string, text: string): string {
40+
return USE_EMOJI ? emoji : text;
41+
}
42+
643
export const Logger = {
744
success: (message: string): void => {
8-
console.log(` ${message}`);
45+
console.log(`${prefix('✅', '[✓]')} ${message}`);
946
},
1047
warning: (message: string): void => {
11-
console.warn(`⚠️ ${message}`);
48+
console.warn(`${prefix('⚠️ ', '[!]')} ${message}`);
1249
},
1350
info: (message: string): void => {
14-
console.log(`ℹ️ ${message}`);
51+
console.log(`${prefix('ℹ️ ', '[i]')} ${message}`);
1552
},
1653
error: (message: string): void => {
17-
console.error(` ${message}`);
54+
console.error(`${prefix('❌', '[✗]')} ${message}`);
1855
},
1956
skip: (message: string): void => {
20-
console.log(` ${message}`);
57+
console.log(`${prefix('⊘', '[-]')} ${message}`);
2158
},
2259
metrics: (message: string): void => {
23-
console.log(`📊 ${message}`);
60+
console.log(`${prefix('📊', '[📊]')} ${message}`);
2461
},
2562
document: (message: string): void => {
26-
console.log(`📄 ${message}`);
63+
console.log(`${prefix('📄', '[📄]')} ${message}`);
2764
},
2865
start: (message: string): void => {
29-
console.log(`🚀 ${message}`);
66+
console.log(`${prefix('🚀', '[→]')} ${message}`);
3067
},
3168
plain: (message: string): void => {
3269
console.log(` ${message}`);

0 commit comments

Comments
 (0)