fix: system prompt, edit_handler validation, table contrast, bare exports

simongdavies · simongdavies · commit 6e81b7909c59 · 2026-04-16T12:16:15.000+01:00
- System message: mandatory handler pattern box, edit_handler guidance
- edit_handler: validate edited code before applying (closes security bypass)
- Validator: handle bare 'export { name }' in .d.ts (fixes getThemeNames)
- PPTX tables: always autoTextColor for row text (no overrides)
- PDF tables: auto-contrast body text per row, auto-fix poor contrast
- Both: dark theme rows get explicit fill for readability on image backgrounds
diff --git a/builtin-modules/pdf.json b/builtin-modules/pdf.json
@@ -3,8 +3,8 @@
   "description": "PDF 1.7 document generation — text, graphics, metadata, standard fonts. Flow-based layout for auto-paginating documents.",
   "author": "system",
   "mutable": false,
-  "sourceHash": "sha256:202d5c76da3d341a",
-  "dtsHash": "sha256:38f8a8a62174a4f7",
+  "sourceHash": "sha256:c8716bcb3295f5bc",
+  "dtsHash": "sha256:f30fba88bfe5f977",
   "importStyle": "named",
   "hints": {
     "overview": "Generate PDF documents with text, shapes, and metadata. Uses PDF's 14 standard fonts (no embedding required). Coordinates are in points (72 points = 1 inch), with top-left origin.",
diff --git a/builtin-modules/pptx-tables.json b/builtin-modules/pptx-tables.json
@@ -3,7 +3,7 @@
   "description": "Styled tables for PPTX presentations - headers, borders, alternating rows",
   "author": "system",
   "mutable": false,
-  "sourceHash": "sha256:2fd1b0318ee87ab2",
+  "sourceHash": "sha256:e03a2365c45ab0e6",
   "dtsHash": "sha256:130d021921083af6",
   "importStyle": "named",
   "hints": {
diff --git a/builtin-modules/src/pdf.ts b/builtin-modules/src/pdf.ts
@@ -32,6 +32,7 @@
 
 import {
   autoTextColor,
+  contrastRatio,
   getTheme,
   hexColor,
   requireArray,
@@ -3004,7 +3005,7 @@ export interface TableStyle {
   headerFg: string;
   /** Header font. */
   headerFont: string;
-  /** Body text colour (6-char hex). */
+  /** Body text colour (6-char hex). Auto-contrasted if omitted or poor contrast. */
   bodyFg: string;
   /** Body font. */
   bodyFont: string;
@@ -3014,6 +3015,8 @@ export interface TableStyle {
   borderColor: string;
   /** Border line width in points. */
   borderWidth: number;
+  /** Page background colour (set internally for contrast checking). */
+  _pageBg?: string;
 }
 
 /** Built-in table styles matching PPTX table styles. */
@@ -3484,6 +3487,43 @@ function renderTable(
   const rowH = tableRowHeight(fontSize, compact);
   const headerH = rowH;
 
+  // Ensure page background is available for contrast checking
+  if (!style._pageBg) {
+    style._pageBg = doc.theme.bg;
+  }
+
+  // ── Contrast auto-correction ─────────────────────────────────────
+  // Automatically fix text colors that have poor contrast against the
+  // page background. No errors — just silently correct to readable.
+  const MIN_CONTRAST = 3.0;
+  const pageBg = style._pageBg || "FFFFFF";
+
+  if (style.bodyFg) {
+    const bodyRatio = contrastRatio(style.bodyFg, pageBg);
+    if (bodyRatio < MIN_CONTRAST) {
+      style.bodyFg = autoTextColor(pageBg);
+    }
+  }
+
+  if (style.headerFg && style.headerBg) {
+    const headerRatio = contrastRatio(style.headerFg, style.headerBg);
+    if (headerRatio < MIN_CONTRAST) {
+      style.headerFg = autoTextColor(style.headerBg);
+    }
+  }
+
+  if (style.headerBg && style.headerFg) {
+    const headerRatio = contrastRatio(style.headerFg, style.headerBg);
+    if (headerRatio < MIN_CONTRAST) {
+      const suggested = autoTextColor(style.headerBg);
+      throw new Error(
+        `table: headerFg "${style.headerFg}" has poor contrast (${headerRatio.toFixed(1)}:1) against ` +
+        `headerBg "${style.headerBg}". Minimum is ${MIN_CONTRAST}:1. ` +
+        `Use "${suggested}" instead.`
+      );
+    }
+  }
+
   // Text baseline offset within a row: top padding + font size
   // (drawText Y is the baseline position in top-left coords)
   const padV = compact ? 2 : CELL_PAD_V;
@@ -3574,7 +3614,7 @@ function renderTable(
       doc.drawText(headerText, textX, curY + textYOffset, {
         font: style.headerFont,
         fontSize,
-        color: style.headerFg,
+        color: style.headerBg ? autoTextColor(style.headerBg) : style.headerFg,
       });
       cellX += colWidths[c];
     }
@@ -3606,6 +3646,13 @@ function renderTable(
       doc.drawRect(x, curY, totalWidth, rowH, { fill: style.altRowBg });
     }
 
+    // Auto-contrast body text against effective row background
+    const isAlt = !!(style.altRowBg && r % 2 === 1);
+    const rowBg = isAlt
+      ? style.altRowBg
+      : (style._pageBg || "FFFFFF");
+    const rowFg = autoTextColor(rowBg);
+
     // Cell text AFTER background
     const isBoldRow = rowBold?.[r] ?? false;
     const cellFont = isBoldRow
@@ -3619,7 +3666,7 @@ function renderTable(
       doc.drawText(cellText, textX, curY + textYOffset, {
         font: cellFont,
         fontSize,
-        color: style.bodyFg,
+        color: rowFg,
       });
       cellX += colWidths[c];
     }
diff --git a/builtin-modules/src/pptx-tables.ts b/builtin-modules/src/pptx-tables.ts
@@ -17,6 +17,8 @@ import {
   requireArray,
   requireNumber,
   isDark,
+  autoTextColor,
+  contrastRatio,
   type Theme,
 } from "ha:doc-core";
 import {
@@ -279,19 +281,22 @@ export function table(opts: TableOptions): ShapeFragment {
 
   // Dark mode defaults: light text on dark alt-rows
   // Light mode defaults: dark text on light alt-rows
-  const defaultTextColor = darkMode ? theme.fg || "E6EDF3" : "333333";
+  // Auto-compute readable defaults based on backgrounds
   const defaultAltRowColor = darkMode ? "2D333B" : "F5F5F5";
   const defaultBorderColor = darkMode ? "444C56" : "CCCCCC";
 
   const headerBg = style.headerBg || "2196F3";
-  const headerColor = style.headerColor || "FFFFFF";
+  const headerColor = style.headerColor || autoTextColor(headerBg);
   const headerFontSize = style.headerFontSize || 13;
   const styleFontSize = style.fontSize || 12;
-  const textColor = style.textColor || style.themeTextColor || defaultTextColor;
   const altRows = style.altRows !== false;
   const altRowColor = style.altRowColor || defaultAltRowColor;
   const borderColor = style.borderColor || defaultBorderColor;
 
+  // ── Contrast enforcement ─────────────────────────────────────────
+  // ALWAYS auto-contrast. No exceptions. If the color is shit, fix it.
+  // The LLM's style.textColor is ignored — autoTextColor wins.
+
   // Build grid columns
   const gridCols = Array.from(
     { length: colCount },
@@ -317,14 +322,23 @@ export function table(opts: TableOptions): ShapeFragment {
   }
 
   // Build data rows
+  // ALWAYS auto-contrast text against each row's effective background
+  // to prevent unreadable text on dark themes or image backgrounds.
+  // If no theme.bg is provided, give non-alt rows an explicit fill
+  // matching the alt-row scheme so text is always readable.
+  const slideBg = theme.bg || (darkMode ? "1A1A1A" : "FFFFFF");
+  const nonAltFill = darkMode ? slideBg : undefined;
   const dataRows = rows
     .map((row, rowIdx) => {
       const isAlt = altRows && rowIdx % 2 === 1;
+      const rowBg = isAlt ? altRowColor : slideBg;
+      // ALWAYS auto-contrast — no exceptions, no overrides
+      const rowTextColor = autoTextColor(rowBg);
       const cells = row
         .map((cell) =>
           cellXml(cell, {
-            fillColor: isAlt ? altRowColor : undefined,
-            color: textColor,
+            fillColor: isAlt ? altRowColor : nonAltFill,
+            color: rowTextColor,
             fontSize: styleFontSize,
             borderColor,
           }),
diff --git a/builtin-modules/src/types/ha-modules.d.ts b/builtin-modules/src/types/ha-modules.d.ts
@@ -1092,7 +1092,7 @@ declare module "ha:pdf" {
       headerFg: string;
       /** Header font. */
       headerFont: string;
-      /** Body text colour (6-char hex). */
+      /** Body text colour (6-char hex). Auto-contrasted if omitted or poor contrast. */
       bodyFg: string;
       /** Body font. */
       bodyFont: string;
@@ -1102,6 +1102,8 @@ declare module "ha:pdf" {
       borderColor: string;
       /** Border line width in points. */
       borderWidth: number;
+      /** Page background colour (set internally for contrast checking). */
+      _pageBg?: string;
   }
   /** Built-in table styles matching PPTX table styles. */
   export declare const TABLE_STYLES: Record<string, TableStyle>;
diff --git a/src/agent/index.ts b/src/agent/index.ts
@@ -964,6 +964,119 @@ function loadModuleFilesForValidator(
   return { sources, dtsSources, moduleJsons };
 }
 
+// ── Shared handler validation ──────────────────────────────────────
+//
+// Validates handler code using the Hyperlight analysis guest.
+// Used by both register_handler and edit_handler to ensure all
+// code changes go through the same validation pipeline.
+
+interface ValidationResult {
+  valid: boolean;
+  isModule: boolean;
+  error?: string;
+  validationErrors?: Array<{ type: string; message: string; line?: number }>;
+}
+
+async function validateHandlerCode(
+  name: string,
+  code: string,
+): Promise<ValidationResult> {
+  const registeredHandlers = sandbox.getHandlers().filter((h) => h !== name);
+  const availableModules = sandbox.getAvailableModules();
+
+  let validationContext: ValidationContext = {
+    handlerName: name,
+    registeredHandlers,
+    availableModules,
+    expectHandler: true,
+  };
+
+  let isModule = false;
+
+  let validation = await validateJavaScriptGuest(code, validationContext);
+  isModule = validation.isModule;
+
+  // Multi-pass module resolution loop
+  const maxIterations = 20;
+  let iterations = 0;
+  while (
+    !validation.deepValidationDone &&
+    validation.missingSources.length > 0 &&
+    validation.errors.length === 0 &&
+    iterations < maxIterations
+  ) {
+    iterations++;
+    const {
+      sources: newSources,
+      dtsSources: newDtsSources,
+      moduleJsons: newModuleJsons,
+    } = loadModuleFilesForValidator(validation.missingSources, pluginManager);
+
+    if (Object.keys(newSources).length === 0) {
+      const unresolvable = validation.missingSources.filter(
+        (s) => !s.startsWith("ha:") && !s.startsWith("host:"),
+      );
+      if (unresolvable.length > 0) {
+        const suggestions = unresolvable
+          .map((s) => {
+            const asHa = `ha:${s}`;
+            const asHost = `host:${s}`;
+            if (availableModules.includes(asHa)) return `"${s}" → "${asHa}"`;
+            if (availableModules.includes(asHost))
+              return `"${s}" → "${asHost}"`;
+            return `"${s}"`;
+          })
+          .join(", ");
+        return {
+          valid: false,
+          isModule,
+          error: `Invalid import specifiers: ${suggestions}. Modules require "ha:" prefix (e.g., import { x } from "ha:pptx"), plugins require "host:" prefix.`,
+        };
+      }
+      break;
+    }
+
+    validationContext = {
+      ...validationContext,
+      moduleSources: { ...validationContext.moduleSources, ...newSources },
+      dtsSources: { ...validationContext.dtsSources, ...newDtsSources },
+      moduleJsons: { ...validationContext.moduleJsons, ...newModuleJsons },
+    };
+    validation = await validateJavaScriptGuest(code, validationContext);
+  }
+
+  if (iterations >= maxIterations) {
+    const stillMissing = validation.missingSources.join(", ");
+    return {
+      valid: false,
+      isModule,
+      error: `Could not resolve all module dependencies after ${maxIterations} iterations. Still missing: ${stillMissing}.`,
+    };
+  }
+
+  // Report warnings to console
+  for (const warning of validation.warnings) {
+    console.error(`  ${C.warn("⚠️")} ${warning.message}`);
+  }
+
+  if (!validation.valid) {
+    const errorMessages = validation.errors
+      .map((e) => {
+        const loc = e.line ? ` (line ${e.line})` : "";
+        return `${e.type}: ${e.message}${loc}`;
+      })
+      .join("\n  • ");
+    return {
+      valid: false,
+      isModule,
+      error: `Validation failed:\n  • ${errorMessages}`,
+      validationErrors: validation.errors,
+    };
+  }
+
+  return { valid: true, isModule };
+}
+
 // ── Tool: register_handler ────────────────────────────────────────────
 
 const registerHandlerTool = defineTool("register_handler", {
@@ -1386,6 +1499,70 @@ const editHandlerTool = defineTool("edit_handler", {
     oldString: string;
     newString: string;
   }) => {
+    // ── Preview the edit and validate before applying ─────────────
+    // Get current source to build the edited version
+    const sourceResult = sandbox.getHandlerSource(name, {
+      lineNumbers: false,
+    }) as { success: true; source: string } | { success: false; error: string };
+
+    if (!sourceResult.success) {
+      console.error(`  ${C.err("❌ " + sourceResult.error)}`);
+      return { success: false, error: sourceResult.error };
+    }
+
+    const currentSource = sourceResult.source;
+
+    // Check exact-once match
+    const firstIdx = currentSource.indexOf(oldString);
+    if (firstIdx === -1) {
+      const error =
+        "oldString not found in handler. Use get_handler_source to see current code, then copy the EXACT text to replace.";
+      console.error(`  ${C.err("❌ " + error)}`);
+      return { success: false, error };
+    }
+    const secondIdx = currentSource.indexOf(
+      oldString,
+      firstIdx + oldString.length,
+    );
+    if (secondIdx !== -1) {
+      const error =
+        "oldString matches multiple times. Add more surrounding context to make it unique.";
+      console.error(`  ${C.err("❌ " + error)}`);
+      return { success: false, error };
+    }
+
+    // Build the edited code
+    const editedCode =
+      currentSource.slice(0, firstIdx) +
+      newString +
+      currentSource.slice(firstIdx + oldString.length);
+
+    // Validate the edited code through the same pipeline as register_handler
+    try {
+      const validation = await validateHandlerCode(name, editedCode);
+      if (!validation.valid) {
+        console.error(
+          `  ${C.err("❌ Edit rejected by validation (handler unchanged):")}`,
+        );
+        console.error(`  ${C.err(validation.error ?? "Unknown error")}`);
+        return {
+          success: false,
+          error: `Edit rejected — ${validation.error}`,
+          hint: "The edit was NOT applied. The handler is unchanged. Fix the error in your newString and try again.",
+          validationErrors: validation.validationErrors,
+        };
+      }
+    } catch (e) {
+      const errMsg = e instanceof Error ? e.message : String(e);
+      console.error(`  ${C.err("❌ Validation error: " + errMsg)}`);
+      return {
+        success: false,
+        error: `Edit rejected — validation failed: ${errMsg}`,
+        hint: "The edit was NOT applied. The handler is unchanged.",
+      };
+    }
+
+    // Validation passed — apply the edit
     const result = await sandbox.editHandler(name, oldString, newString);
     if (result.success) {
       console.error(
diff --git a/src/agent/system-message.ts b/src/agent/system-message.ts
diff --git a/src/code-validator/guest/runtime/src/metadata.rs b/src/code-validator/guest/runtime/src/metadata.rs
diff --git a/tests/pptx-validation.test.ts b/tests/pptx-validation.test.ts
