fix: self-review — nanoflow validation parity, fast-path lookup, code cleanup

retran · retran · commit ae49ce75488a · 2026-04-29T13:34:02.000+02:00
- Add nanoflows to allNames() for forward-reference detection in scripts
- Add ValidateNanoflowBody so mxcli validate catches semantic errors in nanoflow bodies
- Extract validateFlowBody helper to deduplicate micro/nanoflow validation
- Add GetRawUnitByName fast path to lookupNanoflowReturnType
- Fix doc comment on addTransformJsonAction
- Collapse 11 workflow stmt denylist cases into multi-type case
diff --git a/mdl/executor/cmd_microflows_builder.go b/mdl/executor/cmd_microflows_builder.go
@@ -145,12 +145,15 @@ func (fb *flowBuilder) lookupMicroflowReturnType(qualifiedName string) microflow
 		return nil
 	}
 
+	// Fast path: direct lookup by qualified name avoids O(n) module walk.
+	// Falls through to module walk on any error (not found, corrupt BSON, etc.).
 	if rawUnit, err := fb.backend.GetRawUnitByName("microflow", qualifiedName); err == nil && rawUnit != nil && len(rawUnit.Contents) > 0 {
 		if mf, err := fb.backend.ParseMicroflowBSON(rawUnit.Contents, model.ID(rawUnit.ID), ""); err == nil && mf != nil {
 			return mf.ReturnType
 		}
 	}
 
+	// Slow path: enumerate all microflows in the module and match by name.
 	moduleName, microflowName, ok := strings.Cut(qualifiedName, ".")
 	if !ok || moduleName == "" || microflowName == "" {
 		return nil
@@ -190,6 +193,15 @@ func (fb *flowBuilder) lookupNanoflowReturnType(qualifiedName string) microflows
 		return nil
 	}
 
+	// Fast path: direct lookup by qualified name avoids O(n) module walk.
+	// Falls through to module walk on any error (not found, corrupt BSON, etc.).
+	if rawUnit, err := fb.backend.GetRawUnitByName("nanoflow", qualifiedName); err == nil && rawUnit != nil && len(rawUnit.Contents) > 0 {
+		if nf, err := fb.backend.ParseMicroflowBSON(rawUnit.Contents, model.ID(rawUnit.ID), ""); err == nil && nf != nil {
+			return nf.ReturnType
+		}
+	}
+
+	// Slow path: enumerate all nanoflows in the module and match by name.
 	moduleName, nanoflowName, ok := strings.Cut(qualifiedName, ".")
 	if !ok || moduleName == "" || nanoflowName == "" {
 		return nil
diff --git a/mdl/executor/cmd_microflows_builder_calls.go b/mdl/executor/cmd_microflows_builder_calls.go
@@ -1268,7 +1268,7 @@ func (fb *flowBuilder) addImportFromMappingAction(s *ast.ImportFromMappingStmt)
 	return activity.ID
 }
 
-// addExportToMappingAction adds an ExportXmlAction to the microflow.
+// addTransformJsonAction adds a TransformJsonAction to the microflow.
 func (fb *flowBuilder) addTransformJsonAction(s *ast.TransformJsonStmt) model.ID {
 	activityX := fb.posX
 
diff --git a/mdl/executor/cmd_microflows_builder_validate.go b/mdl/executor/cmd_microflows_builder_validate.go
@@ -12,14 +12,23 @@ import (
 // ValidateMicroflowBody validates the microflow body for semantic errors without building objects.
 // This is used by the check command to validate scripts without executing them.
 func ValidateMicroflowBody(s *ast.CreateMicroflowStmt) []string {
-	// Build variable maps from parameters
+	return validateFlowBody(s.Parameters, s.Body)
+}
+
+// ValidateNanoflowBody validates the nanoflow body for semantic errors without building objects.
+// This is used by the check command to validate scripts without executing them.
+func ValidateNanoflowBody(s *ast.CreateNanoflowStmt) []string {
+	return validateFlowBody(s.Parameters, s.Body)
+}
+
+// validateFlowBody validates parameters and body statements for semantic errors.
+func validateFlowBody(params []ast.MicroflowParam, body []ast.MicroflowStatement) []string {
 	varTypes := make(map[string]string)
 	declaredVars := make(map[string]string)
 
 	var paramErrors []string
-	for _, p := range s.Parameters {
+	for _, p := range params {
 		if p.Type.EntityRef != nil {
-			// Reject bare entity names (empty module) — e.g., "Object" instead of "System.Workflow"
 			if p.Type.EntityRef.Module == "" {
 				paramErrors = append(paramErrors, fmt.Sprintf(
 					"parameter '$%s': entity type '%s' is missing module prefix (use 'Module.%s')",
@@ -33,23 +42,20 @@ func ValidateMicroflowBody(s *ast.CreateMicroflowStmt) []string {
 				varTypes[p.Name] = entityQN
 			}
 		} else {
-			// Primitive type parameters
 			declaredVars[p.Name] = p.Type.Kind.String()
 		}
 	}
 	if len(paramErrors) > 0 {
 		return paramErrors
 	}
 
-	// Create a validation-only flow builder
 	fb := &flowBuilder{
 		varTypes:     varTypes,
 		declaredVars: declaredVars,
 		errors:       []string{},
 	}
 
-	// Validate the body statements
-	fb.validateStatements(s.Body)
+	fb.validateStatements(body)
 
 	return fb.errors
 }
diff --git a/mdl/executor/nanoflow_validation.go b/mdl/executor/nanoflow_validation.go
@@ -70,27 +70,18 @@ func checkDisallowedNanoflowAction(stmt ast.MicroflowStatement) string {
 		return "export mapping is not allowed in nanoflows"
 	case *ast.TransformJsonStmt:
 		return "JSON transformation is not allowed in nanoflows"
-	case *ast.CallWorkflowStmt:
-		return "workflow calls are not allowed in nanoflows"
-	case *ast.GetWorkflowDataStmt:
-		return "workflow actions are not allowed in nanoflows"
-	case *ast.GetWorkflowsStmt:
-		return "workflow actions are not allowed in nanoflows"
-	case *ast.GetWorkflowActivityRecordsStmt:
-		return "workflow actions are not allowed in nanoflows"
-	case *ast.WorkflowOperationStmt:
-		return "workflow actions are not allowed in nanoflows"
-	case *ast.SetTaskOutcomeStmt:
-		return "workflow actions are not allowed in nanoflows"
-	case *ast.OpenUserTaskStmt:
-		return "workflow actions are not allowed in nanoflows"
-	case *ast.NotifyWorkflowStmt:
-		return "workflow actions are not allowed in nanoflows"
-	case *ast.OpenWorkflowStmt:
-		return "workflow actions are not allowed in nanoflows"
-	case *ast.LockWorkflowStmt:
-		return "workflow actions are not allowed in nanoflows"
-	case *ast.UnlockWorkflowStmt:
+	// Workflow actions — all server-side only
+	case *ast.CallWorkflowStmt,
+		*ast.GetWorkflowDataStmt,
+		*ast.GetWorkflowsStmt,
+		*ast.GetWorkflowActivityRecordsStmt,
+		*ast.WorkflowOperationStmt,
+		*ast.SetTaskOutcomeStmt,
+		*ast.OpenUserTaskStmt,
+		*ast.NotifyWorkflowStmt,
+		*ast.OpenWorkflowStmt,
+		*ast.LockWorkflowStmt,
+		*ast.UnlockWorkflowStmt:
 		return "workflow actions are not allowed in nanoflows"
 	case *ast.DownloadFileStmt:
 		return "file downloads are not allowed in nanoflows"
diff --git a/mdl/executor/validate.go b/mdl/executor/validate.go
@@ -130,6 +130,9 @@ func (sc *scriptContext) allNames() []string {
 	for n := range sc.microflows {
 		names = append(names, n)
 	}
+	for n := range sc.nanoflows {
+		names = append(names, n)
+	}
 	for n := range sc.pages {
 		names = append(names, n)
 	}
@@ -288,6 +291,11 @@ func validateWithContext(ctx *ExecContext, stmt ast.Statement, sc *scriptContext
 				return mdlerrors.NewNotFound("module", s.Name.Module)
 			}
 		}
+		// Validate nanoflow body for semantic errors (e.g., undeclared variables)
+		if validationErrors := ValidateNanoflowBody(s); len(validationErrors) > 0 {
+			return mdlerrors.NewValidationf("nanoflow '%s' has validation errors:\n  - %s",
+				s.Name.String(), strings.Join(validationErrors, "\n  - "))
+		}
 		// Validate references inside nanoflow body (skip excluded nanoflows)
 		if !s.Excluded {
 			if refErrors := validateFlowBodyReferences(ctx, s.Body, sc); len(refErrors) > 0 {

Original file line number	Diff line number	Diff line change
`@@ -1268,7 +1268,7 @@ func (fb flowBuilder) addImportFromMappingAction(s ast.ImportFromMappingStmt)`
`1268`	`1268`	`return activity.ID`
`1269`	`1269`	`}`
`1270`	`1270`
`1271`		`-// addExportToMappingAction adds an ExportXmlAction to the microflow.`
	`1271`	`+// addTransformJsonAction adds a TransformJsonAction to the microflow.`
`1272`	`1272`	`func (fb flowBuilder) addTransformJsonAction(s ast.TransformJsonStmt) model.ID {`
`1273`	`1273`	`activityX := fb.posX`
`1274`	`1274`
Original file line number	Diff line number	Diff line change
`@@ -130,6 +130,9 @@ func (sc *scriptContext) allNames() []string {`
`130`	`130`	`for n := range sc.microflows {`
`131`	`131`	`names = append(names, n)`
`132`	`132`	`}`
	`133`	`+ for n := range sc.nanoflows {`
	`134`	`+ names = append(names, n)`
	`135`	`+ }`
`133`	`136`	`for n := range sc.pages {`
`134`	`137`	`names = append(names, n)`
`135`	`138`	`}`
`@@ -288,6 +291,11 @@ func validateWithContext(ctx ExecContext, stmt ast.Statement, sc scriptContext`
`288`	`291`	`return mdlerrors.NewNotFound("module", s.Name.Module)`
`289`	`292`	`}`
`290`	`293`	`}`
	`294`	`+ // Validate nanoflow body for semantic errors (e.g., undeclared variables)`
	`295`	`+ if validationErrors := ValidateNanoflowBody(s); len(validationErrors) > 0 {`
	`296`	`+ return mdlerrors.NewValidationf("nanoflow '%s' has validation errors:\n - %s",`
	`297`	`+ s.Name.String(), strings.Join(validationErrors, "\n - "))`
	`298`	`+ }`
`291`	`299`	`// Validate references inside nanoflow body (skip excluded nanoflows)`
`292`	`300`	`if !s.Excluded {`
`293`	`301`	`if refErrors := validateFlowBodyReferences(ctx, s.Body, sc); len(refErrors) > 0 {`