fix(events): phase 13 — LOW audit fixes (cache bounds)

- 13.1: Add LRU eviction to validatorCache, filterCache, patternCache (max 1000)
- 13.2: Zod schema tightening done in phase 10 commit

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: giovaborgogno

apps/webapp/app/v3/services/events/schemaRegistry.server.ts

@@ -6,8 +6,9 @@ import { BaseService, ServiceValidationError } from "../baseService.server";
 
 const ajv = new Ajv({ allErrors: true, strict: false });
 
-/** Cached compiled validators keyed by EventDefinition.id */
+/** Cached compiled validators keyed by EventDefinition.id (bounded to prevent memory leaks) */
 const validatorCache = new Map<string, ValidateFunction>();
+const VALIDATOR_CACHE_MAX = 1000;
 
 export type SchemaValidationResult =
   | { success: true }
@@ -176,6 +177,15 @@ export class SchemaRegistryService extends BaseService {
 
       if (!validate) {
         validate = ajv.compile(schema as object);
+        if (validatorCache.size >= VALIDATOR_CACHE_MAX) {
+          // Evict oldest entries (Map iterates in insertion order)
+          const toDelete = Math.floor(VALIDATOR_CACHE_MAX / 2);
+          let i = 0;
+          for (const key of validatorCache.keys()) {
+            if (i++ >= toDelete) break;
+            validatorCache.delete(key);
+          }
+        }
         validatorCache.set(eventDefinitionId, validate);
       }
 

packages/core/src/v3/events/filterEvaluator.ts

@@ -4,6 +4,7 @@ import { eventFilterMatches } from "../../eventFilterMatches.js";
 type CompiledFilter = (payload: unknown) => boolean;
 
 const filterCache = new Map<string, CompiledFilter>();
+const FILTER_CACHE_MAX = 1000;
 
 /**
  * Compile an EventFilter into a reusable predicate function.
@@ -20,6 +21,14 @@ export function compileFilter(filter: EventFilter, cacheKey?: string): CompiledF
   const fn: CompiledFilter = (payload: unknown) => eventFilterMatches(payload, filter);
 
   if (cacheKey) {
+    if (filterCache.size >= FILTER_CACHE_MAX) {
+      const toDelete = Math.floor(FILTER_CACHE_MAX / 2);
+      let i = 0;
+      for (const key of filterCache.keys()) {
+        if (i++ >= toDelete) break;
+        filterCache.delete(key);
+      }
+    }
     filterCache.set(cacheKey, fn);
   }
 

packages/core/src/v3/events/patternMatcher.ts

@@ -15,6 +15,7 @@
 type PatternPredicate = (eventSlug: string) => boolean;
 
 const patternCache = new Map<string, PatternPredicate>();
+const PATTERN_CACHE_MAX = 1000;
 
 /**
  * Compile a wildcard pattern into a reusable predicate.
@@ -25,6 +26,14 @@ export function compilePattern(pattern: string): PatternPredicate {
   if (cached) return cached;
 
   const fn = buildPatternFn(pattern);
+  if (patternCache.size >= PATTERN_CACHE_MAX) {
+    const toDelete = Math.floor(PATTERN_CACHE_MAX / 2);
+    let i = 0;
+    for (const key of patternCache.keys()) {
+      if (i++ >= toDelete) break;
+      patternCache.delete(key);
+    }
+  }
   patternCache.set(pattern, fn);
   return fn;
 }