Skip to content

fix(security): validate usage identifiers#227

Open
ZaaK0913-coder wants to merge 1 commit into
Agentpay-Org:mainfrom
ZaaK0913-coder:codex/usage-id-validation-86-20260704
Open

fix(security): validate usage identifiers#227
ZaaK0913-coder wants to merge 1 commit into
Agentpay-Org:mainfrom
ZaaK0913-coder:codex/usage-id-validation-86-20260704

Conversation

@ZaaK0913-coder

@ZaaK0913-coder ZaaK0913-coder commented Jul 4, 2026

Copy link
Copy Markdown

Summary

  • Add shared validation for agent and service identifiers used by the usage forms.
  • Block empty, whitespace-only, too-long, and malformed identifiers before building usage requests.
  • Surface field-level errors through TextField aria-invalid/aria-describedby wiring while preserving required fields and encodeURIComponent on the wire.
  • Document the identifier rules in README with a scoped note.

Closes #86

Validation

  • npx.cmd jest src/lib/__tests__/validateId.test.ts src/app/usage/page.test.tsx --runInBand
  • npx.cmd jest src/lib/__tests__/validateId.test.ts src/app/usage/page.test.tsx --coverage --collectCoverageFrom=src/lib/validateId.ts --collectCoverageFrom=src/app/usage/page.tsx --coverageReporters=text --coverageThreshold "{}" --runInBand
  • npx.cmd eslint src/lib/validateId.ts src/lib/__tests__/validateId.test.ts src/app/usage/page.tsx src/app/usage/page.test.tsx
  • npx.cmd prettier --check src/lib/validateId.ts src/lib/__tests__/validateId.test.ts src/app/usage/page.tsx src/app/usage/page.test.tsx

Typecheck note

  • npm.cmd run typecheck was attempted and is currently blocked by pre-existing main-branch errors outside this change:
    • src/app/agents/[agent]/page.tsx: missing Breadcrumb and formatRequests
    • src/app/docs/page.tsx: missing safeHref

@ZaaK0913-coder ZaaK0913-coder force-pushed the codex/usage-id-validation-86-20260704 branch from 4a394bd to 7a87a89 Compare July 4, 2026 05:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Enforce length and character bounds on agent and serviceId inputs

1 participant