Update Safe Outputs conformance checker for recent spec changes (#31431)

github-actions[bot] · web-flow · commit 2f3a255eaba6 · 2026-05-10T23:04:38.000-07:00
diff --git a/scripts/check-safe-outputs-conformance.sh b/scripts/check-safe-outputs-conformance.sh
@@ -1020,6 +1020,161 @@ check_create_issue_auto_injection() {
 }
 check_create_issue_auto_injection
 
+# INT-001: JSON Schema Draft 7 Validation (Section 9.1)
+echo "Running INT-001: JSON Schema Draft 7 Validation..."
+check_json_schema_draft7() {
+    local tools_json="pkg/workflow/js/safe_outputs_tools.json"
+    local gateway_handler="actions/setup/js/safe_outputs_handlers.cjs"
+    local failed=0
+
+    # Per spec Section 9.1: All tool invocations MUST validate against JSON Schema Draft 7.
+    # Check that tool schemas declare draft-07 or that the gateway validates using Ajv/equivalent.
+
+    if [ ! -f "$tools_json" ]; then
+        log_high "INT-001: Tool definitions file missing: $tools_json"
+        return
+    fi
+
+    # Per spec Section 9.1: Schema validation is provided by the MCP framework via inputSchema.
+    # Check that the tool definitions include inputSchema on all tools, which enables
+    # JSON Schema Draft 7 validation at the MCP server level.
+    # Note: Explicit Ajv usage is one approach; relying on MCP framework schema enforcement
+    # via inputSchema is the primary conformant pattern in this implementation.
+
+    # Verify inputSchema is present on all tools (required by JSON Schema Draft 7 pattern)
+    local tools_without_schema
+    tools_without_schema=$(python3 -c "
+import json, sys
+try:
+    data = json.load(open('$tools_json'))
+    tools = data if isinstance(data, list) else data.get('tools', [])
+    missing = [t.get('name','?') for t in tools if isinstance(t, dict) and 'inputSchema' not in t]
+    if missing: print(','.join(missing))
+except Exception as e:
+    sys.exit(0)
+" 2>/dev/null)
+    if [ -n "$tools_without_schema" ]; then
+        log_medium "INT-001: Tools missing inputSchema in $tools_json: $tools_without_schema"
+        failed=1
+    fi
+
+    if [ $failed -eq 0 ]; then
+        log_pass "INT-001: Tool schemas include inputSchema for JSON Schema Draft 7 validation"
+    fi
+}
+check_json_schema_draft7
+
+# INT-002: Sanitization Pipeline Completeness (Section 9.4 S1, S4)
+echo "Running INT-002: Sanitization Pipeline Completeness..."
+check_sanitization_pipeline() {
+    local core_sanitizer="actions/setup/js/sanitize_content_core.cjs"
+    local fallback_sanitizer="actions/setup/js/sanitize_content.cjs"
+    local failed=0
+
+    # Per spec Section 9.4: Implementations MUST apply these stages in order:
+    # S1: Null byte removal (remove \x00 and control chars)
+    # S4: HTML tag filtering (remove <script>, <iframe>, on* event handlers)
+
+    local sanitizer_file=""
+    if [ -f "$core_sanitizer" ]; then
+        sanitizer_file="$core_sanitizer"
+    elif [ -f "$fallback_sanitizer" ]; then
+        sanitizer_file="$fallback_sanitizer"
+    else
+        log_high "INT-002: Sanitization implementation file missing (expected $core_sanitizer)"
+        return
+    fi
+
+    # Check S1: Null byte / control character removal (Section 9.4 S1)
+    # Spec requires removal of all null bytes (\0, \x00).
+    # Implementation may use a control-char range starting at \x00 (e.g., /[\x00-\x08...]/)
+    if ! grep -qE 'x00|removeNull|null.*byte|byte.*null' "$sanitizer_file"; then
+        log_high "INT-002: Sanitization pipeline missing null byte removal (Section 9.4 S1)"
+        failed=1
+    fi
+
+    # Check S4: HTML tag filtering — <script>, <iframe>, on* event handlers (Section 9.4 S4)
+    if ! grep -qE 'script|iframe|on\*|onerror|onclick|event.*handler|dangerous.*attr|strip.*attr' "$sanitizer_file"; then
+        log_high "INT-002: Sanitization pipeline missing HTML tag/event handler filtering (Section 9.4 S4)"
+        failed=1
+    fi
+
+    if [ $failed -eq 0 ]; then
+        log_pass "INT-002: Sanitization pipeline implements null byte removal (S1) and HTML filtering (S4)"
+    fi
+}
+check_sanitization_pipeline
+
+# EXEC-001: System Types Processed Last (Section 10.2)
+echo "Running EXEC-001: System Types Processed Last..."
+check_system_types_ordering() {
+    local manager_file="actions/setup/js/safe_output_handler_manager.cjs"
+    local failed=0
+
+    # Per spec Section 10.2: Operations execute in NDJSON order, with system types
+    # (noop, missing_tool, missing_data, report_incomplete) processed LAST.
+
+    if [ ! -f "$manager_file" ]; then
+        log_high "EXEC-001: Safe output handler manager missing: $manager_file"
+        return
+    fi
+
+    # Check that system types are collected separately (prerequisite for last processing)
+    if ! grep -qE "missing_tool.*missing_data.*noop|collect.*missing|system.*type" "$manager_file"; then
+        log_medium "EXEC-001: Handler manager does not appear to separate system types for ordering (Section 10.2)"
+        failed=1
+    fi
+
+    # Verify that noop, missing_tool, missing_data, report_incomplete are recognized as a group
+    if ! grep -q "report_incomplete" "$manager_file"; then
+        log_medium "EXEC-001: report_incomplete system type not handled in $manager_file (Section 10.2)"
+        failed=1
+    fi
+
+    if [ $failed -eq 0 ]; then
+        log_pass "EXEC-001: System types (noop, missing_tool, missing_data, report_incomplete) are grouped for last processing"
+    fi
+}
+check_system_types_ordering
+
+# EXEC-002: Zero Max Limit Disables Type (Section 10.5)
+echo "Running EXEC-002: Zero Max Limit Disables Type..."
+check_zero_max_disables_type() {
+    local failed=0
+
+    # Per spec Section 10.5: When max: 0 is configured for a safe output type,
+    # the type MUST be disabled (MCP tool not registered, no config generated).
+
+    # Check Go compiler: types with max: 0 should not appear in generated config
+    if grep -rqE "max.*==.*0|\.Max.*==.*0|maxIsZero|disabledType|skipZeroMax" pkg/workflow/safe_outputs*.go 2>/dev/null; then
+        log_pass "EXEC-002: Compiler handles max: 0 type disabling"
+        return
+    fi
+
+    # Alternative: check if there are tests validating zero-max disabling
+    if grep -rqE "max.*0.*disabled|max.*:.*0|\"max\".*0" pkg/workflow/safe_outputs*test*.go 2>/dev/null; then
+        log_pass "EXEC-002: Tests validate max: 0 type disabling behavior"
+        return
+    fi
+
+    # Check if the gateway handler skips tools not present in config (indirectly validates zero-max)
+    local gateway="actions/setup/js/safe_outputs_handlers.cjs"
+    if [ -f "$gateway" ]; then
+        if grep -qE "toolsConfig|registeredTools|register.*tool|tool.*register" "$gateway"; then
+            log_pass "EXEC-002: Gateway registers tools from config (zero-max types absent from config will not be registered)"
+            return
+        fi
+    fi
+
+    log_medium "EXEC-002: No explicit evidence that max: 0 disables/unregisters the safe output type (Section 10.5)"
+    failed=1
+
+    if [ $failed -eq 0 ]; then
+        log_pass "EXEC-002: max: 0 properly disables safe output type registration"
+    fi
+}
+check_zero_max_disables_type
+
 # Summary
 echo ""
 echo "=================================================="
