fix: Restrict using slot for strings#2700
Conversation
|
@pullfrog review |
There was a problem hiding this comment.
✅ No new issues found.
Reviewed changes — This PR prevents raw WGSL string injection through external maps, slots and TGSL expressions by requiring strings to carry a known schema type or be wrapped in a dedicated ResolvableString marker used for argument names.
- Adds
ResolvableStringto wrap raw-WGSL argument identifiers used during entry-function header generation. - Tightens
ResolutionCtx.resolveso that a bare string without a concrete schema throws a clear error instead of being injected. - Replaces
ctx.resolve(value, dataType).valuecalls withctx.resolveSnippetacross generation code for consistency. - Removes strings from the
isWgsl/Wgsltype union, since they are no longer first-class resolvable values. - Adds tests covering direct, indirect, slot-based and TGSL string-injection cases, and updates existing slot tests to use
d.v3fvalues instead of WGSL string snippets.
Kimi K2 (free via Pullfrog for OSS) | 𝕏
There was a problem hiding this comment.
✅ No new issues found.
Reviewed changes — This PR prevents raw WGSL string injection through external maps, slots and TGSL expressions by requiring strings to carry a known schema type or be wrapped in a dedicated ResolvableString marker used for argument names.
- Adds
ResolvableStringto wrap raw-WGSL argument identifiers used during entry-function header generation. - Tightens
ResolutionCtx.resolveso that a bare string without a concrete schema throws a clear error instead of being injected. - Replaces
ctx.resolve(value, dataType).valuecalls withctx.resolveSnippetacross generation code for consistency. - Removes strings from the
isWgsl/Wgsltype union, since they are no longer first-class resolvable values. - Adds tests covering direct, indirect, slot-based and TGSL string-injection cases, and updates existing slot tests to use
d.v3fvalues instead of WGSL string snippets.
Kimi K2 (free via Pullfrog for OSS) | 𝕏
|
Run failed. View the logs →
|
|
Important The runtime guard now rejects strings, but the Reviewed changes — restrict raw string injection into WGSL and route internal identifier strings through a new
|
|
Technical note: I attempted to submit the above feedback via
|
There was a problem hiding this comment.
✅ No new issues found.
Reviewed changes — The latest commit aligns the type system with the runtime string-injection restriction.
- Removed
stringfromWgslandisWgsl()so plain JS strings no longer type-check as resolvable values, matching the runtime rejection added earlier. - Clarified the scoped string-identifer path in
ResolutionCtx.resolve()with an inline example showing how identifier snippets carry their concrete schema.
Kimi K2 (free via Pullfrog for OSS) | 𝕏

Includes changes from #2703 by @iwoplaza