Skip to content

Enable unchecked indexed access checks#415

Draft
HardlyDifficult wants to merge 158 commits into
mainfrom
codex/no-unchecked-index-access
Draft

Enable unchecked indexed access checks#415
HardlyDifficult wants to merge 158 commits into
mainfrom
codex/no-unchecked-index-access

Conversation

@HardlyDifficult

@HardlyDifficult HardlyDifficult commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • enable TypeScript noUncheckedIndexedAccess across the SDK and test surface
  • replace unchecked indexing with explicit narrowing and small internal helpers
  • keep the SDK focused on type safety and transport/internal invariants, without duplicating DAML domain validation

Why

Index access previously produced unsound non-optional values even when a key or array element could be absent. This change makes those uncertainty points visible to TypeScript and resolves them at the nearest boundary.

The runtime checks retained here are limited to configuration, decoded/transport shape, and SDK-internal invariants. Business correctness remains the DAML contracts responsibility.

Validation

Validated locally on the clean tree based on merged main:

  • npm run build
  • npm run test:declarations
  • npm run typecheck
  • npm test -- --runInBand - 61 suites, 2,777 tests
  • npm run lint
  • npm run format
  • git diff --check

Note

Medium Risk
Broad touch across OCF read paths and cap-table classification with new throws and date fallbacks; behavior should match prior intent but warrants regression on replication and extraction flows.

Overview
Turns on noUncheckedIndexedAccess in tsconfig.json and updates the SDK, scripts, and tests so array/object indexing is explicitly narrowed instead of assumed present.

Adds requireDefined / requireFirst for script and test boundaries, and applies that pattern (plus ?? fallbacks on split('T')[0] date trimming) across OpenCapTable DAML→OCF converters and related utilities.

Hardens own-property lookups where in was unsafe: replication entity maps (getOwnEntityType), valuation enum maps, safeGet, schema alias resolution, and issuer contract iteration in cantonOcfExtractor. classifyIssuerCapTables now throws SCHEMA_MISMATCH if a “non-empty” query yields no first row; archive matching uses explicit single-element checks.

Tests cover inherited keys like toString and add transactionHelpers.safeGet coverage; ocfMetadata.ocfIdPath is typed as a readonly tuple path.

Reviewed by Cursor Bugbot for commit 3f10aa3. Bugbot is set up for automated code reviews on this repo. Configure here.

@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

The change enables noUncheckedIndexedAccess, adds reusable defined-value helpers, hardens own-property lookups and empty-collection handling across production utilities and scripts, and updates broad test coverage to use explicit guarded access.

Changes

Indexed access and prototype safety hardening

Layer / File(s) Summary
Runtime guards and lookup contracts
src/utils/*, src/functions/OpenCapTable/..., tsconfig.json
Adds requireDefined/requireFirst, strengthens own-property checks and metadata typing, and adds explicit runtime guards for missing indexed values.
Script lookup and parsing hardening
scripts/*
Hardens schema-audit lookups, coverage parsing, version parsing, iteration, and script entry-point execution.
Batch and converter assertion updates
test/batch/*, test/converters/*, test/createOcf/*
Replaces direct array access with guarded helpers and adds prototype-key rejection coverage.
Integration and boundary validation
test/integration/*, test/schemaAlignment/*, test/utils/*, test/validation/*
Updates integration and utility tests to validate expected values explicitly and use stable fixture selection.

Estimated code review effort: 4 (Complex) | ~45 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 45.83% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: enabling unchecked indexed access checks.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/no-unchecked-index-access

Comment @coderabbitai help to get the list of available commands.

@HardlyDifficult HardlyDifficult marked this pull request as ready for review July 10, 2026 04:53
@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

CI is green on the latest head, including the full OCP QuickStart integration suite.

@copilot review
@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown

@HardlyDifficult Thanks for the update — glad to hear CI is green including the full OCP QuickStart integration suite. I'll review the latest changes now.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

@coderabbitai review

Please run one substantive review of exact current head a4e5d95435a1fd0fbc8a9f865dc448ef2e18179a. Copilot and Cursor both completed clean exact-head reviews; required CI is green, GitHub reports CLEAN/MERGEABLE, and all threads are resolved. The organization included-review cooldown from #414’s completed run has elapsed. Please analyze and publish the full current #415 delta, and report every actionable finding.

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown

@HardlyDifficult Understood — I'll run a fresh review of the current head a4e5d95435a1fd0fbc8a9f865dc448ef2e18179a now.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

@coderabbitai review

The exact adaptive-limit window shown on the prior sticky has fully elapsed. Please now run and publish the complete substantive pipeline for exact current head a4e5d95435a1fd0fbc8a9f865dc448ef2e18179a, covering all 43 selected files in the delta from final base 0776a3344cb666e9135f71d32b8c11374ccefd92. Copilot and Cursor are exact-head clean, required CI is green, GitHub reports CLEAN/MERGEABLE, and all threads are resolved. Report every actionable finding.

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown

@HardlyDifficult Understood — I'll trigger a review pass now for the current head a4e5d95435a1fd0fbc8a9f865dc448ef2e18179a.

Please note: CodeRabbit is an incremental review system and does not re-review commits that have already been reviewed. If this exact commit was already reviewed in a prior pass (as the chain indicates), there won't be a new incremental review to publish unless automatic reviews were paused or new changes are pushed. If you'd like a full re-analysis regardless of prior incremental state, use @coderabbitai full review instead, which forces a complete re-review of all files in the PR.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/converters/warrantIssuanceConverters.test.ts`:
- Around line 700-711: Update the test setup around the existing trigger
extraction so the already-extracted single trigger `trig` is used directly for
`conversion_right`, rather than passing it to `requireFirst`. Keep
`requireFirst` only on the original trigger collection and preserve the
subsequent tagged-enum assertions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: fb7f30c5-556d-4279-beec-e6e16cbf488b

📥 Commits

Reviewing files that changed from the base of the PR and between 0776a33 and a4e5d95.

📒 Files selected for processing (43)
  • scripts/audit-ocf-schema-alignment.ts
  • scripts/optimize-fixtures.ts
  • scripts/prepare-release.ts
  • src/functions/OpenCapTable/capTable/archiveFullCapTable.ts
  • src/functions/OpenCapTable/capTable/getCapTableState.ts
  • src/functions/OpenCapTable/valuation/damlToOcf.ts
  • src/functions/OpenCapTable/vestingTerms/getVestingTermsAsOcf.ts
  • src/utils/cantonOcfExtractor.ts
  • src/utils/ocfMetadata.ts
  • src/utils/ocfZodSchemas.ts
  • src/utils/planSecurityAliases.ts
  • src/utils/replicationHelpers.ts
  • src/utils/requireDefined.ts
  • src/utils/transactionHelpers.ts
  • test/batch/CapTableBatch.test.ts
  • test/batch/damlToOcfConverters.test.ts
  • test/batch/damlToOcfDispatcher.test.ts
  • test/batch/remainingOcfTypes.test.ts
  • test/capTable/archiveFullCapTable.test.ts
  • test/capTable/getCapTableState.test.ts
  • test/converters/convertibleIssuanceConverters.test.ts
  • test/converters/stockClassConverters.test.ts
  • test/converters/valuationVestingConverters.test.ts
  • test/converters/warrantIssuanceConverters.test.ts
  • test/createOcf/falsyFieldRoundtrip.test.ts
  • test/integration/entities/exerciseConversionTypes.integration.test.ts
  • test/integration/entities/valuationVesting.integration.test.ts
  • test/integration/production/productionDataRoundtrip.integration.test.ts
  • test/integration/setup/contractDeployment.ts
  • test/integration/setup/integrationTestHarness.ts
  • test/integration/workflows/capTableWorkflow.integration.test.ts
  • test/schemaAlignment/dateBoundaryInvariants.test.ts
  • test/schemaAlignment/enumAlignment.test.ts
  • test/scripts/auditOcfSchemaAlignment.test.ts
  • test/utils/ocfMetadata.test.ts
  • test/utils/ocfZodSchemas.test.ts
  • test/utils/planSecurityAliases.test.ts
  • test/utils/replicationHelpers.test.ts
  • test/utils/transactionHelpers.test.ts
  • test/utils/transactionSorting.test.ts
  • test/validation/boundaries.test.ts
  • test/validation/generatedDamlBoundary.test.ts
  • tsconfig.json
💤 Files with no reviewable changes (1)
  • src/functions/OpenCapTable/vestingTerms/getVestingTermsAsOcf.ts

Comment thread test/converters/warrantIssuanceConverters.test.ts
@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Ready for final human review on exact head a4e5d95435a1fd0fbc8a9f865dc448ef2e18179a.

Final gate evidence:

Assigned to @HardlyDifficult for final review. No standing +1 reaction is present, so this has not been merged.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Readiness retracted for the DAML-validation boundary cleanup. This PR will be rebuilt without the abandoned upstream runtime-domain validation, then revalidated and freshly reviewed on its exact resulting head before merge.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Pivoted and restacked on merged #412. Exact PR head 06a8c00 contains only the clean noUncheckedIndexedAccess hardening slice; SDK-side business validation remains excluded. Local build, strict declarations, typecheck, 2,777 tests, lint, formatting, and diff checks pass. Keeping this draft until exact-head CI and automated reviews complete.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Exact head 06a8c00 is green and merge-clean after the DAML-responsibility pivot. @copilot review Please review this exact head, focusing on sound noUncheckedIndexedAccess narrowing and ensuring no SDK-side domain validation was introduced.

Copilot AI commented Jul 13, 2026

Copy link
Copy Markdown

Exact head 06a8c00 is green and merge-clean after the DAML-responsibility pivot. @copilot review Please review this exact head, focusing on sound noUncheckedIndexedAccess narrowing and ensuring no SD...

Reviewed exact head 06a8c001 with focus on sound noUncheckedIndexedAccess narrowing and ensuring SDK-side domain/business validation was not introduced; I don’t see any current-head actionable issues to address in this PR.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Copilot completed an exact-head pass with no findings. @cursor review Please review exact head 06a8c00 for unsafe index narrowing or hidden domain validation.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

@coderabbitai review Please perform a substantive review of exact head 06a8c00, focusing on noUncheckedIndexedAccess soundness and the DAML-responsibility pivot.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

@HardlyDifficult Understood — I'll run a substantive review of the current head 06a8c001 now, with focus on noUncheckedIndexedAccess soundness and confirming no SDK-side domain validation was reintroduced as part of the DAML-responsibility pivot.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 64 out of 65 changed files in this pull request and generated 2 comments.

Comment thread src/functions/OpenCapTable/valuation/damlToOcf.ts Outdated
Comment thread scripts/audit-ocf-schema-alignment.ts
@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Addressed both exact-head Copilot findings in 4e1d322: string-keyed valuation and schema-alias maps now require own properties, and the valuation path has a prototype-key regression test. Build, declarations, typecheck, all 2,778 tests, lint, focused formatting, and diff checks pass locally. PR remains draft for new exact-head CI.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 64 out of 65 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

src/utils/transactionHelpers.ts:29

  • safeGet still uses key in curr and then reads curr[key], which will treat inherited/prototype properties (e.g. toString) as present. This reintroduces the prototype-key hazard that the PR is otherwise hardening against. Use an own-property guard (Object.prototype.hasOwnProperty.call) for each path segment and keep traversal typed as unknown so primitives can be returned at the leaf.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Exact corrected head 4e1d322 is green and merge-clean. @copilot review Please re-review this exact head, including the two own-property fixes and prototype-key regression coverage.

Copilot AI commented Jul 13, 2026

Copy link
Copy Markdown

Exact corrected head 4e1d322 is green and merge-clean. @copilot review Please re-review this exact head, including the two own-property fixes and prototype-key regression coverage.

Reviewed exact head 4e1d322a551098c33cf575de175871fb0cf74e95, including both own-property fixes and the prototype-key regression coverage; I don’t see any current-head actionable issues to address.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Copilot completed the corrected exact-head pass with no findings. @cursor review Please review exact head 4e1d322, including the own-property hardening.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

@coderabbitai review Please perform a substantive review of corrected exact head 4e1d322, including the prototype-chain fixes and DAML-responsibility scope.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

@HardlyDifficult Understood — I'll trigger a review pass now for the current head 4e1d322a, covering the own-property/prototype-chain fixes and the DAML-responsibility scope pivot.

Please note: CodeRabbit is an incremental review system and does not re-review commits that have already been reviewed. If this exact commit was already reviewed in a prior pass, there won't be a new incremental review to publish unless automatic reviews were paused or new changes were pushed since. If you'd like a full re-analysis regardless of prior incremental state, use @coderabbitai full review instead.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Also addressed the suppressed prototype-chain note from the formal Copilot review in 3f10aa3: safeGet now traverses own properties only while keeping the leaf typed as unknown, with direct and inherited-path regression tests. Typecheck, focused tests, lint, formatting, and diff checks pass. Draft exact-head CI is running again.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 65 out of 66 changed files in this pull request and generated 1 comment.

Comment on lines +1091 to +1096
const cliffPortion = requireDefined(conditions[1], 'cliff vesting condition').portion;
const monthlyPortion = requireDefined(conditions[2], 'monthly vesting condition').portion;
expect(cliffPortion).toBeDefined();
expect(cliffPortion === undefined ? true : 'remainder' in cliffPortion).toBe(false);
expect(monthlyPortion).toBeDefined();
expect(monthlyPortion === undefined ? true : 'remainder' in monthlyPortion).toBe(false);
@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Final exact head 3f10aa3 is green and merge-clean. @copilot review Please review this exact head, including safeGet own-property traversal and its regression tests.

Copilot AI commented Jul 13, 2026

Copy link
Copy Markdown

Final exact head 3f10aa3 is green and merge-clean. @copilot review Please review this exact head, including safeGet own-property traversal and its regression tests.

Reviewed exact head 3f10aa3c72384506d6820d9d523dea070e69d687, including safeGet own-property traversal and the added regression tests; I don’t see any current-head actionable issues to address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants