Kotlin sdk treeshake s2c messages#1396
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a streaming parser for A2UI, supporting both v0.8 and v0.9 specifications, along with enhanced schema pruning capabilities for components, messages, and common types. Key additions include the StreamingParser base class and its version-specific implementations, as well as the TopologyAnalyzer and SchemaInspector for managing component relationships. Feedback focuses on critical performance and security optimizations within the streaming logic. Specifically, the reviewer identified high-severity inefficiencies in the JSON sniffing logic, such as redundant regex searches and object allocations in hot loops. Additionally, there are concerns regarding potential memory exhaustion from unbounded buffers and stack overflow risks due to recursive schema traversal on untrusted input.
|
|
||
| protected var foundDelimiter = false | ||
| protected var buffer = "" | ||
| protected var jsonBuffer = "" |
There was a problem hiding this comment.
jsonBuffer is appended to continuously as chunks are processed and is only reset when a closeTag is encountered. If a malicious or malformed stream provides a very large A2UI block without a closing tag, this buffer will grow indefinitely, potentially leading to an OutOfMemoryError. Consider implementing a maximum buffer size limit.
jgindin
force-pushed
the
kotlin-sdk-treeshake-s2c-messages
branch
3 times, most recently
from
d8ac73a to
b225336
Compare
There was a problem hiding this comment.
Similar comment as the previous one. Ideally, we should not need any unit tests for the treeshaking feature.
jgindin
force-pushed
the
kotlin-sdk-treeshake-s2c-messages
branch
5 times, most recently
from
624b953 to
f1e3968
Compare
Implements the full incremental A2UI v0.9 streaming parser suite in Kotlin, achieving SDK parity. Automatically incorporates critical subsequent fixes for robust real-time topology parsing and relative bindings. Port of Python SDK commit 8ba982a
Port of Python SDK commit 1ea689d
Implement coordinated component and message pruning via withPruning, propagating allowedMessages from A2uiSchemaManager down to Catalog. Add robust automated unit tests and enable full conformance verification. Port of Python SDK commit 0fd7240
jgindin
force-pushed
the
kotlin-sdk-treeshake-s2c-messages
branch
from
f1e3968 to
6897fe5
Compare
2 participants
Description
Implement coordinated component and message pruning via withPruning, propagating allowedMessages from A2uiSchemaManager down to Catalog.
Enable full conformance verification.
Port of Python SDK commit 0fd7240
Pre-launch Checklist
If you need help, consider asking for advice on the discussion board.