fix(workspace-hub): validate structured API payloads

RichardGeorgeDavis · RichardGeorgeDavis · commit 27245175e43f · 2026-04-12T19:56:47.000+02:00
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 2026-04-12
+
+- Added runtime payload validation bounds to `repos/workspace-hub/src/lib/api.ts` so `runRepoIntake`, `runWorkspaceCapabilityAction`, and `applyRepoAgentPreset` execute strict schema-shape verification before asserting TypeScript types, preventing downstream React faults on malformed payloads.
+
 ## 2026-04-11
 
 - Bumped the workspace baseline release to `v1.2.2` and updated `repos/workspace-hub` to `1.2.2` to capture the side-load `entry.md` packet flow, manifest `entryDocs` support, and thin-versus-deep indexed search as the new published baseline.
diff --git a/docs/HANDOVER.md b/docs/HANDOVER.md
@@ -896,3 +896,15 @@ Verification status for this local slice:
 Pickup note:
 
 - if this slice lands, update `docs/CHANGELOG.md`, `docs/README.md`, and any relevant `workspace-hub` docs summary so the public side-load contract reflects `entry.md` and the new indexed-search modes
+
+### Implementation update (2026-04-12, runtime payload safety)
+
+Completed in `repos/workspace-hub`:
+
+1. Added strict validation constraints around core API calls fetching structured payloads (`runRepoIntake`, `runWorkspaceCapabilityAction`, and `applyRepoAgentPreset`) inside `src/lib/api.ts`.
+2. Verified manual object validation throws clean Errors rather than silently returning structurally corrupt data to the React UI, establishing stricter type boundaries given the environment lacks `zod`.
+
+Verification status for this local slice:
+
+- `pnpm --dir "repos/workspace-hub" typecheck`
+- `pnpm --dir "repos/workspace-hub" test`
diff --git a/repos/workspace-hub/src/lib/api.ts b/repos/workspace-hub/src/lib/api.ts
@@ -174,7 +174,12 @@ export async function runWorkspaceCapabilityAction(
     throw new Error(await readErrorMessage(response))
   }
 
-  return (await response.json()) as {
+  const data = await response.json()
+  if (!data || typeof data !== 'object' || !('ok' in data) || !('output' in data)) {
+    throw new Error('Malformed response received from capability action endpoint')
+  }
+
+  return data as {
     ok: boolean
     output: string
   }
@@ -325,7 +330,12 @@ export async function runRepoIntake(relativePath: string) {
     throw new Error(await readErrorMessage(response))
   }
 
-  return (await response.json()) as {
+  const data = await response.json()
+  if (!data || typeof data !== 'object' || !('ok' in data) || !('result' in data)) {
+    throw new Error('Malformed response received from intake endpoint')
+  }
+
+  return data as {
     ok: boolean
     result: RepoIntakeResult
   }
@@ -413,7 +423,12 @@ export async function applyRepoAgentPreset(
     throw new Error(await readErrorMessage(response))
   }
 
-  return (await response.json()) as {
+  const data = await response.json()
+  if (!data || typeof data !== 'object' || !('ok' in data) || !('result' in data)) {
+    throw new Error('Malformed response received from agent preset endpoint')
+  }
+
+  return data as {
     ok: true
     result: RepoAgentPresetResult
   }
