feat: US-070 - Fix IPC binary frame length guards (Rust)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: NathanFlurry

crates/v8-runtime/src/bridge.rs

@@ -410,16 +410,6 @@ fn async_bridge_callback(
     rv.set(promise.into());
 }
 
-/// Serialize V8 function arguments as a V8 Array via ValueSerializer.
-fn serialize_v8_args(scope: &mut v8::HandleScope, args: &v8::FunctionCallbackArguments) -> Result<Vec<u8>, String> {
-    let count = args.length();
-    let array = v8::Array::new(scope, count);
-    for i in 0..count {
-        array.set_index(scope, i as u32, args.get(i));
-    }
-    serialize_v8_value(scope, array.into())
-}
-
 /// Serialize V8 function arguments into a pre-allocated buffer.
 /// The buffer is cleared and reused across calls (grows to high-water mark).
 fn serialize_v8_args_into(scope: &mut v8::HandleScope, args: &v8::FunctionCallbackArguments, buf: &mut Vec<u8>) -> Result<(), String> {

crates/v8-runtime/src/ipc_binary.rs

@@ -121,7 +121,7 @@ pub fn encode_frame_into(buf: &mut Vec<u8>, frame: &BinaryFrame) -> io::Result<(
     buf.clear();
     // Reserve 4 bytes for the length prefix (filled after body)
     buf.extend_from_slice(&[0, 0, 0, 0]);
-    encode_body(buf, frame);
+    encode_body(buf, frame)?;
 
     let total_len = buf.len() - 4;
     if total_len > MAX_FRAME_SIZE as usize {
@@ -192,7 +192,7 @@ pub fn extract_session_id(raw: &[u8]) -> io::Result<Option<&str>> {
 
 // -- Internal encode/decode --
 
-fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) {
+fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) -> io::Result<()> {
     match frame {
         BinaryFrame::Authenticate { token } => {
             buf.push(MSG_AUTHENTICATE);
@@ -206,17 +206,17 @@ fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) {
             cpu_time_limit_ms,
         } => {
             buf.push(MSG_CREATE_SESSION);
-            write_session_id(buf, session_id);
+            write_session_id(buf, session_id)?;
             buf.extend_from_slice(&heap_limit_mb.to_be_bytes());
             buf.extend_from_slice(&cpu_time_limit_ms.to_be_bytes());
         }
         BinaryFrame::DestroySession { session_id } => {
             buf.push(MSG_DESTROY_SESSION);
-            write_session_id(buf, session_id);
+            write_session_id(buf, session_id)?;
         }
         BinaryFrame::InjectGlobals { session_id, payload } => {
             buf.push(MSG_INJECT_GLOBALS);
-            write_session_id(buf, session_id);
+            write_session_id(buf, session_id)?;
             buf.extend_from_slice(payload);
         }
         BinaryFrame::Execute {
@@ -227,12 +227,10 @@ fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) {
             user_code,
         } => {
             buf.push(MSG_EXECUTE);
-            write_session_id(buf, session_id);
+            write_session_id(buf, session_id)?;
             buf.push(*mode);
             // file_path length (u16 BE)
-            let fp_bytes = file_path.as_bytes();
-            buf.extend_from_slice(&(fp_bytes.len() as u16).to_be_bytes());
-            buf.extend_from_slice(fp_bytes);
+            write_len_prefixed_u16(buf, file_path)?;
             // bridge_code length (u32 BE)
             let bc_bytes = bridge_code.as_bytes();
             buf.extend_from_slice(&(bc_bytes.len() as u32).to_be_bytes());
@@ -247,7 +245,7 @@ fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) {
             payload,
         } => {
             buf.push(MSG_BRIDGE_RESPONSE);
-            write_session_id(buf, session_id);
+            write_session_id(buf, session_id)?;
             buf.extend_from_slice(&call_id.to_be_bytes());
             buf.push(*status);
             buf.extend_from_slice(payload);
@@ -258,15 +256,13 @@ fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) {
             payload,
         } => {
             buf.push(MSG_STREAM_EVENT);
-            write_session_id(buf, session_id);
-            let et_bytes = event_type.as_bytes();
-            buf.extend_from_slice(&(et_bytes.len() as u16).to_be_bytes());
-            buf.extend_from_slice(et_bytes);
+            write_session_id(buf, session_id)?;
+            write_len_prefixed_u16(buf, event_type)?;
             buf.extend_from_slice(payload);
         }
         BinaryFrame::TerminateExecution { session_id } => {
             buf.push(MSG_TERMINATE_EXECUTION);
-            write_session_id(buf, session_id);
+            write_session_id(buf, session_id)?;
         }
         BinaryFrame::WarmSnapshot { bridge_code } => {
             buf.push(MSG_WARM_SNAPSHOT);
@@ -282,11 +278,9 @@ fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) {
             payload,
         } => {
             buf.push(MSG_BRIDGE_CALL);
-            write_session_id(buf, session_id);
+            write_session_id(buf, session_id)?;
             buf.extend_from_slice(&call_id.to_be_bytes());
-            let m_bytes = method.as_bytes();
-            buf.extend_from_slice(&(m_bytes.len() as u16).to_be_bytes());
-            buf.extend_from_slice(m_bytes);
+            write_len_prefixed_u16(buf, method)?;
             buf.extend_from_slice(payload);
         }
         BinaryFrame::ExecutionResult {
@@ -296,7 +290,7 @@ fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) {
             error,
         } => {
             buf.push(MSG_EXECUTION_RESULT);
-            write_session_id(buf, session_id);
+            write_session_id(buf, session_id)?;
             buf.extend_from_slice(&exit_code.to_be_bytes());
             let mut flags: u8 = 0;
             if exports.is_some() {
@@ -311,10 +305,10 @@ fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) {
                 buf.extend_from_slice(exp);
             }
             if let Some(err) = error {
-                write_len_prefixed_u16(buf, &err.error_type);
-                write_len_prefixed_u16(buf, &err.message);
-                write_len_prefixed_u16(buf, &err.stack);
-                write_len_prefixed_u16(buf, &err.code);
+                write_len_prefixed_u16(buf, &err.error_type)?;
+                write_len_prefixed_u16(buf, &err.message)?;
+                write_len_prefixed_u16(buf, &err.stack)?;
+                write_len_prefixed_u16(buf, &err.code)?;
             }
         }
         BinaryFrame::Log {
@@ -323,7 +317,7 @@ fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) {
             message,
         } => {
             buf.push(MSG_LOG);
-            write_session_id(buf, session_id);
+            write_session_id(buf, session_id)?;
             buf.push(*channel);
             buf.extend_from_slice(message.as_bytes());
         }
@@ -333,13 +327,12 @@ fn encode_body(buf: &mut Vec<u8>, frame: &BinaryFrame) {
             payload,
         } => {
             buf.push(MSG_STREAM_CALLBACK);
-            write_session_id(buf, session_id);
-            let ct_bytes = callback_type.as_bytes();
-            buf.extend_from_slice(&(ct_bytes.len() as u16).to_be_bytes());
-            buf.extend_from_slice(ct_bytes);
+            write_session_id(buf, session_id)?;
+            write_len_prefixed_u16(buf, callback_type)?;
             buf.extend_from_slice(payload);
         }
     }
+    Ok(())
 }
 
 fn decode_body(buf: &[u8]) -> io::Result<BinaryFrame> {
@@ -493,16 +486,30 @@ fn decode_body(buf: &[u8]) -> io::Result<BinaryFrame> {
 
 // -- Primitive read/write helpers --
 
-fn write_session_id(buf: &mut Vec<u8>, sid: &str) {
+fn write_session_id(buf: &mut Vec<u8>, sid: &str) -> io::Result<()> {
     let bytes = sid.as_bytes();
+    if bytes.len() > 255 {
+        return Err(io::Error::new(
+            io::ErrorKind::InvalidInput,
+            format!("session ID byte length {} exceeds u8 max 255", bytes.len()),
+        ));
+    }
     buf.push(bytes.len() as u8);
     buf.extend_from_slice(bytes);
+    Ok(())
 }
 
-fn write_len_prefixed_u16(buf: &mut Vec<u8>, s: &str) {
+fn write_len_prefixed_u16(buf: &mut Vec<u8>, s: &str) -> io::Result<()> {
     let bytes = s.as_bytes();
+    if bytes.len() > 0xFFFF {
+        return Err(io::Error::new(
+            io::ErrorKind::InvalidInput,
+            format!("string byte length {} exceeds u16 max 65535", bytes.len()),
+        ));
+    }
     buf.extend_from_slice(&(bytes.len() as u16).to_be_bytes());
     buf.extend_from_slice(bytes);
+    Ok(())
 }
 
 fn read_u8(buf: &[u8], pos: &mut usize) -> io::Result<u8> {
@@ -1263,4 +1270,84 @@ mod tests {
         encode_frame_into(&mut buf, &small).expect("encode");
         assert_eq!(buf.capacity(), large_cap, "capacity should stay at high-water mark");
     }
+
+    // -- Overflow guard tests --
+
+    #[test]
+    fn write_session_id_rejects_oversized() {
+        // Session ID > 255 bytes must be rejected
+        let long_sid = "x".repeat(256);
+        let frame = BinaryFrame::DestroySession {
+            session_id: long_sid,
+        };
+        let result = frame_to_bytes(&frame);
+        assert!(result.is_err());
+        let err = result.unwrap_err();
+        assert_eq!(err.kind(), io::ErrorKind::InvalidInput);
+        assert!(err.to_string().contains("session ID byte length"));
+        assert!(err.to_string().contains("255"));
+    }
+
+    #[test]
+    fn write_session_id_accepts_max() {
+        // Session ID of exactly 255 bytes must succeed
+        let max_sid = "a".repeat(255);
+        let frame = BinaryFrame::DestroySession {
+            session_id: max_sid.clone(),
+        };
+        let bytes = frame_to_bytes(&frame).expect("should accept 255-byte session ID");
+        let decoded = read_frame(&mut std::io::Cursor::new(&bytes)).expect("decode");
+        assert_eq!(decoded, frame);
+    }
+
+    #[test]
+    fn write_len_prefixed_u16_rejects_oversized() {
+        // String > 65535 bytes in a u16-prefixed field must be rejected
+        let long_method = "m".repeat(65536);
+        let frame = BinaryFrame::BridgeCall {
+            session_id: "s".into(),
+            call_id: 1,
+            method: long_method,
+            payload: vec![],
+        };
+        let result = frame_to_bytes(&frame);
+        assert!(result.is_err());
+        let err = result.unwrap_err();
+        assert_eq!(err.kind(), io::ErrorKind::InvalidInput);
+        assert!(err.to_string().contains("string byte length"));
+        assert!(err.to_string().contains("65535"));
+    }
+
+    #[test]
+    fn write_len_prefixed_u16_accepts_max() {
+        // String of exactly 65535 bytes in a u16-prefixed field must succeed
+        let max_method = "m".repeat(65535);
+        let frame = BinaryFrame::BridgeCall {
+            session_id: "s".into(),
+            call_id: 1,
+            method: max_method.clone(),
+            payload: vec![],
+        };
+        let bytes = frame_to_bytes(&frame).expect("should accept 65535-byte method");
+        let decoded = read_frame(&mut std::io::Cursor::new(&bytes)).expect("decode");
+        assert_eq!(decoded, frame);
+    }
+
+    #[test]
+    fn execute_file_path_rejects_oversized() {
+        // file_path > 65535 bytes must be rejected (encoded as u16)
+        let long_path = "/".repeat(65536);
+        let frame = BinaryFrame::Execute {
+            session_id: "s".into(),
+            mode: 0,
+            file_path: long_path,
+            bridge_code: "".into(),
+            user_code: "".into(),
+        };
+        let result = frame_to_bytes(&frame);
+        assert!(result.is_err());
+        let err = result.unwrap_err();
+        assert_eq!(err.kind(), io::ErrorKind::InvalidInput);
+        assert!(err.to_string().contains("65535"));
+    }
 }

progress.txt

@@ -2755,3 +2755,33 @@ PRD: ralph/kernel-hardening (46 stories)
   - packages/secure-exec-core/dist/ is gitignored — don't try to stage files from there
   - The generated isolate-runtime.ts is auto-regenerated by `pnpm run --filter @secure-exec/core build` (specifically build:isolate-runtime)
 ---
+
+## 2026-03-19 - US-069
+- What was implemented: Fixed 4 correctness bugs in TypeScript IPC binary codec and runtime hash function
+  - readLenPrefixedU16: returns { value, bytesRead } struct; pos advances by wire length (u16 value), not Buffer.byteLength(decodedString)
+  - encodeSessionId: throws if session ID UTF-8 byte length exceeds 255 (was silently truncating via byte assignment)
+  - writeLenPrefixedU16: throws if string UTF-8 byte length exceeds 65535 (explicit guard before writeUInt16BE)
+  - fnv1aHash: hashes over Buffer.from(str, 'utf8') bytes instead of str.charCodeAt(i) UTF-16 code units
+- Exported fnv1aHash from runtime.ts and index.ts for testability
+- Added 14 new tests: overflow guards (6), multi-byte UTF-8 round-trips (3), fnv1aHash (4 including UTF-8 vs UTF-16 divergence proof), boundary tests (1)
+- Files changed: packages/secure-exec-v8/src/ipc-binary.ts, packages/secure-exec-v8/src/runtime.ts, packages/secure-exec-v8/src/index.ts, packages/secure-exec-v8/test/ipc-binary.test.ts
+- **Learnings for future iterations:**
+  - readLenPrefixedU16 wire length vs re-encoded length diverges on malformed UTF-8 (replacement char U+FFFD re-encodes to 3 bytes per invalid sequence)
+  - Node.js writeUInt16BE already throws RangeError for >0xFFFF but error message is opaque — explicit guard gives clearer diagnostics
+  - FNV-1a over charCodeAt gives different results from FNV-1a over UTF-8 bytes for any non-ASCII string — always hash bytes for cross-language compatibility
+---
+
+## 2026-03-19 - US-070
+- Fixed overflow guards in Rust IPC binary encoder to prevent silent truncation
+- `write_session_id` now returns `io::Result<()>` and rejects session IDs > 255 bytes
+- `write_len_prefixed_u16` now returns `io::Result<()>` and rejects strings > 65535 bytes
+- `encode_body` changed to return `io::Result<()>` to propagate errors from helpers
+- Execute frame's `file_path` now uses `write_len_prefixed_u16` instead of inline `as u16` cast
+- All inline `as u16` casts for StreamEvent, BridgeCall, StreamCallback replaced with `write_len_prefixed_u16`
+- Removed dead `serialize_v8_args` function from bridge.rs (replaced by `serialize_v8_args_into`)
+- Added tests: write_session_id rejects >255 byte sid, accepts 255; write_len_prefixed_u16 rejects >65535, accepts 65535; Execute file_path rejects >65535
+- Files changed: crates/v8-runtime/src/ipc_binary.rs, crates/v8-runtime/src/bridge.rs
+- **Learnings for future iterations:**
+  - encode_body was infallible (returned nothing) so callers like encode_frame_into had to handle errors only from the size check — now encode_body itself can fail on field overflow
+  - All u16/u8 truncation points in encode_body now use the guarded helper functions
+---

scripts/ralph/prd.json

@@ -1005,8 +1005,8 @@
         "Tests pass"
       ],
       "priority": 59,
-      "passes": false,
-      "notes": "PR review finding: Critical correctness bugs. readLenPrefixedU16 diverges on malformed UTF-8. fnv1aHash mismatch can cause stale bridge code on Rust side."
+      "passes": true,
+      "notes": "Fixed: readLenPrefixedU16 returns bytesRead from wire length instead of re-encoded string length; encodeSessionId throws on >255 bytes; writeLenPrefixedU16 throws on >65535 bytes; fnv1aHash hashes over UTF-8 bytes via Buffer.from()."
     },
     {
       "id": "US-070",
@@ -1023,8 +1023,8 @@
         "Typecheck passes"
       ],
       "priority": 60,
-      "passes": false,
-      "notes": "PR review finding: Silent truncation via 'as u8'/'as u16' casts corrupts frames."
+      "passes": true,
+      "notes": "Fixed: write_session_id returns error on >255 bytes; write_len_prefixed_u16 returns error on >65535 bytes; encode_body propagates errors; Execute file_path uses write_len_prefixed_u16; removed dead serialize_v8_args."
     },
     {
       "id": "US-071",