Mitigate fragment decompression DoS by rejecting lz codec

[baanish]

Motivation

• The LZ decompression path allowed attacker-controlled fragment data to be decompressed before enforcing the decoded-size guard, enabling a client-side decompression-bomb DoS vector.

Description

• Remove the unsafe LZ decode path so fragments with v1.lz are rejected up-front and never decompressed by decodeFragment.
• Force encodeEnvelope to emit plain (base64url) payloads even when codec: "lz" is requested so generated links remain decodable by current clients.
• Simplify payload helpers to use base64url-only encoding and stop importing/delegating to the LZ decompressor in src/lib/payload/fragment.ts.
• Update tests in tests/fragment.test.ts to assert plain transport is emitted and to add a test that v1.lz fragments are rejected.

Testing

• Ran npm test -- tests/fragment.test.ts and all tests passed (6 passed).
• Ran npm run lint and ESLint completed without errors.

---

Codex Task

Summary by CodeRabbit

• Breaking Changes
  • Removed compression codec support; all payloads now use base64 encoding exclusively.
  • Requests using the "lz" codec are automatically routed to plain encoding instead.
  • Decoding fragments with "lz" codec now returns an error; use "plain" codec instead.

[cloudflare-workers-and-pages]

Deploying agent-render with    Cloudflare Pages

Latest commit:	264d046
Status:	✅  Deploy successful!
Preview URL:	https://320d4752.agent-render.pages.dev
Branch Preview URL:	https://codex-propose-fix-for-lz-dec.agent-render.pages.dev

View logs

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request removes support for the "lz" (compression) codec from the fragment encoding and decoding system. All encoding now defaults to plain base64 encoding via an updated encodePayload function. Requests for lz encoding are redirected to plain encoding, and lz decoding explicitly rejects with an invalid-format error.

Changes

Cohort / File(s)	Summary
Lz-string Codec Removal src/lib/payload/fragment.ts	Removed lz codec logic from encodePayload, encodeEnvelope, and decodeFragment. Functions now always use plain base64 encoding; lz requests are routed to plain codec or rejected with invalid-format errors. Eliminated dynamic compression comparison path.
Test Updates tests/fragment.test.ts	Updated envelope encoding test to expect plain transport instead of lz. Added new test verifying that lz codec results in plain transport with invalid-format decoding error.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 No more strings to compress or squish,
Plain and simple is our wish,
Encoding flows now clean and true,
The lz codec bids adieu! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: rejecting the lz codec to mitigate a decompression DoS vulnerability.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/propose-fix-for-lz-decompression-dos

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Overview

Severity	Count
CRITICAL	0
WARNING	0
SUGGESTION	0

The PR correctly removes LZ compression support to address the decompression DoS vulnerability (as suggested by the branch name). The changes:

• Remove LZ-string import and usage
• Always use plain/base64 encoding
• Properly reject LZ codec with clear error messages
• Update tests to verify the new behavior

Files Reviewed (2 files)

• src/lib/payload/fragment.ts - No issues
• tests/fragment.test.ts - No issues

Other Observations (not in diff)

Minor issue found in existing code (not part of this PR):

File	Line	Issue
src/lib/payload/fragment.ts	110	Misleading error message: says "Supported codecs are plain and lz" but LZ is no longer supported. Consider updating to "Supported codec is plain."

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/lib/payload/fragment.ts (1)

50-64: ⚠️ Potential issue | 🟠 Major

Reject oversized plain fragments at encode time.

After removing the compressed path, some bundles that previously fit as v1.lz will now serialize past MAX_FRAGMENT_LENGTH. The current viewer-shell.tsx caller writes whatever this function returns, so we can generate links that decodeFragment() immediately rejects on reload. Please surface an explicit failure here instead of emitting an undecodable fragment.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/payload/fragment.ts` around lines 50 - 64, The encodeEnvelope
function must fail fast when a plain fragment would exceed MAX_FRAGMENT_LENGTH
instead of returning an undecodable payload; after creating plainFragment via
buildFragment(envelope, "plain") check its serialized length against
MAX_FRAGMENT_LENGTH and throw a clear Error (or return a rejected result) if it
exceeds the limit. Update encodeEnvelope to perform this check (use the existing
MAX_FRAGMENT_LENGTH constant) before honoring options.preferCompressed or
returning plainFragment so callers like viewer-shell.tsx never receive fragments
that decodeFragment() will immediately reject. Ensure the thrown error message
references encodeEnvelope and MAX_FRAGMENT_LENGTH for easier debugging.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/lib/payload/fragment.ts`:
- Around line 114-120: The branch that handles codec === "lz" should return a
distinct error code instead of "invalid-format" so legacy lz fragments are
distinguishable; update the return value in the codec === "lz" branch in
src/lib/payload/fragment.ts to use a new, specific code (e.g., "legacy-codec" or
"unsupported-legacy-fragment") while keeping a clear message, and update any
tests or callers that rely on the old "invalid-format" code to expect the new
code.

---

Outside diff comments:
In `@src/lib/payload/fragment.ts`:
- Around line 50-64: The encodeEnvelope function must fail fast when a plain
fragment would exceed MAX_FRAGMENT_LENGTH instead of returning an undecodable
payload; after creating plainFragment via buildFragment(envelope, "plain") check
its serialized length against MAX_FRAGMENT_LENGTH and throw a clear Error (or
return a rejected result) if it exceeds the limit. Update encodeEnvelope to
perform this check (use the existing MAX_FRAGMENT_LENGTH constant) before
honoring options.preferCompressed or returning plainFragment so callers like
viewer-shell.tsx never receive fragments that decodeFragment() will immediately
reject. Ensure the thrown error message references encodeEnvelope and
MAX_FRAGMENT_LENGTH for easier debugging.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cc1d7cf3-396e-4b7c-b8e8-618d737fc3cc

📥 Commits

Reviewing files that changed from the base of the PR and between 7cab153 and 264d046.

📒 Files selected for processing (2)

• src/lib/payload/fragment.ts
• tests/fragment.test.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Don’t report rejected lz links as generic format errors.

These are legacy fragments generated by older clients, not malformed input. Returning invalid-format makes old #agent-render=v1.lz... bookmarks indistinguishable from genuinely corrupt hashes, so the UI has no reliable way to show a targeted recovery message. Please give this branch its own result code.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/payload/fragment.ts` around lines 114 - 120, The branch that handles
codec === "lz" should return a distinct error code instead of "invalid-format"
so legacy lz fragments are distinguishable; update the return value in the codec
=== "lz" branch in src/lib/payload/fragment.ts to use a new, specific code
(e.g., "legacy-codec" or "unsupported-legacy-fragment") while keeping a clear
message, and update any tests or callers that rely on the old "invalid-format"
code to expect the new code.