Skip to content

chore(deps-dev): bump get-tsconfig from 4.13.6 to 4.13.7#63

Merged
akutuva21 merged 1 commit intomainfrom
dependabot/npm_and_yarn/get-tsconfig-4.13.7
Apr 7, 2026
Merged

chore(deps-dev): bump get-tsconfig from 4.13.6 to 4.13.7#63
akutuva21 merged 1 commit intomainfrom
dependabot/npm_and_yarn/get-tsconfig-4.13.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 6, 2026

Bumps get-tsconfig from 4.13.6 to 4.13.7.

Release notes

Sourced from get-tsconfig's releases.

v4.13.7

4.13.7 (2026-03-22)

Bug Fixes

  • parse-tsconfig: preserve files when include is also present (#128) (b09052c)
Commits
  • b09052c fix(parse-tsconfig): preserve files when include is also present (#128)
  • e64637d ci: add beta branch and simplify release trigger
  • 07b4bd4 test(extends): add regression test for include path normalization (#74)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump get-tsconfig from 4.13.6 to 4.13.7
a09f14c 
Bumps [get-tsconfig](https://github.com/privatenumber/get-tsconfig) from 4.13.6 to 4.13.7.
- [Release notes](https://github.com/privatenumber/get-tsconfig/releases)
- [Commits](privatenumber/get-tsconfig@v4.13.6...v4.13.7)

---
updated-dependencies:
- dependency-name: get-tsconfig
  dependency-version: 4.13.7
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 6, 2026
@akutuva21 akutuva21 merged commit 6d63cd7 into main Apr 7, 2026
5 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/get-tsconfig-4.13.7 branch April 7, 2026 21:04
akutuva21 added a commit that referenced this pull request Apr 9, 2026
@akutuva21 @google-labs-jules @claude
Sync julesplayground changes from akutuva21 fork (#64)
a9eb6b8 
* feat(a11y): add aria-label to cheatsheet close button

Adds a descriptive aria-label ("Close cheatsheet") to the icon-only
close button in the CheatsheetModal component to improve screen reader
accessibility.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🛡️ Sentinel: [HIGH] Fix XSS vulnerability in UMAP visualization

Added HTML escaping to dynamically injected strings in public/umap.html
to prevent Cross-Site Scripting (XSS) when rendering model metadata
in the legend and tooltip.

Severity: HIGH
Vulnerability: Unescaped string interpolation into innerHTML.
Impact: Attackers could inject arbitrary JavaScript if a malicious model name or tags were processed.
Fix: Created and applied escapeHTML function to all variables rendered into innerHTML.
Verification: Ran npm run build:quick, npm run lint, verified UMAP page renders correctly.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* ⚡ Bolt: WorkerPool task distribution optimization

Refactored `WorkerPool.ts` to use a `Map` for O(1) pending task lookups and a dedicated `taskQueue` for FIFO task distribution, replacing the O(N) linear array searches.

Modified `processQueue` to iteratively assign tasks to all available idle workers in a single call, significantly improving parallel throughput and workload distribution.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🎨 Palette: Add explicit label associations to Share modal inputs

- Imported `useId` from React in `ShareButton.tsx`
- Generated unique IDs for modal inputs (`Model Name`, `Shareable Link`, `Embed Code`)
- Associated existing text labels with inputs using `htmlFor` and `id` attributes to improve screen reader compatibility
- Added `aria-hidden="true"` to the decorative SVG inside the Share button

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* ⚡ Bolt: Optimize parameter perturbation loop in useRobustness

Avoid memory allocations during hot loop iterations in useRobustness.
Moved loop invariant calculation `variationPercent / 100` out of the loop
and replaced `Object.entries(params).forEach` with an allocation-free `for...in` loop.
These allocations triggered garbage collection frequently and reduced execution speed
during the repeated calls inside the inner iterations of useRobustness.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🛡️ Sentinel: [CRITICAL] Fix arbitrary JS execution via new Function eval in bnglWriter

* Replace `new Function` with `SafeExpressionEvaluator.compile` in `checkMassAction` to prevent potential RCE/XSS when loading maliciously crafted SBML models.
* Retain original graceful fallback behavior for malformed expressions.
* Add entry to `.jules/sentinel.md` documenting the learning.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Remove .Jules folder from repository

The .jules/ directory is already in .gitignore and should not be tracked.
Removing the .Jules/palette.md file that was accidentally committed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* perf: replace Object.keys with for-in loop in ComparisonPanel (#63)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🎨 Palette: Added ARIA labels and roles to Tabs component (#65)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🎨 Palette: [UX improvement] Add aria-label to clear search button (#66)

* 🎨 Palette: Add aria-label to icon-only clear search button

Added an explicitly descriptive `aria-label` attribute to the "Clear search" icon-only button within `SemanticSearchInput.tsx` to enhance accessibility for screen readers. Added a journal entry to document the learning.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Remove accidental .Jules artifact from PR

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🛡️ Sentinel: [MEDIUM] Fix reverse tabnabbing vulnerability in target="_blank" links (#67)

Added `rel="noopener noreferrer"` to all anchor tags that open in a new tab (`target="_blank"`) across various components to prevent reverse tabnabbing attacks.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* test: add unit tests for buildStateTransitionDiagram (#68)

Added a comprehensive test suite for buildStateTransitionDiagram in src/lib/atomizer/rulifier/rulifier.ts, covering successful state changes, ignoring invalid rules (wrong action or mismatched targets), deduplicating unchanged states, correctly falling back to default reaction rates, and selecting the proper initial states.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* perf: optimize extractObservable lookup with binary search and caching (#71)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* test: add unit tests for groupByReactionCenter in rulifier (#72)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧪 Add unit tests for getEquivalence in annotationParser.ts (#73)

Added a test suite to cover all logic branches of the `getEquivalence` function, improving test coverage for the atomizer annotation module.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Security: Fix Code Injection vulnerability in transformers loader (#74)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Refactor NeuralODESurrogate evaluate to optimize nested loops (#75)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: Optimize `simulateWithParams` memory allocation and trig ops (#76)

Refactored the fallback logic inside `ParameterEstimation.ts` to pre-calculate the `wobble` sine wave multipliers into a `Float64Array`. Replaced the array `.map()` allocation inside the nested observables loop with a pre-sized array and a fast standard `for` loop.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧪 Add tests for getAllAnnotations in annotationParser.ts (#77)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: [performance improvement] Pipeline WebGPU mapAsync readbacks (#80)

Wrapped sequentially blocking WebGPU `mapAsync` buffer mapping calls in `Promise.all` inside `readSSAResults` to enable concurrent reads and prevent unnecessary sequential GPU round-trips.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Fix Code Injection vulnerability in benchmark runner (#82)

Removed `new Function` eval usage in `run_benchmark_cli.ts` by replacing
it with the `SafeExpressionEvaluator` from `@bngplayground/engine`.

Refactored `simulateModel` to safely pre-compile reaction rate expressions
once before the main integration loop and pass parameters/observables as context,
which entirely mitigates arbitrary code execution vectors while yielding a
performance optimization.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* test: add unit tests for extractGOTerms in sbmlParser.ts (#83)

Added a comprehensive test suite for `extractGOTerms` to verify its extraction behavior against various resource URI formats, ensuring coverage for happy paths, edge cases, and invalid inputs.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Fix Command Injection in Generate Reference GDATs script (#86)

Replaced the vulnerable `execSync` call with `execFileSync` in `src/generate_reference_gdats.ts` to prevent command injection via shell execution. Argument passing is now explicit and safe.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Optimize RHS shader string generation in WebGPUODESolver (#90)

Refactors `generateRHSShader` by replacing template literals with standard string concatenation inside tight loops, reducing GC overhead. Resolves a massive O(N_species * N_reactions) inefficiency during derivative expression building by inverting the loops and accumulating directly into an array per species in a single O(N_reactions) pass.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: optimize ParameterEstimation variational inference loop (#92)

Removed a redundant Math.max() check since the values are already strictly positive, and condensed three separate .map() iterations into a single O(N) for loop to avoid intermediate array allocations and decrease GC pressure during stochastic variational inference.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 fix(simulation): strictly sanitize JIT Jacobian string variables to prevent code injection via `new Function` (#94)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: [Batched parameter sweeps for NeuralODESurrogate] (#97)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧹 add OBSERVABLE type support to bio parser (#102)

Adds proper support for the OBSERVABLE sentence type in the bio parser to ensure observable definitions are correctly categorized rather than being parsed as generic comments. This includes extracting the sentence patterns and optional names, typing them correctly in `ObservableSentence`, and successfully generating corresponding `begin observables` BNGL logic within the generator.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧪 Add tests for extractUniProtIds in sbmlParser.ts (#103)

Added a unit test file for `extractUniProtIds` function in `src/lib/atomizer/parser/sbmlParser.ts`.
Coverage includes happy paths, edge cases (no matches, multiple matches, random strings), case-insensitivity on the prefix, and both `/` and `:` separators as supported by the regex.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Sentinel: Prevent code injection in SparseJacobian JIT compilation (#104)

- Added `SafeExpressionEvaluator.isSafe` validation before `new Function` compilation in `SparseJacobian.ts` to prevent malicious code execution via injected JS in math expressions.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Fix nauty WASM memory management and size limits (#106)

- Implements `gtools_freemem()` in `gtools.c` for explicit deallocation of internally managed WASM strings.
- Moves static variables `s` and `s_sz` inside `getline` and `getecline` out to file-scope variables (`getline_s` and `getecline_s`) to enable global memory freeing.
- Resolves the missing `#if MAXN` check inside the `graphsize` utility to fail securely on improperly large graph strings.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Sentinel: Prevent Code Injection in JITCompiler (#107)

* 🔒 Sentinel: Prevent Code Injection in JITCompiler

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Remove scratch files from JITCompiler security PR

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧹 Implement JITCompiler for Bifurcation continuation RHS (#111)

* 🧹 Implement JITCompiler for Bifurcation continuation RHS

Replaced the `TODO` placeholders and fallback error structures in `BifurcationTab.tsx` with a fully functional Right-Hand Side (RHS) evaluation implementation.
- Utilizes `engine.generateExpandedNetwork` to expand the model species.
- Compiles the expanded reactions safely *outside* the hot loop using `engine.JITCompiler`.
- Employs `.updateParameters()` efficiently within the `rhsFn` evaluations for both continuation tracking and nullcline generation.
- Prevents compilation bottlenecks and fully bridges the gap between the UI analysis tools and the mathematical engine.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🧹 Implement JITCompiler for Bifurcation continuation RHS

Replaced the `TODO` placeholders and fallback error structures in `BifurcationTab.tsx` with a fully functional Right-Hand Side (RHS) evaluation implementation.
- Utilizes `engine.generateExpandedNetwork` to expand the model species.
- Compiles the expanded reactions safely *outside* the hot loop using `engine.jitCompiler.compileFromRxns`.
- Employs `.updateParameters()` efficiently within the `rhsFn` evaluations for both continuation tracking and nullcline generation.
- Correctly integrates 2D nullcline state evaluations into full N-dimensional vectors.
- Prevents compilation bottlenecks and fully bridges the gap between the UI analysis tools and the mathematical engine.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: [performance improvement] Hoist invariant eval and use for...in (#115)

* Replaced `Object.entries()` inside `applyParameterUpdates` with a `for...in` loop to prevent repeated array allocations during simulation phase boundary checks.
* Hoisted the `evaluateObservablesFast` computation out of the 10-pass convergence loop since the state vector `y`/`state` remains invariant during parameter re-evaluation.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Sentinel: Prevent code injection in JIT expression compiler (#116)

* Secure JIT compilation with AST validation

Replaced fragile regex-based blocklist in `isJITSafe` with robust AST parsing via `SafeExpressionEvaluator.isSafe()`. Ensure strict secure fallback if the evaluator is unavailable.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Secure JIT compilation with AST validation

Replaced fragile regex-based blocklist in `isJITSafe` with robust AST parsing via `SafeExpressionEvaluator.isSafe()`. Guaranteed safe fallback to prevent code injection without disabling JIT features unnecessarily. Restored identifier allowlist to ensure semantics translation compatibility.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Refactor BoundedVerifier to use graph core services (#117)

- Replaced deprecated `PatternMatcher.ts` with `BNGLParser`, `GraphCanonicalizer`, and `GraphMatcher` from `graph/core`.
- Updated `BoundedVerifier` and `SymmetryReducedVerifier` to process and pass `SpeciesGraph` objects instead of literal strings and parsed molecule arrays.
- Removed the deprecated `PatternMatcher.ts`.
- Updated test cases in `verification.spec.ts` to expect accurate graph matches reflecting the new stricter structural checking.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Rebase PR #110 onto current main (#110)

* Rebase PR #91 onto current main (#91)

* Rebase PR #99 onto current main (#99)

* Rebase PR #105 onto current main (#105)

* Rebase PR #78 onto current main (#78)

* Rebase PR #89 onto current main (#89)

* Rebase PR #79 onto current main (#79)

* Rebase PR #84 onto current main (#84)

* Rebase PR #109 onto current main (#109)

* Rebase PR #87 onto current main (#87)

* Rebase PR #96 onto current main (#96)

* Rebase PR #112 onto current main (#112)

* Fix zero-valued annotation qualifier handling

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
akutuva21 added a commit that referenced this pull request Apr 9, 2026
@akutuva21 @google-labs-jules @claude
Removes two files (#65)
a21dfe5 
* feat(a11y): add aria-label to cheatsheet close button

Adds a descriptive aria-label ("Close cheatsheet") to the icon-only
close button in the CheatsheetModal component to improve screen reader
accessibility.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🛡️ Sentinel: [HIGH] Fix XSS vulnerability in UMAP visualization

Added HTML escaping to dynamically injected strings in public/umap.html
to prevent Cross-Site Scripting (XSS) when rendering model metadata
in the legend and tooltip.

Severity: HIGH
Vulnerability: Unescaped string interpolation into innerHTML.
Impact: Attackers could inject arbitrary JavaScript if a malicious model name or tags were processed.
Fix: Created and applied escapeHTML function to all variables rendered into innerHTML.
Verification: Ran npm run build:quick, npm run lint, verified UMAP page renders correctly.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* ⚡ Bolt: WorkerPool task distribution optimization

Refactored `WorkerPool.ts` to use a `Map` for O(1) pending task lookups and a dedicated `taskQueue` for FIFO task distribution, replacing the O(N) linear array searches.

Modified `processQueue` to iteratively assign tasks to all available idle workers in a single call, significantly improving parallel throughput and workload distribution.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🎨 Palette: Add explicit label associations to Share modal inputs

- Imported `useId` from React in `ShareButton.tsx`
- Generated unique IDs for modal inputs (`Model Name`, `Shareable Link`, `Embed Code`)
- Associated existing text labels with inputs using `htmlFor` and `id` attributes to improve screen reader compatibility
- Added `aria-hidden="true"` to the decorative SVG inside the Share button

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* ⚡ Bolt: Optimize parameter perturbation loop in useRobustness

Avoid memory allocations during hot loop iterations in useRobustness.
Moved loop invariant calculation `variationPercent / 100` out of the loop
and replaced `Object.entries(params).forEach` with an allocation-free `for...in` loop.
These allocations triggered garbage collection frequently and reduced execution speed
during the repeated calls inside the inner iterations of useRobustness.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🛡️ Sentinel: [CRITICAL] Fix arbitrary JS execution via new Function eval in bnglWriter

* Replace `new Function` with `SafeExpressionEvaluator.compile` in `checkMassAction` to prevent potential RCE/XSS when loading maliciously crafted SBML models.
* Retain original graceful fallback behavior for malformed expressions.
* Add entry to `.jules/sentinel.md` documenting the learning.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Remove .Jules folder from repository

The .jules/ directory is already in .gitignore and should not be tracked.
Removing the .Jules/palette.md file that was accidentally committed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* perf: replace Object.keys with for-in loop in ComparisonPanel (#63)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🎨 Palette: Added ARIA labels and roles to Tabs component (#65)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🎨 Palette: [UX improvement] Add aria-label to clear search button (#66)

* 🎨 Palette: Add aria-label to icon-only clear search button

Added an explicitly descriptive `aria-label` attribute to the "Clear search" icon-only button within `SemanticSearchInput.tsx` to enhance accessibility for screen readers. Added a journal entry to document the learning.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Remove accidental .Jules artifact from PR

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🛡️ Sentinel: [MEDIUM] Fix reverse tabnabbing vulnerability in target="_blank" links (#67)

Added `rel="noopener noreferrer"` to all anchor tags that open in a new tab (`target="_blank"`) across various components to prevent reverse tabnabbing attacks.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* test: add unit tests for buildStateTransitionDiagram (#68)

Added a comprehensive test suite for buildStateTransitionDiagram in src/lib/atomizer/rulifier/rulifier.ts, covering successful state changes, ignoring invalid rules (wrong action or mismatched targets), deduplicating unchanged states, correctly falling back to default reaction rates, and selecting the proper initial states.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* perf: optimize extractObservable lookup with binary search and caching (#71)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* test: add unit tests for groupByReactionCenter in rulifier (#72)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧪 Add unit tests for getEquivalence in annotationParser.ts (#73)

Added a test suite to cover all logic branches of the `getEquivalence` function, improving test coverage for the atomizer annotation module.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Security: Fix Code Injection vulnerability in transformers loader (#74)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Refactor NeuralODESurrogate evaluate to optimize nested loops (#75)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: Optimize `simulateWithParams` memory allocation and trig ops (#76)

Refactored the fallback logic inside `ParameterEstimation.ts` to pre-calculate the `wobble` sine wave multipliers into a `Float64Array`. Replaced the array `.map()` allocation inside the nested observables loop with a pre-sized array and a fast standard `for` loop.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧪 Add tests for getAllAnnotations in annotationParser.ts (#77)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: [performance improvement] Pipeline WebGPU mapAsync readbacks (#80)

Wrapped sequentially blocking WebGPU `mapAsync` buffer mapping calls in `Promise.all` inside `readSSAResults` to enable concurrent reads and prevent unnecessary sequential GPU round-trips.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Fix Code Injection vulnerability in benchmark runner (#82)

Removed `new Function` eval usage in `run_benchmark_cli.ts` by replacing
it with the `SafeExpressionEvaluator` from `@bngplayground/engine`.

Refactored `simulateModel` to safely pre-compile reaction rate expressions
once before the main integration loop and pass parameters/observables as context,
which entirely mitigates arbitrary code execution vectors while yielding a
performance optimization.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* test: add unit tests for extractGOTerms in sbmlParser.ts (#83)

Added a comprehensive test suite for `extractGOTerms` to verify its extraction behavior against various resource URI formats, ensuring coverage for happy paths, edge cases, and invalid inputs.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Fix Command Injection in Generate Reference GDATs script (#86)

Replaced the vulnerable `execSync` call with `execFileSync` in `src/generate_reference_gdats.ts` to prevent command injection via shell execution. Argument passing is now explicit and safe.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Optimize RHS shader string generation in WebGPUODESolver (#90)

Refactors `generateRHSShader` by replacing template literals with standard string concatenation inside tight loops, reducing GC overhead. Resolves a massive O(N_species * N_reactions) inefficiency during derivative expression building by inverting the loops and accumulating directly into an array per species in a single O(N_reactions) pass.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: optimize ParameterEstimation variational inference loop (#92)

Removed a redundant Math.max() check since the values are already strictly positive, and condensed three separate .map() iterations into a single O(N) for loop to avoid intermediate array allocations and decrease GC pressure during stochastic variational inference.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 fix(simulation): strictly sanitize JIT Jacobian string variables to prevent code injection via `new Function` (#94)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: [Batched parameter sweeps for NeuralODESurrogate] (#97)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧹 add OBSERVABLE type support to bio parser (#102)

Adds proper support for the OBSERVABLE sentence type in the bio parser to ensure observable definitions are correctly categorized rather than being parsed as generic comments. This includes extracting the sentence patterns and optional names, typing them correctly in `ObservableSentence`, and successfully generating corresponding `begin observables` BNGL logic within the generator.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧪 Add tests for extractUniProtIds in sbmlParser.ts (#103)

Added a unit test file for `extractUniProtIds` function in `src/lib/atomizer/parser/sbmlParser.ts`.
Coverage includes happy paths, edge cases (no matches, multiple matches, random strings), case-insensitivity on the prefix, and both `/` and `:` separators as supported by the regex.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Sentinel: Prevent code injection in SparseJacobian JIT compilation (#104)

- Added `SafeExpressionEvaluator.isSafe` validation before `new Function` compilation in `SparseJacobian.ts` to prevent malicious code execution via injected JS in math expressions.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Fix nauty WASM memory management and size limits (#106)

- Implements `gtools_freemem()` in `gtools.c` for explicit deallocation of internally managed WASM strings.
- Moves static variables `s` and `s_sz` inside `getline` and `getecline` out to file-scope variables (`getline_s` and `getecline_s`) to enable global memory freeing.
- Resolves the missing `#if MAXN` check inside the `graphsize` utility to fail securely on improperly large graph strings.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Sentinel: Prevent Code Injection in JITCompiler (#107)

* 🔒 Sentinel: Prevent Code Injection in JITCompiler

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Remove scratch files from JITCompiler security PR

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧹 Implement JITCompiler for Bifurcation continuation RHS (#111)

* 🧹 Implement JITCompiler for Bifurcation continuation RHS

Replaced the `TODO` placeholders and fallback error structures in `BifurcationTab.tsx` with a fully functional Right-Hand Side (RHS) evaluation implementation.
- Utilizes `engine.generateExpandedNetwork` to expand the model species.
- Compiles the expanded reactions safely *outside* the hot loop using `engine.JITCompiler`.
- Employs `.updateParameters()` efficiently within the `rhsFn` evaluations for both continuation tracking and nullcline generation.
- Prevents compilation bottlenecks and fully bridges the gap between the UI analysis tools and the mathematical engine.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🧹 Implement JITCompiler for Bifurcation continuation RHS

Replaced the `TODO` placeholders and fallback error structures in `BifurcationTab.tsx` with a fully functional Right-Hand Side (RHS) evaluation implementation.
- Utilizes `engine.generateExpandedNetwork` to expand the model species.
- Compiles the expanded reactions safely *outside* the hot loop using `engine.jitCompiler.compileFromRxns`.
- Employs `.updateParameters()` efficiently within the `rhsFn` evaluations for both continuation tracking and nullcline generation.
- Correctly integrates 2D nullcline state evaluations into full N-dimensional vectors.
- Prevents compilation bottlenecks and fully bridges the gap between the UI analysis tools and the mathematical engine.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: [performance improvement] Hoist invariant eval and use for...in (#115)

* Replaced `Object.entries()` inside `applyParameterUpdates` with a `for...in` loop to prevent repeated array allocations during simulation phase boundary checks.
* Hoisted the `evaluateObservablesFast` computation out of the 10-pass convergence loop since the state vector `y`/`state` remains invariant during parameter re-evaluation.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Sentinel: Prevent code injection in JIT expression compiler (#116)

* Secure JIT compilation with AST validation

Replaced fragile regex-based blocklist in `isJITSafe` with robust AST parsing via `SafeExpressionEvaluator.isSafe()`. Ensure strict secure fallback if the evaluator is unavailable.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Secure JIT compilation with AST validation

Replaced fragile regex-based blocklist in `isJITSafe` with robust AST parsing via `SafeExpressionEvaluator.isSafe()`. Guaranteed safe fallback to prevent code injection without disabling JIT features unnecessarily. Restored identifier allowlist to ensure semantics translation compatibility.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Refactor BoundedVerifier to use graph core services (#117)

- Replaced deprecated `PatternMatcher.ts` with `BNGLParser`, `GraphCanonicalizer`, and `GraphMatcher` from `graph/core`.
- Updated `BoundedVerifier` and `SymmetryReducedVerifier` to process and pass `SpeciesGraph` objects instead of literal strings and parsed molecule arrays.
- Removed the deprecated `PatternMatcher.ts`.
- Updated test cases in `verification.spec.ts` to expect accurate graph matches reflecting the new stricter structural checking.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Rebase PR #110 onto current main (#110)

* Rebase PR #91 onto current main (#91)

* Rebase PR #99 onto current main (#99)

* Rebase PR #105 onto current main (#105)

* Rebase PR #78 onto current main (#78)

* Rebase PR #89 onto current main (#89)

* Rebase PR #79 onto current main (#79)

* Rebase PR #84 onto current main (#84)

* Rebase PR #109 onto current main (#109)

* Rebase PR #87 onto current main (#87)

* Rebase PR #96 onto current main (#96)

* Rebase PR #112 onto current main (#112)

* Fix zero-valued annotation qualifier handling

* Remove benchmark.js and benchmark.ts files

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
akutuva21 added a commit that referenced this pull request Apr 13, 2026
@akutuva21 @google-labs-jules @claude
Merge Jules fixes (#66)
b16efe3 
* feat(a11y): add aria-label to cheatsheet close button

Adds a descriptive aria-label ("Close cheatsheet") to the icon-only
close button in the CheatsheetModal component to improve screen reader
accessibility.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🛡️ Sentinel: [HIGH] Fix XSS vulnerability in UMAP visualization

Added HTML escaping to dynamically injected strings in public/umap.html
to prevent Cross-Site Scripting (XSS) when rendering model metadata
in the legend and tooltip.

Severity: HIGH
Vulnerability: Unescaped string interpolation into innerHTML.
Impact: Attackers could inject arbitrary JavaScript if a malicious model name or tags were processed.
Fix: Created and applied escapeHTML function to all variables rendered into innerHTML.
Verification: Ran npm run build:quick, npm run lint, verified UMAP page renders correctly.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* ⚡ Bolt: WorkerPool task distribution optimization

Refactored `WorkerPool.ts` to use a `Map` for O(1) pending task lookups and a dedicated `taskQueue` for FIFO task distribution, replacing the O(N) linear array searches.

Modified `processQueue` to iteratively assign tasks to all available idle workers in a single call, significantly improving parallel throughput and workload distribution.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🎨 Palette: Add explicit label associations to Share modal inputs

- Imported `useId` from React in `ShareButton.tsx`
- Generated unique IDs for modal inputs (`Model Name`, `Shareable Link`, `Embed Code`)
- Associated existing text labels with inputs using `htmlFor` and `id` attributes to improve screen reader compatibility
- Added `aria-hidden="true"` to the decorative SVG inside the Share button

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* ⚡ Bolt: Optimize parameter perturbation loop in useRobustness

Avoid memory allocations during hot loop iterations in useRobustness.
Moved loop invariant calculation `variationPercent / 100` out of the loop
and replaced `Object.entries(params).forEach` with an allocation-free `for...in` loop.
These allocations triggered garbage collection frequently and reduced execution speed
during the repeated calls inside the inner iterations of useRobustness.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🛡️ Sentinel: [CRITICAL] Fix arbitrary JS execution via new Function eval in bnglWriter

* Replace `new Function` with `SafeExpressionEvaluator.compile` in `checkMassAction` to prevent potential RCE/XSS when loading maliciously crafted SBML models.
* Retain original graceful fallback behavior for malformed expressions.
* Add entry to `.jules/sentinel.md` documenting the learning.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Remove .Jules folder from repository

The .jules/ directory is already in .gitignore and should not be tracked.
Removing the .Jules/palette.md file that was accidentally committed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* perf: replace Object.keys with for-in loop in ComparisonPanel (#63)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🎨 Palette: Added ARIA labels and roles to Tabs component (#65)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🎨 Palette: [UX improvement] Add aria-label to clear search button (#66)

* 🎨 Palette: Add aria-label to icon-only clear search button

Added an explicitly descriptive `aria-label` attribute to the "Clear search" icon-only button within `SemanticSearchInput.tsx` to enhance accessibility for screen readers. Added a journal entry to document the learning.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Remove accidental .Jules artifact from PR

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🛡️ Sentinel: [MEDIUM] Fix reverse tabnabbing vulnerability in target="_blank" links (#67)

Added `rel="noopener noreferrer"` to all anchor tags that open in a new tab (`target="_blank"`) across various components to prevent reverse tabnabbing attacks.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* test: add unit tests for buildStateTransitionDiagram (#68)

Added a comprehensive test suite for buildStateTransitionDiagram in src/lib/atomizer/rulifier/rulifier.ts, covering successful state changes, ignoring invalid rules (wrong action or mismatched targets), deduplicating unchanged states, correctly falling back to default reaction rates, and selecting the proper initial states.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* perf: optimize extractObservable lookup with binary search and caching (#71)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* test: add unit tests for groupByReactionCenter in rulifier (#72)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧪 Add unit tests for getEquivalence in annotationParser.ts (#73)

Added a test suite to cover all logic branches of the `getEquivalence` function, improving test coverage for the atomizer annotation module.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Security: Fix Code Injection vulnerability in transformers loader (#74)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Refactor NeuralODESurrogate evaluate to optimize nested loops (#75)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: Optimize `simulateWithParams` memory allocation and trig ops (#76)

Refactored the fallback logic inside `ParameterEstimation.ts` to pre-calculate the `wobble` sine wave multipliers into a `Float64Array`. Replaced the array `.map()` allocation inside the nested observables loop with a pre-sized array and a fast standard `for` loop.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧪 Add tests for getAllAnnotations in annotationParser.ts (#77)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: [performance improvement] Pipeline WebGPU mapAsync readbacks (#80)

Wrapped sequentially blocking WebGPU `mapAsync` buffer mapping calls in `Promise.all` inside `readSSAResults` to enable concurrent reads and prevent unnecessary sequential GPU round-trips.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Fix Code Injection vulnerability in benchmark runner (#82)

Removed `new Function` eval usage in `run_benchmark_cli.ts` by replacing
it with the `SafeExpressionEvaluator` from `@bngplayground/engine`.

Refactored `simulateModel` to safely pre-compile reaction rate expressions
once before the main integration loop and pass parameters/observables as context,
which entirely mitigates arbitrary code execution vectors while yielding a
performance optimization.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* test: add unit tests for extractGOTerms in sbmlParser.ts (#83)

Added a comprehensive test suite for `extractGOTerms` to verify its extraction behavior against various resource URI formats, ensuring coverage for happy paths, edge cases, and invalid inputs.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Fix Command Injection in Generate Reference GDATs script (#86)

Replaced the vulnerable `execSync` call with `execFileSync` in `src/generate_reference_gdats.ts` to prevent command injection via shell execution. Argument passing is now explicit and safe.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Optimize RHS shader string generation in WebGPUODESolver (#90)

Refactors `generateRHSShader` by replacing template literals with standard string concatenation inside tight loops, reducing GC overhead. Resolves a massive O(N_species * N_reactions) inefficiency during derivative expression building by inverting the loops and accumulating directly into an array per species in a single O(N_reactions) pass.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: optimize ParameterEstimation variational inference loop (#92)

Removed a redundant Math.max() check since the values are already strictly positive, and condensed three separate .map() iterations into a single O(N) for loop to avoid intermediate array allocations and decrease GC pressure during stochastic variational inference.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 fix(simulation): strictly sanitize JIT Jacobian string variables to prevent code injection via `new Function` (#94)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: [Batched parameter sweeps for NeuralODESurrogate] (#97)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧹 add OBSERVABLE type support to bio parser (#102)

Adds proper support for the OBSERVABLE sentence type in the bio parser to ensure observable definitions are correctly categorized rather than being parsed as generic comments. This includes extracting the sentence patterns and optional names, typing them correctly in `ObservableSentence`, and successfully generating corresponding `begin observables` BNGL logic within the generator.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧪 Add tests for extractUniProtIds in sbmlParser.ts (#103)

Added a unit test file for `extractUniProtIds` function in `src/lib/atomizer/parser/sbmlParser.ts`.
Coverage includes happy paths, edge cases (no matches, multiple matches, random strings), case-insensitivity on the prefix, and both `/` and `:` separators as supported by the regex.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Sentinel: Prevent code injection in SparseJacobian JIT compilation (#104)

- Added `SafeExpressionEvaluator.isSafe` validation before `new Function` compilation in `SparseJacobian.ts` to prevent malicious code execution via injected JS in math expressions.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Fix nauty WASM memory management and size limits (#106)

- Implements `gtools_freemem()` in `gtools.c` for explicit deallocation of internally managed WASM strings.
- Moves static variables `s` and `s_sz` inside `getline` and `getecline` out to file-scope variables (`getline_s` and `getecline_s`) to enable global memory freeing.
- Resolves the missing `#if MAXN` check inside the `graphsize` utility to fail securely on improperly large graph strings.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Sentinel: Prevent Code Injection in JITCompiler (#107)

* 🔒 Sentinel: Prevent Code Injection in JITCompiler

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Remove scratch files from JITCompiler security PR

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🧹 Implement JITCompiler for Bifurcation continuation RHS (#111)

* 🧹 Implement JITCompiler for Bifurcation continuation RHS

Replaced the `TODO` placeholders and fallback error structures in `BifurcationTab.tsx` with a fully functional Right-Hand Side (RHS) evaluation implementation.
- Utilizes `engine.generateExpandedNetwork` to expand the model species.
- Compiles the expanded reactions safely *outside* the hot loop using `engine.JITCompiler`.
- Employs `.updateParameters()` efficiently within the `rhsFn` evaluations for both continuation tracking and nullcline generation.
- Prevents compilation bottlenecks and fully bridges the gap between the UI analysis tools and the mathematical engine.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🧹 Implement JITCompiler for Bifurcation continuation RHS

Replaced the `TODO` placeholders and fallback error structures in `BifurcationTab.tsx` with a fully functional Right-Hand Side (RHS) evaluation implementation.
- Utilizes `engine.generateExpandedNetwork` to expand the model species.
- Compiles the expanded reactions safely *outside* the hot loop using `engine.jitCompiler.compileFromRxns`.
- Employs `.updateParameters()` efficiently within the `rhsFn` evaluations for both continuation tracking and nullcline generation.
- Correctly integrates 2D nullcline state evaluations into full N-dimensional vectors.
- Prevents compilation bottlenecks and fully bridges the gap between the UI analysis tools and the mathematical engine.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: [performance improvement] Hoist invariant eval and use for...in (#115)

* Replaced `Object.entries()` inside `applyParameterUpdates` with a `for...in` loop to prevent repeated array allocations during simulation phase boundary checks.
* Hoisted the `evaluateObservablesFast` computation out of the 10-pass convergence loop since the state vector `y`/`state` remains invariant during parameter re-evaluation.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🔒 Sentinel: Prevent code injection in JIT expression compiler (#116)

* Secure JIT compilation with AST validation

Replaced fragile regex-based blocklist in `isJITSafe` with robust AST parsing via `SafeExpressionEvaluator.isSafe()`. Ensure strict secure fallback if the evaluator is unavailable.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Secure JIT compilation with AST validation

Replaced fragile regex-based blocklist in `isJITSafe` with robust AST parsing via `SafeExpressionEvaluator.isSafe()`. Guaranteed safe fallback to prevent code injection without disabling JIT features unnecessarily. Restored identifier allowlist to ensure semantics translation compatibility.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Refactor BoundedVerifier to use graph core services (#117)

- Replaced deprecated `PatternMatcher.ts` with `BNGLParser`, `GraphCanonicalizer`, and `GraphMatcher` from `graph/core`.
- Updated `BoundedVerifier` and `SymmetryReducedVerifier` to process and pass `SpeciesGraph` objects instead of literal strings and parsed molecule arrays.
- Removed the deprecated `PatternMatcher.ts`.
- Updated test cases in `verification.spec.ts` to expect accurate graph matches reflecting the new stricter structural checking.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Rebase PR #110 onto current main (#110)

* Rebase PR #91 onto current main (#91)

* Rebase PR #99 onto current main (#99)

* Rebase PR #105 onto current main (#105)

* Rebase PR #78 onto current main (#78)

* Rebase PR #89 onto current main (#89)

* Rebase PR #79 onto current main (#79)

* Rebase PR #84 onto current main (#84)

* Rebase PR #109 onto current main (#109)

* Rebase PR #87 onto current main (#87)

* Rebase PR #96 onto current main (#96)

* Rebase PR #112 onto current main (#112)

* Fix zero-valued annotation qualifier handling

* Remove benchmark.js and benchmark.ts files

* perf(ssa): Optimize CPU SSA propensity calculation by removing Map overhead (#118)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🎨 Palette: Add aria-expanded to collapsible UI panels (#119)

* 🎨 Palette: Add aria-expanded to collapsible UI panels

💡 What: Added `aria-expanded` attributes to the "Configure simulation options" and "Custom Expressions" buttons, and `aria-haspopup="dialog"` to the configuration button.
🎯 Why: These buttons toggle the visibility of complex panels. Screen readers need to know if the panel is currently expanded or collapsed.
♿ Accessibility: Improved screen reader announcements for state changes in `SimulationControls` and `ExpressionInputPanel`.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Delete .jules/palette.md

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🛡️ Sentinel: [CRITICAL] Fix Code Injection in JIT Compiler (#122)

* 🛡️ Sentinel: [CRITICAL] Fix Code Injection in JIT Compiler

Replaced custom validateSafeExpression method in JIT compilation with secure AST walker, SafeExpressionEvaluator.isSafe.
Added strict regex validations to restrict dynamic object destructuring inside 'new Function()' payloads to prevent code injection.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Fix Math-prefixed JIT rate validation

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction (#120)

* 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction

Adds Escape key support to close dropdowns and properly injects aria-expanded and aria-haspopup attributes into the trigger element using React.cloneElement.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Delete .Jules/palette.md

* 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction

Fixes stale closure and wasteful render issue in handleEsc by using a functional updater.
Replaces double any casts with a clean type guard using React.isValidElement<{ onClick?: React.MouseEventHandler }>.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction

Fixes stale closure and wasteful render issue in handleEsc by using a functional updater.
Replaces double any casts with a clean type guard using React.isValidElement<{ onClick?: React.MouseEventHandler, ... }>.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* Delete .Jules/palette.md

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* ⚡ Bolt: Optimize TimeSeriesChart rendering with React.memo (#121)

* ⚡ Bolt: Optimize TimeSeriesChart re-renders

Wrap `TimeSeriesChart` with `React.memo` to prevent expensive re-renders in the React tree when its parent container updates but the referentially stable charting data and props have not changed.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* ⚡ Bolt: stabilize React.memo props for TimeSeriesChart

Update `ResultsChart.tsx` to wrap `handleToggleSeries` and `handleLegendHighlight` in `useCallback`. This guarantees referential stability for props passed to `TimeSeriesChart`, enabling `React.memo` to effectively bypass re-renders when data points are unchanged.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

* ⚡ Bolt: stabilize React.memo props for TimeSeriesChart

Update `ResultsChart.tsx` to wrap `handleToggleSeries` and `handleLegendHighlight` in `useCallback`. This guarantees referential stability for props passed to `TimeSeriesChart`, enabling `React.memo` to effectively bypass re-renders when data points are unchanged.

Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

* Improve JIT validation diagnostics and dropdown escape handling

* Resolve Dropdown merge by unifying Escape handling

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@akutuva21