Merged
Conversation
Adds a descriptive aria-label ("Close cheatsheet") to the icon-only
close button in the CheatsheetModal component to improve screen reader
accessibility.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
Added HTML escaping to dynamically injected strings in public/umap.html to prevent Cross-Site Scripting (XSS) when rendering model metadata in the legend and tooltip. Severity: HIGH Vulnerability: Unescaped string interpolation into innerHTML. Impact: Attackers could inject arbitrary JavaScript if a malicious model name or tags were processed. Fix: Created and applied escapeHTML function to all variables rendered into innerHTML. Verification: Ran npm run build:quick, npm run lint, verified UMAP page renders correctly. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
Refactored `WorkerPool.ts` to use a `Map` for O(1) pending task lookups and a dedicated `taskQueue` for FIFO task distribution, replacing the O(N) linear array searches. Modified `processQueue` to iteratively assign tasks to all available idle workers in a single call, significantly improving parallel throughput and workload distribution. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
…299306080536005416 🎨 Palette: Add aria-label to Cheatsheet Modal close button
…6444506796 🛡️ Sentinel: [HIGH] Fix XSS vulnerability in UMAP visualization
…9304264101392653039 ⚡ Bolt: WorkerPool task distribution optimization
- Imported `useId` from React in `ShareButton.tsx` - Generated unique IDs for modal inputs (`Model Name`, `Shareable Link`, `Embed Code`) - Associated existing text labels with inputs using `htmlFor` and `id` attributes to improve screen reader compatibility - Added `aria-hidden="true"` to the decorative SVG inside the Share button Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
Avoid memory allocations during hot loop iterations in useRobustness. Moved loop invariant calculation `variationPercent / 100` out of the loop and replaced `Object.entries(params).forEach` with an allocation-free `for...in` loop. These allocations triggered garbage collection frequently and reduced execution speed during the repeated calls inside the inner iterations of useRobustness. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
…val in bnglWriter * Replace `new Function` with `SafeExpressionEvaluator.compile` in `checkMassAction` to prevent potential RCE/XSS when loading maliciously crafted SBML models. * Retain original graceful fallback behavior for malformed expressions. * Add entry to `.jules/sentinel.md` documenting the learning. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
…6726372455141107771
…4655105883767429551 🛡️ Sentinel: [CRITICAL] Fix arbitrary JS execution via new Function eval in bnglWriter
…30956176186460 🎨 Palette: Add explicit label associations to Share modal inputs
The .jules/ directory is already in .gitignore and should not be tracked. Removing the .Jules/palette.md file that was accidentally committed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🎨 Palette: Add aria-label to icon-only clear search button Added an explicitly descriptive `aria-label` attribute to the "Clear search" icon-only button within `SemanticSearchInput.tsx` to enhance accessibility for screen readers. Added a journal entry to document the learning. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * Remove accidental .Jules artifact from PR --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…"_blank" links (#67) Added `rel="noopener noreferrer"` to all anchor tags that open in a new tab (`target="_blank"`) across various components to prevent reverse tabnabbing attacks. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Added a comprehensive test suite for buildStateTransitionDiagram in src/lib/atomizer/rulifier/rulifier.ts, covering successful state changes, ignoring invalid rules (wrong action or mismatched targets), deduplicating unchanged states, correctly falling back to default reaction rates, and selecting the proper initial states. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
#71) Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Added a test suite to cover all logic branches of the `getEquivalence` function, improving test coverage for the atomizer annotation module. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…76) Refactored the fallback logic inside `ParameterEstimation.ts` to pre-calculate the `wobble` sine wave multipliers into a `Float64Array`. Replaced the array `.map()` allocation inside the nested observables loop with a pre-sized array and a fast standard `for` loop. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…80) Wrapped sequentially blocking WebGPU `mapAsync` buffer mapping calls in `Promise.all` inside `readSSAResults` to enable concurrent reads and prevent unnecessary sequential GPU round-trips. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Refactors `generateRHSShader` by replacing template literals with standard string concatenation inside tight loops, reducing GC overhead. Resolves a massive O(N_species * N_reactions) inefficiency during derivative expression building by inverting the loops and accumulating directly into an array per species in a single O(N_reactions) pass. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Removed a redundant Math.max() check since the values are already strictly positive, and condensed three separate .map() iterations into a single O(N) for loop to avoid intermediate array allocations and decrease GC pressure during stochastic variational inference. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
… prevent code injection via `new Function` (#94) Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Adds proper support for the OBSERVABLE sentence type in the bio parser to ensure observable definitions are correctly categorized rather than being parsed as generic comments. This includes extracting the sentence patterns and optional names, typing them correctly in `ObservableSentence`, and successfully generating corresponding `begin observables` BNGL logic within the generator. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Added a unit test file for `extractUniProtIds` function in `src/lib/atomizer/parser/sbmlParser.ts`. Coverage includes happy paths, edge cases (no matches, multiple matches, random strings), case-insensitivity on the prefix, and both `/` and `:` separators as supported by the regex. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…104) - Added `SafeExpressionEvaluator.isSafe` validation before `new Function` compilation in `SparseJacobian.ts` to prevent malicious code execution via injected JS in math expressions. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
- Implements `gtools_freemem()` in `gtools.c` for explicit deallocation of internally managed WASM strings. - Moves static variables `s` and `s_sz` inside `getline` and `getecline` out to file-scope variables (`getline_s` and `getecline_s`) to enable global memory freeing. - Resolves the missing `#if MAXN` check inside the `graphsize` utility to fail securely on improperly large graph strings. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🔒 Sentinel: Prevent Code Injection in JITCompiler Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * Remove scratch files from JITCompiler security PR --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🧹 Implement JITCompiler for Bifurcation continuation RHS Replaced the `TODO` placeholders and fallback error structures in `BifurcationTab.tsx` with a fully functional Right-Hand Side (RHS) evaluation implementation. - Utilizes `engine.generateExpandedNetwork` to expand the model species. - Compiles the expanded reactions safely *outside* the hot loop using `engine.JITCompiler`. - Employs `.updateParameters()` efficiently within the `rhsFn` evaluations for both continuation tracking and nullcline generation. - Prevents compilation bottlenecks and fully bridges the gap between the UI analysis tools and the mathematical engine. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * 🧹 Implement JITCompiler for Bifurcation continuation RHS Replaced the `TODO` placeholders and fallback error structures in `BifurcationTab.tsx` with a fully functional Right-Hand Side (RHS) evaluation implementation. - Utilizes `engine.generateExpandedNetwork` to expand the model species. - Compiles the expanded reactions safely *outside* the hot loop using `engine.jitCompiler.compileFromRxns`. - Employs `.updateParameters()` efficiently within the `rhsFn` evaluations for both continuation tracking and nullcline generation. - Correctly integrates 2D nullcline state evaluations into full N-dimensional vectors. - Prevents compilation bottlenecks and fully bridges the gap between the UI analysis tools and the mathematical engine. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…in (#115) * Replaced `Object.entries()` inside `applyParameterUpdates` with a `for...in` loop to prevent repeated array allocations during simulation phase boundary checks. * Hoisted the `evaluateObservablesFast` computation out of the 10-pass convergence loop since the state vector `y`/`state` remains invariant during parameter re-evaluation. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* Secure JIT compilation with AST validation Replaced fragile regex-based blocklist in `isJITSafe` with robust AST parsing via `SafeExpressionEvaluator.isSafe()`. Ensure strict secure fallback if the evaluator is unavailable. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> * Secure JIT compilation with AST validation Replaced fragile regex-based blocklist in `isJITSafe` with robust AST parsing via `SafeExpressionEvaluator.isSafe()`. Guaranteed safe fallback to prevent code injection without disabling JIT features unnecessarily. Restored identifier allowlist to ensure semantics translation compatibility. Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com> --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
- Replaced deprecated `PatternMatcher.ts` with `BNGLParser`, `GraphCanonicalizer`, and `GraphMatcher` from `graph/core`. - Updated `BoundedVerifier` and `SymmetryReducedVerifier` to process and pass `SpeciesGraph` objects instead of literal strings and parsed molecule arrays. - Removed the deprecated `PatternMatcher.ts`. - Updated test cases in `verification.spec.ts` to expect accurate graph matches reflecting the new stricter structural checking. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
akutuva21
added a commit
that referenced
this pull request
Apr 13, 2026
* feat(a11y): add aria-label to cheatsheet close button
Adds a descriptive aria-label ("Close cheatsheet") to the icon-only
close button in the CheatsheetModal component to improve screen reader
accessibility.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* 🛡️ Sentinel: [HIGH] Fix XSS vulnerability in UMAP visualization
Added HTML escaping to dynamically injected strings in public/umap.html
to prevent Cross-Site Scripting (XSS) when rendering model metadata
in the legend and tooltip.
Severity: HIGH
Vulnerability: Unescaped string interpolation into innerHTML.
Impact: Attackers could inject arbitrary JavaScript if a malicious model name or tags were processed.
Fix: Created and applied escapeHTML function to all variables rendered into innerHTML.
Verification: Ran npm run build:quick, npm run lint, verified UMAP page renders correctly.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* ⚡ Bolt: WorkerPool task distribution optimization
Refactored `WorkerPool.ts` to use a `Map` for O(1) pending task lookups and a dedicated `taskQueue` for FIFO task distribution, replacing the O(N) linear array searches.
Modified `processQueue` to iteratively assign tasks to all available idle workers in a single call, significantly improving parallel throughput and workload distribution.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* 🎨 Palette: Add explicit label associations to Share modal inputs
- Imported `useId` from React in `ShareButton.tsx`
- Generated unique IDs for modal inputs (`Model Name`, `Shareable Link`, `Embed Code`)
- Associated existing text labels with inputs using `htmlFor` and `id` attributes to improve screen reader compatibility
- Added `aria-hidden="true"` to the decorative SVG inside the Share button
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* ⚡ Bolt: Optimize parameter perturbation loop in useRobustness
Avoid memory allocations during hot loop iterations in useRobustness.
Moved loop invariant calculation `variationPercent / 100` out of the loop
and replaced `Object.entries(params).forEach` with an allocation-free `for...in` loop.
These allocations triggered garbage collection frequently and reduced execution speed
during the repeated calls inside the inner iterations of useRobustness.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* 🛡️ Sentinel: [CRITICAL] Fix arbitrary JS execution via new Function eval in bnglWriter
* Replace `new Function` with `SafeExpressionEvaluator.compile` in `checkMassAction` to prevent potential RCE/XSS when loading maliciously crafted SBML models.
* Retain original graceful fallback behavior for malformed expressions.
* Add entry to `.jules/sentinel.md` documenting the learning.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* Remove .Jules folder from repository
The .jules/ directory is already in .gitignore and should not be tracked.
Removing the .Jules/palette.md file that was accidentally committed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* perf: replace Object.keys with for-in loop in ComparisonPanel (#63)
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🎨 Palette: Added ARIA labels and roles to Tabs component (#65)
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🎨 Palette: [UX improvement] Add aria-label to clear search button (#66)
* 🎨 Palette: Add aria-label to icon-only clear search button
Added an explicitly descriptive `aria-label` attribute to the "Clear search" icon-only button within `SemanticSearchInput.tsx` to enhance accessibility for screen readers. Added a journal entry to document the learning.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* Remove accidental .Jules artifact from PR
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🛡️ Sentinel: [MEDIUM] Fix reverse tabnabbing vulnerability in target="_blank" links (#67)
Added `rel="noopener noreferrer"` to all anchor tags that open in a new tab (`target="_blank"`) across various components to prevent reverse tabnabbing attacks.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* test: add unit tests for buildStateTransitionDiagram (#68)
Added a comprehensive test suite for buildStateTransitionDiagram in src/lib/atomizer/rulifier/rulifier.ts, covering successful state changes, ignoring invalid rules (wrong action or mismatched targets), deduplicating unchanged states, correctly falling back to default reaction rates, and selecting the proper initial states.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* perf: optimize extractObservable lookup with binary search and caching (#71)
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* test: add unit tests for groupByReactionCenter in rulifier (#72)
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🧪 Add unit tests for getEquivalence in annotationParser.ts (#73)
Added a test suite to cover all logic branches of the `getEquivalence` function, improving test coverage for the atomizer annotation module.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🔒 Security: Fix Code Injection vulnerability in transformers loader (#74)
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* Refactor NeuralODESurrogate evaluate to optimize nested loops (#75)
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* ⚡ Bolt: Optimize `simulateWithParams` memory allocation and trig ops (#76)
Refactored the fallback logic inside `ParameterEstimation.ts` to pre-calculate the `wobble` sine wave multipliers into a `Float64Array`. Replaced the array `.map()` allocation inside the nested observables loop with a pre-sized array and a fast standard `for` loop.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🧪 Add tests for getAllAnnotations in annotationParser.ts (#77)
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* ⚡ Bolt: [performance improvement] Pipeline WebGPU mapAsync readbacks (#80)
Wrapped sequentially blocking WebGPU `mapAsync` buffer mapping calls in `Promise.all` inside `readSSAResults` to enable concurrent reads and prevent unnecessary sequential GPU round-trips.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* Fix Code Injection vulnerability in benchmark runner (#82)
Removed `new Function` eval usage in `run_benchmark_cli.ts` by replacing
it with the `SafeExpressionEvaluator` from `@bngplayground/engine`.
Refactored `simulateModel` to safely pre-compile reaction rate expressions
once before the main integration loop and pass parameters/observables as context,
which entirely mitigates arbitrary code execution vectors while yielding a
performance optimization.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* test: add unit tests for extractGOTerms in sbmlParser.ts (#83)
Added a comprehensive test suite for `extractGOTerms` to verify its extraction behavior against various resource URI formats, ensuring coverage for happy paths, edge cases, and invalid inputs.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🔒 Fix Command Injection in Generate Reference GDATs script (#86)
Replaced the vulnerable `execSync` call with `execFileSync` in `src/generate_reference_gdats.ts` to prevent command injection via shell execution. Argument passing is now explicit and safe.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* Optimize RHS shader string generation in WebGPUODESolver (#90)
Refactors `generateRHSShader` by replacing template literals with standard string concatenation inside tight loops, reducing GC overhead. Resolves a massive O(N_species * N_reactions) inefficiency during derivative expression building by inverting the loops and accumulating directly into an array per species in a single O(N_reactions) pass.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* ⚡ Bolt: optimize ParameterEstimation variational inference loop (#92)
Removed a redundant Math.max() check since the values are already strictly positive, and condensed three separate .map() iterations into a single O(N) for loop to avoid intermediate array allocations and decrease GC pressure during stochastic variational inference.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🔒 fix(simulation): strictly sanitize JIT Jacobian string variables to prevent code injection via `new Function` (#94)
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* ⚡ Bolt: [Batched parameter sweeps for NeuralODESurrogate] (#97)
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🧹 add OBSERVABLE type support to bio parser (#102)
Adds proper support for the OBSERVABLE sentence type in the bio parser to ensure observable definitions are correctly categorized rather than being parsed as generic comments. This includes extracting the sentence patterns and optional names, typing them correctly in `ObservableSentence`, and successfully generating corresponding `begin observables` BNGL logic within the generator.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🧪 Add tests for extractUniProtIds in sbmlParser.ts (#103)
Added a unit test file for `extractUniProtIds` function in `src/lib/atomizer/parser/sbmlParser.ts`.
Coverage includes happy paths, edge cases (no matches, multiple matches, random strings), case-insensitivity on the prefix, and both `/` and `:` separators as supported by the regex.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🔒 Sentinel: Prevent code injection in SparseJacobian JIT compilation (#104)
- Added `SafeExpressionEvaluator.isSafe` validation before `new Function` compilation in `SparseJacobian.ts` to prevent malicious code execution via injected JS in math expressions.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* Fix nauty WASM memory management and size limits (#106)
- Implements `gtools_freemem()` in `gtools.c` for explicit deallocation of internally managed WASM strings.
- Moves static variables `s` and `s_sz` inside `getline` and `getecline` out to file-scope variables (`getline_s` and `getecline_s`) to enable global memory freeing.
- Resolves the missing `#if MAXN` check inside the `graphsize` utility to fail securely on improperly large graph strings.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🔒 Sentinel: Prevent Code Injection in JITCompiler (#107)
* 🔒 Sentinel: Prevent Code Injection in JITCompiler
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* Remove scratch files from JITCompiler security PR
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🧹 Implement JITCompiler for Bifurcation continuation RHS (#111)
* 🧹 Implement JITCompiler for Bifurcation continuation RHS
Replaced the `TODO` placeholders and fallback error structures in `BifurcationTab.tsx` with a fully functional Right-Hand Side (RHS) evaluation implementation.
- Utilizes `engine.generateExpandedNetwork` to expand the model species.
- Compiles the expanded reactions safely *outside* the hot loop using `engine.JITCompiler`.
- Employs `.updateParameters()` efficiently within the `rhsFn` evaluations for both continuation tracking and nullcline generation.
- Prevents compilation bottlenecks and fully bridges the gap between the UI analysis tools and the mathematical engine.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* 🧹 Implement JITCompiler for Bifurcation continuation RHS
Replaced the `TODO` placeholders and fallback error structures in `BifurcationTab.tsx` with a fully functional Right-Hand Side (RHS) evaluation implementation.
- Utilizes `engine.generateExpandedNetwork` to expand the model species.
- Compiles the expanded reactions safely *outside* the hot loop using `engine.jitCompiler.compileFromRxns`.
- Employs `.updateParameters()` efficiently within the `rhsFn` evaluations for both continuation tracking and nullcline generation.
- Correctly integrates 2D nullcline state evaluations into full N-dimensional vectors.
- Prevents compilation bottlenecks and fully bridges the gap between the UI analysis tools and the mathematical engine.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* ⚡ Bolt: [performance improvement] Hoist invariant eval and use for...in (#115)
* Replaced `Object.entries()` inside `applyParameterUpdates` with a `for...in` loop to prevent repeated array allocations during simulation phase boundary checks.
* Hoisted the `evaluateObservablesFast` computation out of the 10-pass convergence loop since the state vector `y`/`state` remains invariant during parameter re-evaluation.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🔒 Sentinel: Prevent code injection in JIT expression compiler (#116)
* Secure JIT compilation with AST validation
Replaced fragile regex-based blocklist in `isJITSafe` with robust AST parsing via `SafeExpressionEvaluator.isSafe()`. Ensure strict secure fallback if the evaluator is unavailable.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* Secure JIT compilation with AST validation
Replaced fragile regex-based blocklist in `isJITSafe` with robust AST parsing via `SafeExpressionEvaluator.isSafe()`. Guaranteed safe fallback to prevent code injection without disabling JIT features unnecessarily. Restored identifier allowlist to ensure semantics translation compatibility.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* Refactor BoundedVerifier to use graph core services (#117)
- Replaced deprecated `PatternMatcher.ts` with `BNGLParser`, `GraphCanonicalizer`, and `GraphMatcher` from `graph/core`.
- Updated `BoundedVerifier` and `SymmetryReducedVerifier` to process and pass `SpeciesGraph` objects instead of literal strings and parsed molecule arrays.
- Removed the deprecated `PatternMatcher.ts`.
- Updated test cases in `verification.spec.ts` to expect accurate graph matches reflecting the new stricter structural checking.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* Rebase PR #110 onto current main (#110)
* Rebase PR #91 onto current main (#91)
* Rebase PR #99 onto current main (#99)
* Rebase PR #105 onto current main (#105)
* Rebase PR #78 onto current main (#78)
* Rebase PR #89 onto current main (#89)
* Rebase PR #79 onto current main (#79)
* Rebase PR #84 onto current main (#84)
* Rebase PR #109 onto current main (#109)
* Rebase PR #87 onto current main (#87)
* Rebase PR #96 onto current main (#96)
* Rebase PR #112 onto current main (#112)
* Fix zero-valued annotation qualifier handling
* Remove benchmark.js and benchmark.ts files
* perf(ssa): Optimize CPU SSA propensity calculation by removing Map overhead (#118)
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🎨 Palette: Add aria-expanded to collapsible UI panels (#119)
* 🎨 Palette: Add aria-expanded to collapsible UI panels
💡 What: Added `aria-expanded` attributes to the "Configure simulation options" and "Custom Expressions" buttons, and `aria-haspopup="dialog"` to the configuration button.
🎯 Why: These buttons toggle the visibility of complex panels. Screen readers need to know if the panel is currently expanded or collapsed.
♿ Accessibility: Improved screen reader announcements for state changes in `SimulationControls` and `ExpressionInputPanel`.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* Delete .jules/palette.md
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🛡️ Sentinel: [CRITICAL] Fix Code Injection in JIT Compiler (#122)
* 🛡️ Sentinel: [CRITICAL] Fix Code Injection in JIT Compiler
Replaced custom validateSafeExpression method in JIT compilation with secure AST walker, SafeExpressionEvaluator.isSafe.
Added strict regex validations to restrict dynamic object destructuring inside 'new Function()' payloads to prevent code injection.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* Fix Math-prefixed JIT rate validation
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction (#120)
* 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction
Adds Escape key support to close dropdowns and properly injects aria-expanded and aria-haspopup attributes into the trigger element using React.cloneElement.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* Delete .Jules/palette.md
* 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction
Fixes stale closure and wasteful render issue in handleEsc by using a functional updater.
Replaces double any casts with a clean type guard using React.isValidElement<{ onClick?: React.MouseEventHandler }>.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* 🎨 Palette: [UX] Improve Dropdown accessibility and keyboard interaction
Fixes stale closure and wasteful render issue in handleEsc by using a functional updater.
Replaces double any casts with a clean type guard using React.isValidElement<{ onClick?: React.MouseEventHandler, ... }>.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* Delete .Jules/palette.md
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* ⚡ Bolt: Optimize TimeSeriesChart rendering with React.memo (#121)
* ⚡ Bolt: Optimize TimeSeriesChart re-renders
Wrap `TimeSeriesChart` with `React.memo` to prevent expensive re-renders in the React tree when its parent container updates but the referentially stable charting data and props have not changed.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* ⚡ Bolt: stabilize React.memo props for TimeSeriesChart
Update `ResultsChart.tsx` to wrap `handleToggleSeries` and `handleLegendHighlight` in `useCallback`. This guarantees referential stability for props passed to `TimeSeriesChart`, enabling `React.memo` to effectively bypass re-renders when data points are unchanged.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
* ⚡ Bolt: stabilize React.memo props for TimeSeriesChart
Update `ResultsChart.tsx` to wrap `handleToggleSeries` and `handleLegendHighlight` in `useCallback`. This guarantees referential stability for props passed to `TimeSeriesChart`, enabling `React.memo` to effectively bypass re-renders when data points are unchanged.
Co-authored-by: akutuva21 <44119804+akutuva21@users.noreply.github.com>
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* Improve JIT validation diagnostics and dropdown escape handling
* Resolve Dropdown merge by unifying Escape handling
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.