🧪 Jules Engineering Updates: Security, Performance & Code Quality Improvements #25
+288
−127
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Removed several public methods from JulesMCPServer that were explicitly marked "for testing". These methods were thin wrappers around tool handlers. Refactored lightweight-responses spec test to call the tool handler directly. Methods removed: - handleSessionState - handleGetBashOutputs - handleSelect - handleReviewChanges - handleShowDiff - _listTools
…#2) This commit introduces a `sanitizeUrl` utility to strip query parameters and fragments from URLs before they are included in error messages or stored in error objects. This prevents accidental exposure of sensitive information such as API keys or tokens in logs. Files modified: - packages/core/src/utils.ts: added sanitizeUrl utility - packages/core/src/errors.ts: updated error classes to use sanitizeUrl - packages/core/src/api.ts: updated ApiClient to use sanitizeUrl in custom error messages - packages/core/tests/security_url.test.ts: added tests for URL sanitization in errors
- Added unit tests for `getSchema`, `getAllSchemas`, `generateTypeDefinition`, and `generateMarkdownDocs` in `packages/core/src/query/schema.ts`. - Implemented schema integrity checks for `SESSION_SCHEMA`, `ACTIVITY_SCHEMA`, `FILTER_OP_SCHEMA`, and `PROJECTION_SCHEMA`. - Verified test coverage and confirmed tests catch regressions by temporarily modifying the code.
Refactor `loadConfig`, `saveConfig`, and `resolveApiKey` to be asynchronous, using `fs.promises` instead of synchronous `fs` methods. This prevents blocking the Node.js event loop during I/O operations, which is a performance anti-pattern. All call sites and tests have been updated to support the new asynchronous API.
TheRealAshik
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Recent Engineering Improvements
🔒 Security Fixes
Sensitive Data Exposure in Error Logs - Fixed a vulnerability where URLs containing API keys/tokens in query parameters were exposed in error messages. Added
sanitizeUrlutility to remove query strings and fragments from URLs in all error classes.🧹 Code Health & Maintenance
Removed Test-Only Methods from Production Code - Cleaned up
JulesMCPServerclass by removing test helper methods (handleSessionState,handleGetBashOutputs, etc.) that were polluting production code, improving maintainability.⚡ Performance Optimization
Async Configuration I/O - Replaced synchronous
fsmethods with asynchronousfs.promisesoperations for configuration loading/saving, preventing event loop blocking and improving overall system responsiveness.✅ Testing Improvements
Schema Introspection Unit Tests - Added comprehensive tests for JQL schema definition and documentation generation logic, covering schema retrieval, TypeScript interface generation, and Markdown documentation integrity.
Key Themes: Security hardening, codebase cleanup, performance optimization, and test coverage expansion. All changes maintain backward compatibility while improving reliability and maintainability.