Skip to content

fix(manage): add wasm-unsafe-eval to CSP for Monaco WebAssembly#2915

Merged
amikofalvy merged 2 commits intomainfrom
fix/csp-wasm-unsafe-eval
Mar 30, 2026
Merged

fix(manage): add wasm-unsafe-eval to CSP for Monaco WebAssembly#2915
amikofalvy merged 2 commits intomainfrom
fix/csp-wasm-unsafe-eval

Conversation

@amikofalvy
Copy link
Copy Markdown
Collaborator

@amikofalvy amikofalvy commented Mar 30, 2026

Summary

  • Adds 'wasm-unsafe-eval' to the script-src CSP directive in proxy.ts
  • Monaco Editor (via @shikijs/monaco) uses WebAssembly for syntax highlighting, which is blocked in production by the current CSP — causing CompileError on every page that loads the editor
  • 'wasm-unsafe-eval' is strictly narrower than 'unsafe-eval' — it permits only WebAssembly.compile()/instantiate() without enabling JavaScript eval()

Context

Sentry issue: PILOT-INKEEP-COM-21 — 19 occurrences, 4 users impacted, escalating. Affects the conversations trace page and any route that lazy-loads Monaco.

Test plan

  • Deploy to preview and verify Monaco loads without CSP errors on a conversation trace page
  • Confirm no CompileError in browser console
  • Verify CSP response header includes wasm-unsafe-eval in script-src

Made with Cursor

@amikofalvy
fix(manage): add wasm-unsafe-eval to CSP for Monaco WebAssembly
1ead5ef 
Monaco Editor (via @shikijs/monaco) uses WebAssembly for syntax
highlighting, which is blocked in production by the current CSP.
Adding the targeted `wasm-unsafe-eval` directive permits WASM
compilation without opening the door to JavaScript eval().

Fixes PILOT-INKEEP-COM-21

Made-with: Cursor
@amikofalvy amikofalvy requested a review from dimaMachina March 30, 2026 21:13
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Mar 30, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 87e5423

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 10 packages
Name Type
@inkeep/agents-manage-ui Patch
@inkeep/agents-api Patch
@inkeep/agents-cli Patch
@inkeep/agents-core Patch
@inkeep/agents-email Patch
@inkeep/agents-mcp Patch
@inkeep/agents-sdk Patch
@inkeep/agents-work-apps Patch
@inkeep/ai-sdk-provider Patch
@inkeep/create-agents Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel
Copy link
Copy Markdown

vercel Bot commented Mar 30, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agents-api Ready Ready Preview, Comment Mar 30, 2026 9:27pm
agents-docs Ready Ready Preview, Comment Mar 30, 2026 9:27pm
agents-manage-ui Ready Ready Preview, Comment Mar 30, 2026 9:27pm

Request Review

@pullfrog
Copy link
Copy Markdown
Contributor

pullfrog Bot commented Mar 30, 2026
edited
Loading

TL;DR — Adds 'wasm-unsafe-eval' to the Content Security Policy script-src directive so Monaco Editor's WebAssembly-based syntax highlighting (via @shikijs/monaco) stops throwing CompileError in production.

Key changes

  • Add 'wasm-unsafe-eval' to CSP script-src in proxy.ts — permits WebAssembly.compile()/instantiate() in production without opening the door to JavaScript eval(), fixing PILOT-INKEEP-COM-21
  • Add changesetpatch bump for @inkeep/agents-manage-ui

Summary | 2 files | 2 commits | base: mainfix/csp-wasm-unsafe-eval

Before: The production CSP only allowed 'self' and 'unsafe-inline' in script-src ('unsafe-eval' was gated to development), so any WebAssembly.compile() call was blocked — breaking Monaco on the conversations trace page and every other route that lazy-loads the editor.
After: 'wasm-unsafe-eval' is added unconditionally to scriptSrcDomains, allowing WebAssembly compilation while remaining strictly narrower than 'unsafe-eval'.

agents-manage-ui/src/proxy.ts · .changeset/fix-csp-wasm-unsafe-eval.md

Pullfrog  | View workflow run | Triggered by Pullfrog | Using Claude Opus𝕏

pullfrog[bot]
pullfrog Bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@pullfrog pullfrog Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean, minimal fix. 'wasm-unsafe-eval' is the correct directive — strictly narrower than 'unsafe-eval', only permits WebAssembly.compile()/instantiate(), and is required by @shikijs/monaco's Oniguruma WASM tokenizer. Placement before the dev-only 'unsafe-eval' conditional is correct. No security concerns.

Pullfrog  | View workflow run | Using Claude Opus𝕏

claude[bot]
claude Bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Review Summary

(0) Total Issues | Risk: Low

This is a well-scoped, minimal fix for a real production issue (Sentry PILOT-INKEEP-COM-21).

✅ What's Good

  1. Correct directive choice: 'wasm-unsafe-eval' is the right CSP directive for this use case — it allows WebAssembly.compile() and WebAssembly.instantiate() without enabling JavaScript eval(). This is strictly narrower than 'unsafe-eval' and follows CSP Level 3 best practices.

  2. Minimal change surface: Single line addition in the existing CSP builder function — no architectural changes or new patterns introduced.

  3. Clear problem/solution mapping: Monaco Editor (via @shikijs/monaco) requires WebAssembly for TextMate grammar parsing. The CSP was blocking this in production, causing CompileError for 4 users across 19 occurrences.

  4. Proper placement: The directive is added to scriptSrcDomains array alongside other CSP entries, maintaining consistency with the existing pattern.

📋 Test Plan Feedback

The test plan items are appropriate:

  • ✅ Deploy to preview and verify Monaco loads
  • ✅ Confirm no CompileError in console
  • ✅ Verify CSP header includes wasm-unsafe-eval

Consider adding: Verify the CSP header does not include 'unsafe-eval' in production (it should only appear in development mode per the existing conditional on line 38).

✅ APPROVE

Summary: This is a clean, surgical fix that uses the narrowest available CSP directive to enable WebAssembly while maintaining the security posture. The change is well-justified by the linked Sentry issue and follows CSP best practices.

Reviewers (1)
Reviewer Returned Main Findings Consider While You're Here Inline Comments Pending Recs Discarded
orchestrator 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0

Note: This is a minimal 1-line CSP fix. No subagents were dispatched as the scope is trivially reviewable by the orchestrator directly.

@github-actions github-actions Bot deleted a comment from claude Bot Mar 30, 2026
dimaMachina
dimaMachina approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@dimaMachina dimaMachina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@claude add a changeset

@inkeep-internal-ci
Copy link
Copy Markdown
Contributor

inkeep-internal-ci Bot commented Mar 30, 2026
edited
Loading

Claude finished @dimaMachina's task in 30s —— View job

Adding changeset

  • Create changeset file
  • Commit and push

Added a patch changeset for @inkeep/agents-manage-ui: fix-csp-wasm-unsafe-eval.md (87e5423).

@amikofalvy amikofalvy enabled auto-merge March 30, 2026 21:28
@amikofalvy amikofalvy added this pull request to the merge queue Mar 30, 2026
Merged via the queue into main with commit 8e2f1e0 Mar 30, 2026
17 of 18 checks passed
@amikofalvy amikofalvy deleted the fix/csp-wasm-unsafe-eval branch March 30, 2026 21:41
@itoqa
Copy link
Copy Markdown

itoqa Bot commented Mar 30, 2026

Ito Test Report ✅

12 test cases ran. 12 passed.

All 12 test cases passed with no failures, confirming expected behavior across CSP policy enforcement, authentication/redirect protections, route handling, and Monaco-based editor/viewer functionality. Key findings were that wasm-unsafe-eval is consistently present on login, protected, and 307 redirect responses; unsafe-eval remains intentionally dev-only; logged-out deep links and cross-tab invalidation correctly force /login?returnUrl=...; malformed path tampering safely normalizes/redirects/404s without data exposure; and trace/agent Monaco flows stayed stable under refresh/back-forward/mobile/rapid interactions with controls functioning and script-like input treated as inert text.

✅ Passed (12)
Category Summary Screenshot
Adversarial Eval execution in local dev is expected because dev CSP includes unsafe-eval; production branch removes it while retaining wasm-unsafe-eval. ADV-1
Adversarial After logout in tab A, protected navigations in tab B correctly redirected to /login with returnUrl. ADV-4
Adversarial Malformed and encoded path tampering attempts resolved safely (normalization/login redirect/404) with no protected data exposure. ADV-5
Edge Project root 307 redirect preserved CSP with wasm-unsafe-eval, then loaded /agents successfully. EDGE-1
Edge After hard refresh plus 3 back/forward cycles, Monaco JSON panels consistently re-rendered without intermittent failures. EDGE-2
Edge JsonEditorWithCopy Copy/Download/Wrap controls are implemented and wired; prior blockage aligned with setup/data conditions, not product logic. EDGE-3
Edge Mobile conversation detail controls (Download, Copy Code, Toggle Word Wrap) were visible and clickable after environment correction and deterministic data setup. EDGE-4
Logic CSP token behavior is environment-sensitive by design; localhost dev includes unsafe-eval while keeping wasm-unsafe-eval. LOGIC-1
Happy-path Confirmed CSP script-src includes wasm-unsafe-eval on /login and protected agent route responses. ROUTE-1
Happy-path Confirmed /login and unauthenticated deep-link denial flow both return CSP with wasm-unsafe-eval, and deep-link resolves to /login?returnUrl=... when logged out state is enforced. ROUTE-2
Screen Conversation detail Monaco JSON panels rendered and Copy Code worked with no CSP/WebAssembly CompileError in the verified flow. SCREEN-1
Screen Node switching updates Monaco prompt state and script-like payload text remains inert in the editor flow. SCREEN-2

Commit: 87e5423

View Full Run

Tell us how we did: Give Ito Feedback

tim-inkeep pushed a commit that referenced this pull request Mar 31, 2026
@amikofalvy @github-actions
@dimaMachina @tim-inkeep
fix(manage): add wasm-unsafe-eval to CSP for Monaco WebAssembly (#2915
12418c6 
)

* fix(manage): add `wasm-unsafe-eval` to CSP for Monaco WebAssembly

Monaco Editor (via @shikijs/monaco) uses WebAssembly for syntax
highlighting, which is blocked in production by the current CSP.
Adding the targeted `wasm-unsafe-eval` directive permits WASM
compilation without opening the door to JavaScript eval().

Fixes PILOT-INKEEP-COM-21

Made-with: Cursor

* Add changeset for CSP wasm-unsafe-eval fix

Co-authored-by: Dimitri POSTOLOV <[email protected]>

---------

Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Dimitri POSTOLOV <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@pullfrog pullfrog[bot] pullfrog[bot] left review comments

@dimaMachina dimaMachina dimaMachina approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@amikofalvy @dimaMachina