feat(middleware): gojq improvements — caching, panic-on-broken-init, secureCompileOpts

[Copilot]

Four improvements to gojq usage identified by the go-fan module review. The most impactful is eliminating repeated Parse+Compile on the parameterized-filter hot path; the most correctness-critical is replacing a silent-failure init() with a proper panic.

Changes

• P1 – Cache CompileToolResponseFilterWithVars (internal/middleware/jqschema.go)
  Adds composite-key caching: filter + "\x00" + strings.Join(varNames, "\x00"). Previously every tool invocation re-parsed and re-compiled the same expression; now it's compile-once-run-many like the no-vars path.

• P2 – init() panics instead of logging FATAL (internal/middleware/jqschema.go)
  Old code called log.Printf("FATAL: …") then returned, letting the binary start with jqSchemaCode == nil and silently returning errors on every schema call. jqSchemaFilter is a hardcoded constant — a compile failure means a broken binary, not a recoverable runtime condition.

  // before
  log.Printf("FATAL: Failed to compile jq schema filter at init (application will not start): %v", err)
  return
  // after
  panic(fmt.Sprintf("built-in jq schema filter failed to compile: %v", err))

• P3 – secureCompileOpts package-level variable (internal/middleware/jqschema.go, internal/config/validation.go)
  Extracts the repeated gojq.WithEnvironLoader(func() []string { return nil }) into a shared slice in each package. All gojq.Compile call sites now reference it (or append to it), making the $ENV-disabled intent explicit and preventing future omissions.

• P4 – TODO on filterCodeCache
  Documents that the unbounded sync.Map should become a bounded LRU if config hot-reload is ever added.

Tests

Added TestCompileToolResponseFilterWithVars_CacheHit (pointer equality on repeated identical calls) and TestCompileToolResponseFilterWithVars_DifferentVarsCacheMiss (same filter, different varNames → distinct *gojq.Code).

[Copilot]

Pull request overview

This PR improves gojq usage in the middleware/config layers by making tool-response filter compilation faster (compile-once, reuse), more fail-fast for built-in filters (panic on broken init), and more consistently secure ($ENV disabled via shared compile options).

Changes:

• Add caching for CompileToolResponseFilterWithVars using a composite key to avoid repeated Parse+Compile on hot paths.
• Change init() behavior for the built-in jq schema filter to panic on parse/compile failure (broken binary should not start).
• Centralize $ENV-disabled gojq compiler options (secureCompileOpts) and apply them consistently; add tests validating cache hit/miss behavior for var-based compilation.

Show a summary per file

File	Description
internal/middleware/jqschema.go	Adds secure compile opts, fail-fast init compilation, and caching for var-based filter compilation.
internal/middleware/jqschema_coverage_test.go	Adds tests validating cache behavior for CompileToolResponseFilterWithVars.
internal/config/validation.go	Centralizes secure compile opts and reuses them when validating jq filters with variables.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 2
• Review effort level: Low

[lpcox]

@copilot address review feedback

[Copilot]

@copilot address review feedback

Addressed in 397966d.

Changes made:

• Updated filterCodeCache docs to reflect both cache key shapes.
• Replaced NUL-concatenated var-filter cache keys with a structured toolResponseFilterVarsCacheKey to avoid collision risk.
• Stopped appending directly to shared secureCompileOpts by using a dedicated options builder.
• Added tests covering separator-collision safety and shared compile-option immutability.