fix(desktop): reject NaN/Infinity usage values to prevent counter corruption

hqhq1025 · hqhq1025 · commit 9a4f69db8813 · 2026-04-19T15:49:00.000+08:00
A bad provider/IPC payload (NaN, Infinity, or negative) would silently poison weekUsage totals across sessions, since the previous guard only checked typeof === 'number'. Tighten validation with Number.isFinite + non-negative at both the parse-side (IPC payload → state) and the storage-load side (rehydrate from localStorage). On rejection: drop the bad value, console.warn, and surface a toast via the existing weekly-usage error UI surface (errors.weekUsageInvalid). Addresses PR #47 codex Major.
diff --git a/apps/desktop/src/renderer/src/store.test.ts b/apps/desktop/src/renderer/src/store.test.ts
@@ -2,7 +2,7 @@ import { initI18n } from '@open-codesign/i18n';
 import type { LocalInputFile, OnboardingState, SelectedElement } from '@open-codesign/shared';
 import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from 'vitest';
 import type { GenerationStage } from './store';
-import { accumulateWeekUsage, isoWeekKey, useCodesignStore } from './store';
+import { accumulateWeekUsage, coerceUsageSnapshot, isoWeekKey, useCodesignStore } from './store';
 
 const READY_CONFIG: OnboardingState = {
   hasKey: true,
@@ -402,6 +402,41 @@ describe('accumulateWeekUsage', () => {
   });
 });
 
+describe('coerceUsageSnapshot', () => {
+  it('rejects NaN inputs and reports the field', () => {
+    const { usage, rejected } = coerceUsageSnapshot({
+      inputTokens: Number.NaN,
+      outputTokens: 200,
+      costUsd: 0.01,
+    });
+    expect(usage.inputTokens).toBe(0);
+    expect(usage.outputTokens).toBe(200);
+    expect(usage.costUsd).toBe(0.01);
+    expect(rejected).toEqual(['inputTokens']);
+  });
+
+  it('rejects Infinity inputs and reports the field', () => {
+    const { usage, rejected } = coerceUsageSnapshot({
+      inputTokens: 100,
+      outputTokens: Number.POSITIVE_INFINITY,
+      costUsd: Number.NEGATIVE_INFINITY,
+    });
+    expect(usage.outputTokens).toBe(0);
+    expect(usage.costUsd).toBe(0);
+    expect(rejected).toEqual(['outputTokens', 'costUsd']);
+  });
+
+  it('accepts finite zero without rejecting', () => {
+    const { usage, rejected } = coerceUsageSnapshot({
+      inputTokens: 0,
+      outputTokens: 0,
+      costUsd: 0,
+    });
+    expect(usage).toEqual({ inputTokens: 0, outputTokens: 0, costUsd: 0 });
+    expect(rejected).toEqual([]);
+  });
+});
+
 // Simulate the escape handler logic from App.tsx to verify priority:
 //   commandPaletteOpen → close palette (view unchanged)
 //   palette closed + view=settings → go to workspace
diff --git a/apps/desktop/src/renderer/src/store.ts b/apps/desktop/src/renderer/src/store.ts
@@ -213,6 +213,32 @@ export function isoWeekKey(date: Date): string {
   return `${d.getUTCFullYear()}-W${String(weekNo).padStart(2, '0')}`;
 }
 
+function isFiniteUsageNumber(v: unknown): v is number {
+  return typeof v === 'number' && Number.isFinite(v) && v >= 0;
+}
+
+export function coerceUsageSnapshot(result: {
+  inputTokens?: unknown;
+  outputTokens?: unknown;
+  costUsd?: unknown;
+}): { usage: UsageSnapshot; rejected: string[] } {
+  const rejected: string[] = [];
+  const pick = (label: string, v: unknown): number => {
+    if (v === undefined) return 0;
+    if (isFiniteUsageNumber(v)) return v;
+    rejected.push(label);
+    return 0;
+  };
+  return {
+    usage: {
+      inputTokens: pick('inputTokens', result.inputTokens),
+      outputTokens: pick('outputTokens', result.outputTokens),
+      costUsd: pick('costUsd', result.costUsd),
+    },
+    rejected,
+  };
+}
+
 function readStoredWeekUsage(now: Date): WeekUsage {
   const fresh: WeekUsage = {
     isoWeek: isoWeekKey(now),
@@ -228,9 +254,9 @@ function readStoredWeekUsage(now: Date): WeekUsage {
     const parsed = JSON.parse(raw) as Partial<WeekUsage>;
     if (
       typeof parsed.isoWeek !== 'string' ||
-      typeof parsed.inputTokens !== 'number' ||
-      typeof parsed.outputTokens !== 'number' ||
-      typeof parsed.costUsd !== 'number'
+      !isFiniteUsageNumber(parsed.inputTokens) ||
+      !isFiniteUsageNumber(parsed.outputTokens) ||
+      !isFiniteUsageNumber(parsed.costUsd)
     ) {
       warnReason = 'weekly usage entry has unexpected shape';
     } else if (parsed.isoWeek === fresh.isoWeek) {
@@ -375,11 +401,7 @@ function applyGenerateSuccess(
   },
 ): void {
   const firstArtifact = result.artifacts[0];
-  const usage: UsageSnapshot = {
-    inputTokens: typeof result.inputTokens === 'number' ? result.inputTokens : 0,
-    outputTokens: typeof result.outputTokens === 'number' ? result.outputTokens : 0,
-    costUsd: typeof result.costUsd === 'number' ? result.costUsd : 0,
-  };
+  const { usage, rejected: rejectedUsageFields } = coerceUsageSnapshot(result);
   let persistError: string | null = null;
   let didApply = false;
   finishIfCurrent(set, generationId, (state) => {
@@ -400,6 +422,15 @@ function applyGenerateSuccess(
       weekUsage: nextWeek,
     };
   });
+  if (didApply && rejectedUsageFields.length > 0) {
+    const detail = rejectedUsageFields.join(', ');
+    console.warn('[open-codesign] dropped non-finite usage values from provider:', detail);
+    get().pushToast({
+      variant: 'error',
+      title: tr('errors.weekUsageInvalid'),
+      description: detail,
+    });
+  }
   if (didApply && persistError) {
     console.warn('[open-codesign] failed to persist weekly usage:', persistError);
     get().pushToast({
@@ -758,11 +789,7 @@ export const useCodesignStore = create<CodesignState>((set, get) => ({
         attachments,
       });
       const firstArtifact = result.artifacts[0];
-      const usage: UsageSnapshot = {
-        inputTokens: typeof result.inputTokens === 'number' ? result.inputTokens : 0,
-        outputTokens: typeof result.outputTokens === 'number' ? result.outputTokens : 0,
-        costUsd: typeof result.costUsd === 'number' ? result.costUsd : 0,
-      };
+      const { usage, rejected: rejectedUsageFields } = coerceUsageSnapshot(result);
       let persistError: string | null = null;
       set((s) => {
         const nextWeek = accumulateWeekUsage(s.weekUsage, usage, new Date());
@@ -779,6 +806,15 @@ export const useCodesignStore = create<CodesignState>((set, get) => ({
           weekUsage: nextWeek,
         };
       });
+      if (rejectedUsageFields.length > 0) {
+        const detail = rejectedUsageFields.join(', ');
+        console.warn('[open-codesign] dropped non-finite usage values from provider:', detail);
+        get().pushToast({
+          variant: 'error',
+          title: tr('errors.weekUsageInvalid'),
+          description: detail,
+        });
+      }
       if (persistError) {
         console.warn('[open-codesign] failed to persist weekly usage:', persistError);
         get().pushToast({
diff --git a/packages/i18n/src/locales/en.json b/packages/i18n/src/locales/en.json
@@ -395,6 +395,7 @@
     "localePersistFailed": "Failed to save language preference",
     "projectStorageFailed": "Couldn't read or write projects on this device. Your changes may not persist.",
     "storageFailed": "Failed to save to local storage",
+    "weekUsageInvalid": "Provider returned invalid usage values; ignored to keep weekly totals accurate.",
     "weekUsageReadFailed": "Couldn't read this week's usage from local storage. Showing fresh totals."
   },
   "demos": {
diff --git a/packages/i18n/src/locales/zh-CN.json b/packages/i18n/src/locales/zh-CN.json
@@ -394,6 +394,7 @@
     "localePersistFailed": "无法保存语言偏好",
     "projectStorageFailed": "本机的项目数据读写失败，改动可能未保存。",
     "storageFailed": "本地存储写入失败",
+    "weekUsageInvalid": "模型提供方返回了非法的用量值，已忽略以保证周用量统计准确。",
     "weekUsageReadFailed": "无法从本地存储读取本周用量，已重置为新一轮统计。"
   },
   "demos": {
