Add UTF-8 boundary validation to Fix constructors #463
Description
Category
Backend Logic
Severity
High
Location
crates/agnix-core/src/fixes.rs:178-192
Description
The UTF-8 boundary check happens at application time (in apply_fixes_to_content), but Fix constructors (Fix::replace, Fix::insert, Fix::delete) don't validate byte offsets align with character boundaries when created.
If a validator generates a fix with mid-codepoint byte offsets, the fix silently fails at application time with no feedback to the developer. This makes debugging validator bugs harder since the invalid fix is detected late in the pipeline.
Current Code (at application time)
if !result.is_char_boundary(fix.start_byte) || !result.is_char_boundary(fix.end_byte) {
continue; // Silently skipped
}Suggested Fix
Add UTF-8 boundary validation to Fix constructors using debug assertions:
pub fn replace(start: usize, end: usize, ...) -> Self {
debug_assert!(start <= end, "Fix start_byte must be <= end_byte");
Self { ... }
}Or add a Fix::validate(&self, content: &str) -> Result<(), FixError> method that validators can call during development.
The silent skip behavior at application time is correct for production (robustness), but harder to debug during development.
Effort
Small
Found by /audit-project multi-agent review