fix: guard #set paths against prototype pollution

[shepherdwind]

Background

Supersedes #186, which has been closed. The previous approach blocked dangerous key names too broadly and still needed more careful handling for dynamic index paths.

Prototype pollution is possible when #set traverses through JavaScript prototype accessors such as __proto__ or inherited constructor.prototype before assigning the final property.

Approach

Resolve the left-hand #set target before evaluating the right-hand value. If the path would traverse a prototype-polluting segment, skip the assignment before any RHS side effects run.

The guard is path-aware rather than a blanket key denylist:

• Blocks __proto__ paths.
• Blocks inherited constructor / prototype traversal and function prototype traversal.
• Preserves safe top-level $constructor / $prototype assignments.
• Preserves own constructor / prototype data fields on ordinary context objects.

For dynamic index keys, the key is now resolved before the RHS value. This is intentional so blocked dynamic paths do not execute RHS callbacks.

Changes

• Refactored src/compile/set.ts to resolve and validate #set paths before assignment.
• Added prototype pollution regression tests for __proto__, inherited constructor.prototype, dynamic index keys, and function prototype paths.
• Added compatibility coverage for top-level constructor / prototype variables and own data fields with those names.

Testing

• ./node_modules/.bin/jest --config=jest.config.js test/set.test.ts --runInBand
• npm run lint
• npm test -- --runInBand
• npm run test:build

Local Review

• Reviewed the implementation locally against the old PR feedback.
• No blocking findings after the rewrite.
• Main behavior note: dynamic index keys are resolved before RHS evaluation so blocked paths cannot trigger RHS side effects.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b9a030d02a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6c7e6f0d05

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 221d197e1b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".