Open LLM text
Share with AI
Ask Claude Ask ChatGPT Ask Gemini Ask Copilot
2 min read 392 words Updated 5 days ago

Kida 0.2.3

Flush directive, security hardening, K-RUN-007 fix, and resource guards

Status: Released March 3, 2026.

This release adds the{% flush %}directive for streaming boundaries, fixes K-RUN-007 (macro import isolation), hardens path traversal handling, and introduces resource exhaustion guards.

Highlights

  • {% flush %}directive — Emit streaming boundaries for chunked HTTP and SSE.
  • K-RUN-007 fix — Isolateimport_stack and exclude UNDEFINEDin macro imports.
  • Path traversal hardening — Bytecode cache and PackageLoader reject malicious names.
  • Resource exhaustion guards — Limits on inheritance depth, filter chains, partial eval.
  • Def/slot name validation — Compiler rejects invalid identifiers at compile time.

Added

{% flush %}Directive

Use{% flush %}in streaming templates to yield buffered output immediately:

{% for item in items %}
  <li>{{ item }}</li>
  {% flush %}
{% end %}

Ideal for chunked HTTP responses and Server-Sent Events where you want to control when data reaches the client.

Resource Exhaustion Guards

  • max_extends_depth(50) — Limits inheritance chain depth
  • Partial evaluator depth limit (100) — Prevents stack overflow on deep attribute chains
  • MAX_FILTER_CHAIN_LEN(200) — Caps filter/pipeline length
  • Circular inheritance detection — RaisesTemplateRuntimeError

Def/Slot Name Validation

The compiler now validates{% def %} and {% slot %}names with an identifier regex. Invalid names (e.g. containing spaces or special characters) are rejected at compile time.

Changed

UNDEFINED in Globals

Render context filtersUNDEFINED from env.globalsbefore macro imports, preventing accidental exposure to templates. See Custom Globals for the documented contract.

Error Attribution

Improved source mapping and developer experience for template errors.

Fixed

K-RUN-007 — Macro Import Isolation

Shared mutable state inimport_stackduring concurrent rendering is fixed. Macro imports now use isolated state, andUNDEFINEDis excluded from imported globals.

Security

Path Traversal

  • BytecodeCache — Rejects template names containing..or path separators.
  • PackageLoader.get_source — Rejects path traversal in template names.

Upgrade Notes

  1. No breaking template syntax changes — Existing templates continue to work.
  2. Optional{% flush %} — Add where streaming boundaries are needed.
  3. Invalid def/slot names — If you use non-identifier names, update to valid identifiers (letters, digits, underscores).
  4. Path traversal — Template names with..or path separators will now raise errors; ensure loader names are safe.