Add missing validations and fix infinite loop in type topological sort

- Fix potential infinite loop in TypeDeclMulti::to_rescript_schema when
  type declarations have cyclic dependencies. The while loop now detects
  lack of progress and returns a clear error instead of hanging forever.
- Add validation in TypeDeclMulti::new: reject empty declarations and
  duplicate type names.
- Add validation in TypeDecl::new: reject duplicate type parameters.
- Add event name uniqueness validation in Contract::new to catch
  duplicate event names within a contract early.
- Add __proto__ field name check in schema validation to prevent
  prototype pollution issues in the JavaScript runtime.
- All new validations include corresponding unit tests.

https://claude.ai/code/session_01BwrGigSvKsk4MR43QhkSrx

Author: claude

codegenerator/cli/src/config_parsing/entity_parsing.rs

@@ -155,15 +155,38 @@ impl Schema {
         ]
         .concat();
 
-        // TODO: It'd be nice to check field names not having __proto__ name
-        // I don't think any other field names should be restricted
         match check_names_from_schema_for_reserved_words(all_names) {
-            reserved_enum_types_used if reserved_enum_types_used.is_empty() => Ok(self),
-            reserved_enum_types_used => Err(anyhow!(
-                "Schema contains the following reserved keywords: {}",
-                reserved_enum_types_used.join(", ")
-            )),
+            reserved_enum_types_used if reserved_enum_types_used.is_empty() => {}
+            reserved_enum_types_used => {
+                return Err(anyhow!(
+                    "Schema contains the following reserved keywords: {}",
+                    reserved_enum_types_used.join(", ")
+                ))
+            }
         }
+
+        self.check_field_names_for_proto()
+    }
+
+    /// Check that no entity field uses the __proto__ name, which can cause
+    /// prototype pollution issues in JavaScript runtimes.
+    fn check_field_names_for_proto(self) -> anyhow::Result<Self> {
+        let mut violations: Vec<String> = vec![];
+        for entity in self.entities.values() {
+            for field in &entity.fields {
+                if field.name == "__proto__" {
+                    violations.push(format!("{}.{}", entity.name, field.name));
+                }
+            }
+        }
+        if !violations.is_empty() {
+            return Err(anyhow!(
+                "Schema contains fields named '__proto__' which can cause prototype \
+                 pollution issues: {}. Please rename these fields.",
+                violations.join(", ")
+            ));
+        }
+        Ok(self)
     }
 
     fn check_duplicate_naming_between_enums_and_entities(self) -> anyhow::Result<Self> {

codegenerator/cli/src/config_parsing/system_config.rs

@@ -1259,11 +1259,25 @@ impl Contract {
         events: Vec<Event>,
         abi: Abi,
     ) -> Result<Self> {
-        // TODO: Validatate that all event names are unique
-        validate_names_valid_rescript(
-            &events.iter().map(|e| e.name.clone()).collect(),
-            "event".to_string(),
-        )?;
+        let event_names: Vec<String> = events.iter().map(|e| e.name.clone()).collect();
+
+        // Validate that all event names are unique
+        let mut seen_event_names: HashSet<String> = HashSet::new();
+        let duplicate_event_names: Vec<String> = event_names
+            .iter()
+            .filter(|n| !seen_event_names.insert(n.to_string()))
+            .cloned()
+            .collect();
+        if !duplicate_event_names.is_empty() {
+            return Err(anyhow!(
+                "Contract '{}' has duplicate event names: {}. All event names within a \
+                 contract must be unique.",
+                name,
+                duplicate_event_names.join(", ")
+            ));
+        }
+
+        validate_names_valid_rescript(&event_names, "event".to_string())?;
 
         Ok(Self {
             name,

codegenerator/cli/src/fuel/abi.rs

@@ -320,7 +320,7 @@ impl FuelAbi {
                 Ok(Some(FuelType {
                     id: abi_type_decl.type_id,
                     abi_type_field: abi_type_decl.type_field.clone(),
-                    type_decl: TypeDecl::new(name, type_expr?, type_params),
+                    type_decl: TypeDecl::new(name, type_expr?, type_params)?,
                 }))
             })
             .collect::<Result<Vec<Option<FuelType>>>>()
@@ -477,6 +477,6 @@ impl FuelAbi {
             .map(|t| t.type_decl.clone())
             .collect();
 
-        Ok(TypeDeclMulti::new(type_declerations))
+        TypeDeclMulti::new(type_declerations)
     }
 }

codegenerator/cli/src/hbs_templating/codegen_templates.rs

@@ -997,14 +997,21 @@ let eventSignatures = [{}]
                     contract.name
                 ))?;
 
+                let abi_type_schema = all_abi_type_declarations
+                    .to_rescript_schema(&SchemaMode::ForDb)
+                    .context(format!(
+                        "Failed generating schema for the '{}' contract ABI types",
+                        contract.name
+                    ))?;
+
                 format!(
                   "let abi = FuelSDK.transpileAbi((await Utils.importPathWithJson(`../${{Path.\
                    relativePathToRootFromGenerated}}/{}`))[\"default\"])\n{}\n{}\n{chain_id_type_code}",
                   // If we decide to inline the abi, instead of using require
                   // we need to remember that abi might contain ` and we should escape it
                   abi.path_buf.to_string_lossy(),
                     all_abi_type_declarations,
-                    all_abi_type_declarations.to_rescript_schema(&SchemaMode::ForDb)
+                    abi_type_schema
                 )
             }
         };