Skip to content

fix: limit control prompt request body#2122

Merged
jolestar merged 1 commit into
mainfrom
fix/control-prompt-body-limit
Jul 6, 2026
Merged

fix: limit control prompt request body#2122
jolestar merged 1 commit into
mainfrom
fix/control-prompt-body-limit

Conversation

@jolestar

@jolestar jolestar commented Jul 6, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • add a size cap for control prompt request bodies before JSON parsing
  • return an explicit 413 response when the request body is too large
  • cover oversized control prompt requests with a regression test

Verification

  • cargo fmt --all -- --check
  • cargo test -q control_prompt_rejects_oversized_body
  • RUSTFLAGS="-D warnings" cargo check --all-targets

@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
holon Ready Ready Preview, Comment Jul 6, 2026 4:48pm

@jolestar jolestar left a comment

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: PR #2122 — fix: limit control prompt request body

LGTM — 简洁有效的安全加固。

审查要点

  1. Body limit 设置 — 32MB 对 control prompt 合理(远大于 callback 的 256KB,但仍有上限防护)。
  2. 错误处理 — 返回 413 Payload Too Large,语义准确。
  3. 代码组织 — 常量和检查位置合理,与现有 callback body limit 保持一致的模式。

✅ 可以合并。

@jolestar jolestar left a comment

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: PR #2122 — fix: limit control prompt request body

LGTM — 简洁有效的安全加固。32MB body limit 合理,错误处理返回 413 语义准确。

@holonbot holonbot Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: PR #2122 — fix: limit control prompt request body

LGTM — Clean, focused security hardening that follows the established CALLBACK_BODY_LIMIT_BYTES pattern.

Assessment

  • CorrectnessDefaultBodyLimit::max() at the route level rejects oversized bodies before the Json extractor. Correct placement, matches the callback route pattern.
  • Limit choice — 32 MB is reasonable for prompts with attachments, and explicitly documented as a constant.
  • Test — Regression test correctly validates the 413 response path.

Follow-up suggestion

⚠️ /control/agents/{agent_id}/debug-prompt (line 468) accepts POST bodies without an explicit DefaultBodyLimit — the same gap this PR closes for control_prompt. Not a blocker, but worth addressing in a follow-up to close the surface on all body-accepting control routes.

💡 The test allocates ~33 MB in a single String. Acceptable; if CI memory is a concern, 32 * 1024 * 1024 + 1 bytes would suffice.

@holonbot

holonbot Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Holon Run Report

@jolestar
jolestar merged commit 0c97652 into main Jul 6, 2026
5 checks passed
@jolestar
jolestar deleted the fix/control-prompt-body-limit branch July 6, 2026 16:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant