fix: validation hardening — agent import prompt limit, relay retry tracking, heartbeat validation
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
- agent_import: add system_prompt length validation (max 50K chars) to prevent excessive token consumption from imported configs - relay retry_task: wrap JoinHandle to log abort on server shutdown - device_heartbeat: validate device_id length (1-64 chars) matching register endpoint constraints
This commit is contained in:
iven
@@ -295,6 +295,18 @@ pub async fn agent_import(
|
||||
let mut config: AgentConfig = serde_json::from_str(&config_json)
|
||||
.map_err(|e| format!("Invalid agent config JSON: {}", e))?;
|
||||
|
||||
// Validate system_prompt length to prevent excessive token consumption
|
||||
const MAX_SYSTEM_PROMPT_LEN: usize = 50_000;
|
||||
if let Some(ref prompt) = config.system_prompt {
|
||||
if prompt.len() > MAX_SYSTEM_PROMPT_LEN {
|
||||
return Err(format!(
|
||||
"system_prompt too long: {} chars (max {})",
|
||||
prompt.len(),
|
||||
MAX_SYSTEM_PROMPT_LEN
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
// Regenerate ID to avoid collisions
|
||||
config.id = AgentId::new();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user