fix(miner): bound rejection policy document reads#5325
Conversation
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
gittensory-ui | e816ab2 | Commit Preview URL Branch Preview URL |
Jul 12 2026, 02:00 PM |
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
|
Warning 🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨 ⏸️ Gittensory review result - manual review recommendedReview updated: 2026-07-12 21:47:40 UTC
⏸️ Suggested Action - Manual Review Review summary Blockers
Nits — 5 non-blocking
Concerns raised — review before merging
📋 Copy for AI agents — paste into your coding agent
Review context
Contributor next steps
Signal definitions
[BETA] Chat with GittensoryAsk Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.
Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands 🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5325 +/- ##
=======================================
Coverage 94.71% 94.71%
=======================================
Files 555 555
Lines 44526 44550 +24
Branches 14664 14664
=======================================
+ Hits 42172 42196 +24
Misses 1619 1619
Partials 735 735
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
e816ab2 to
fd1425b
Compare
Covers the streaming reader's normal-completion path (never exercised -- existing tests only hit the non-stream fallback and the overflow-cancel branch), plus the non-numeric content-length and oversized-non-streamed-body branches.
Motivation
response.text()and no size checks, allowing a malicious repo to cause excessive memory consumption or crash the miner attempt.AI-USAGE.mdandCONTRIBUTING.mdwere fetched concurrently even when the first file already decided the verdict, increasing the attack surface and risk before a worktree slot is allocated.Description
MAX_POLICY_DOC_BYTES = 128 * 1024cap and implementreadBoundedPolicyDoc(response)that checksContent-Length, streams the body with byte accounting, cancels oversized streams, and falls back to a boundedtext()read for non-streamable responses.response.text()call withreadBoundedPolicyDoc(response)insidefetchPolicyDoc.AI-USAGE.mdfirst and only fetchingCONTRIBUTING.mdwhenAI-USAGE.mdis empty/insufficient, avoiding unnecessary downloads.Content-Length-based rejection without reading the body, and streamed-response cancellation when the byte limit is exceeded.Testing
npx vitest run test/unit/miner-rejection-signal.test.ts, and the new unit tests passed (11/11).npm run typecheck, which succeeded.npm run build:miner, which succeeded (node--checkpassed for miner libs).npm run test:ci,npm audit --audit-level=moderate, and a complete unshardednpm run test:coveragecould not be completed in this environment due to unrelated registry/worker-typegen/environment drift and global coverage thresholds; the focused unit/regression tests added for this change passed locally.Codex Task