fix(miner): bound self-review manifest reads#5358
Conversation
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
gittensory-ui | 0f04cee | Commit Preview URL Branch Preview URL |
Jul 12 2026, 02:56 PM |
|
Warning 🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨 ⏸️ Gittensory review result - manual review recommendedReview updated: 2026-07-12 21:49:07 UTC
⏸️ Suggested Action - Manual Review Review summary Blockers
Nits — 5 non-blocking
Concerns raised — review before merging
📋 Copy for AI agents — paste into your coding agent
Review context
Contributor next steps
Signal definitions
[BETA] Chat with GittensoryAsk Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.
Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands 🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5358 +/- ##
=======================================
Coverage 94.34% 94.34%
=======================================
Files 473 473
Lines 39982 39982
Branches 14576 14576
=======================================
Hits 37722 37722
Misses 1585 1585
Partials 675 675
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
Motivation
Description
MAX_FOCUS_MANIFEST_BYTESfrom@jsonbored/gittensory-engineand use it in the miner manifest fetcher.response.text()read withreadBoundedManifestResponseTextwhich rejects over-limitContent-Length, bounds fallback text reads by encoded byte length, and streams+cancels the reader when the cap is exceeded.test/unit/miner-self-review-context.test.tsthat cover theContent-Lengthrejection and the streaming cancellation paths.Testing
npm run build:minerwhich completed successfully.npx vitest run test/unit/miner-self-review-context.test.tsand the updated unit suite passed (18 tests passed).npm run test:cilocally; it exercised the pre-submit checks but failed atcf-typegen:checkdue to a workspace drift (worker-configuration.d.ts is stale; run npm run cf-typegen).npm audit --audit-level=moderatewhich failed to complete due to the npm registry audit endpoint returning403 Forbiddenin this environment.Codex Task