Skip to content

Add input length validation for agent fields#30

Open
mduongvandinh wants to merge 1 commit intoRightNow-AI:mainfrom
mduongvandinh:fix/agent-input-validation
Open

Add input length validation for agent fields#30
mduongvandinh wants to merge 1 commit intoRightNow-AI:mainfrom
mduongvandinh:fix/agent-input-validation

Conversation

@mduongvandinh
Copy link

@mduongvandinh mduongvandinh commented Feb 27, 2026

Summary

  • Add length limits to agent name, description, and system prompt fields
  • Prevents unbounded string storage in SQLite

Changes

  • MAX_AGENT_NAME_LEN (256 chars) for name in patch_agent_config and new_name in clone_agent
  • MAX_AGENT_DESCRIPTION_LEN (4096 chars) for description in patch_agent_config
  • MAX_SYSTEM_PROMPT_LEN (64KB) for system_prompt in patch_agent_config
  • Returns 413 Payload Too Large with descriptive error message

Test plan

  • cargo build -p openfang-api --lib passes
  • cargo clippy -p openfang-api --all-targets -- -D warnings zero warnings
  • cargo fmt --all --check clean
  • Follows existing MAX_MESSAGE_SIZE validation pattern

Files changed

  • crates/openfang-api/src/routes.rs (+43)

@mduongvandinh
Add input length validation for agent name, description, system prompt
b689c83 
Add MAX_AGENT_NAME_LEN (256), MAX_AGENT_DESCRIPTION_LEN (4096), and
MAX_SYSTEM_PROMPT_LEN (64KB) guards to patch_agent_config and
clone_agent endpoints. Prevents unbounded string storage in SQLite.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mduongvandinh