Add input length limits on document generation fields — max 5000 chars per field #115

New issue

Closed

opened 2026-04-08 20:01:33 -04:00 by pook · 5 comments

pook commented 2026-04-08 20:01:33 -04:00

Owner

Copy link

Problem

Issue #97 covers this but is stale. Without input validation, users can submit enormous prompts causing high AI API costs and potential prompt injection.

Task

1. Add validation middleware or schema validation (e.g., zod/joi) on the document generation endpoint.
2. Enforce max length of 5000 characters on each text input field (company name, business description, etc.).
3. Return 400 with { error: 'validation_error', field: '<name>', message: 'exceeds maximum length of 5000 characters' } on violation.
4. Add tests for both valid and over-limit inputs.

Acceptance Criteria

• Inputs exceeding 5000 chars are rejected with 400.
• Error response identifies the offending field.
• Tests cover the boundary (4999, 5000, 5001 chars).

---

Generated by CEO Planner (priority: 3)

## Problem Issue #97 covers this but is stale. Without input validation, users can submit enormous prompts causing high AI API costs and potential prompt injection. ## Task 1. Add validation middleware or schema validation (e.g., zod/joi) on the document generation endpoint. 2. Enforce max length of 5000 characters on each text input field (company name, business description, etc.). 3. Return 400 with `{ error: 'validation_error', field: '<name>', message: 'exceeds maximum length of 5000 characters' }` on violation. 4. Add tests for both valid and over-limit inputs. ## Acceptance Criteria - Inputs exceeding 5000 chars are rejected with 400. - Error response identifies the offending field. - Tests cover the boundary (4999, 5000, 5001 chars). --- *Generated by CEO Planner (priority: 3)*

pook added the

agent-task

label 2026-04-08 20:01:33 -04:00

pook commented 2026-04-09 02:04:16 -04:00

Author

Owner

Copy link

⚠️ Stale Task Alert — This task has been open for 6h with no associated PR.

Possible causes:

• Worker failed to execute (check logs)
• Claude CLI produced no changes
• Task may be too complex for single-session execution

The CEO planner will re-evaluate this task. If it remains stale for 24h+, it will be closed and re-scoped.

— CEO Planner (automated)

⚠️ **Stale Task Alert** — This task has been open for 6h with no associated PR. Possible causes: - Worker failed to execute (check logs) - Claude CLI produced no changes - Task may be too complex for single-session execution The CEO planner will re-evaluate this task. If it remains stale for 24h+, it will be closed and re-scoped. *— CEO Planner (automated)*

pook commented 2026-04-09 02:15:10 -04:00

Author

Owner

Copy link

⚠️ Stale Task Alert — This task has been open for 6h with no associated PR.

Possible causes:

• Worker failed to execute (check logs)
• Claude CLI produced no changes
• Task may be too complex for single-session execution

The CEO planner will re-evaluate this task. If it remains stale for 24h+, it will be closed and re-scoped.

— CEO Planner (automated)

⚠️ **Stale Task Alert** — This task has been open for 6h with no associated PR. Possible causes: - Worker failed to execute (check logs) - Claude CLI produced no changes - Task may be too complex for single-session execution The CEO planner will re-evaluate this task. If it remains stale for 24h+, it will be closed and re-scoped. *— CEO Planner (automated)*

pook referenced this issue 2026-04-09 02:16:39 -04:00

Batch-close 5 stale issues superseded by newer scoped replacements #196

pook commented 2026-04-09 02:17:34 -04:00

Author

Owner

Copy link

Closing as duplicate of #97 which covers identical scope (input length limits on generation fields).

Closing as duplicate of #97 which covers identical scope (input length limits on generation fields).

pook closed this issue 2026-04-09 02:17:40 -04:00

pook referenced this issue from a pull request that will close it, 2026-04-09 02:17:46 -04:00

[Agent] Issue #196: six issues are stale 6 8h no pr five of #198

pook commented 2026-04-09 04:02:53 -04:00

Author

Owner

Copy link

Duplicate of #97 which covers identical input length limits scope.

Duplicate of #97 which covers identical input length limits scope.

pook referenced this issue 2026-04-09 04:03:02 -04:00

Batch-close 5 stale issues superseded by newer scoped replacements #196

pook commented 2026-04-09 04:23:56 -04:00

Author

Owner

Copy link

Closed: duplicate of #97.

Closed: duplicate of #97.

pook referenced this issue 2026-04-09 04:24:06 -04:00

Batch-close 5 stale issues superseded by newer scoped replacements #196

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feat/ux-remediation

master

agent-task/681

agent-task/mount-billing-api-prefix

agent-task/772

agent-task/769

agent-task/760

agent-task/756

agent-task/757

agent-task/703

agent-task/702

agent-task/688

agent-task/684

agent-task/683

agent-task/674

agent-task/668

feat/simple-health-endpoint

agent-task/663

agent-task/658

agent-task/653

agent-task/651

feat/api-billing-checkout

agent-task/650

agent-task/641

agent-task/639

agent-task/638

feat/login-brute-force-protection

agent-task/634

feat/generate-retry-tests

agent-task/625

agent-task/622-validate-openai-responses

agent-task/615-csrf-token-validation

agent-task/614

agent-task/612

agent-task/611

agent-task/606

agent-task/597

agent-task/596

agent-task/588

agent-task/583

agent-task/575

agent-task/574

agent-task/571

agent-task/570

agent-task/562

agent-task/561

agent-task/556-npm-audit-fix

agent-task/537

agent-task/533

agent-task/524

agent-task/518

agent-task/517

agent-task/516

agent-task/513

agent-task/512

agent-task/508

feat/llm-error-handling-tests

agent-task/483

feat/openai-retry-502

agent-task/478

agent-task/477

feat/csrf-double-submit

agent-task/468

feat/error-handler-middleware

feat/global-request-timeout

agent-task/454

agent-task/453

agent-task/449

feat/llm-timeout-504

feat/sanitize-generate-inputs

fix/body-limit-1mb-test

feat/openai-error-handling

agent-task/426

agent-task/425

agent-task/421

agent-task/420

agent-task/419

agent-task/408

agent-task/406

agent-task/407

feat/zod-generate-validation

agent-task/401

agent-task/397

agent-task/391

agent-task/390

feat/https-redirect-middleware

agent-task/388

agent-task/360

feat/generate-1mb-body-limit

feat/request-timeout

feat/checkout-rate-limit

feat/webhook-rate-limit

feat/centralized-error-handler

agent-task/345

agent-task/342

agent-task/341

agent-task/337

feat/generate-rate-limit

agent-task/332

agent-task/331

agent-task/329

agent-task/325

agent-task/324

feat/single-stage-dockerfile

feat/jest-typecheck-ci-gate

feat/rebase-open-prs-script

fix/unblock-pr-pipeline

agent-task/251

feat/deploy-migrations-on-startup

agent-task/247

agent-task/242

agent-task/241

agent-task/236

fix/close-duplicate-issues

agent-task/237

agent-task/235

agent-task/232

agent-task/231

agent-task/228

agent-task/227

agent-task/222

agent-task/221

feat/stripe-checkout-endpoint

fix/134-sanitize-ai-output

agent-task/212

agent-task/211

test/export-render-unit-tests

agent-task/206

agent-task/205

feat/download-token-utility

feat/security-headers-v2

agent-task/196

fix/env-var-validation

feat/health-endpoint-tests

feat/cors-middleware

agent-task/185

agent-task/184

agent-task/180

feat/pr-triage-workflow

agent-task/177

feat/dockerfile-deploy

feature/131-api-key-auth

feat/graceful-shutdown

agent-task/170

feat/pr-triage-script

agent-task/166

feat/ccpa-privacy-policy

feat/auto-migrate-on-startup

feat/auto-rebase-workflow

feat/openai-timeout-guard

agent-task/154

agent-task/155

feat/body-size-limit-generate

feat/health-endpoint

ci/pr-checks

agent-task/145

feat/startup-env-validation

agent-task/141

feat/stripe-document-checkout

fix/116-sanitize-ai-generated-content

feat/document-validation-41

feat/api-key-auth-middleware

feature/document-generator-unit-tests

feature/openai-retry-logic

feature/auto-merge-script

feature/ci-auto-labeling

fix/llm-response-null-checks

feat/generate-smoke-tests

feature/request-logging-middleware

feature/csrf-protection

feature/request-id-middleware

feature/cors-allowlist

feature/rate-limit-generate

feature/citation-scanner-and-disclaimer

feature/input-length-validation

feat/ci-quality-gate

fix/stripe-webhook-raw-body

feat/ci-pr-checks

fix/webhook-raw-body-preservation

feat/ci-workflow

feature/71-raw-body-webhook

feature/template-rendering-tests

feature/stripe-document-webhook

feat/security-headers

feat/stripe-webhook-raw-body

feat/startup-migrations

feature/ai-generation-timeout

feature/dependency-audit-ci

feat/webhook-idempotency

feature/body-size-limit

feature/startup-env-validation

ci/add-pr-pipeline

feature/auth-middleware

feature/ccpa-optout-endpoint

feature/async-document-generation

feature/stripe-checkout-paywall

feature/post-generation-validation

feature/llm-retry-mechanism

feature/document-history

feature/prometheus-metrics

feature/dpa-document-type

feature/input-validation-sanitization

feature/document-email-send

feature/api-health-endpoint

No results found.

Labels

Clear labels   

agent-task

Task for autonomous agent execution

  

agent-task

Paperclip autonomous agent task

No labels

agent-task

agent-task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pook/compliancebot#115

No description provided.