Add global body size limit middleware on all POST routes #383

New issue

Closed

opened 2026-04-10 13:33:43 -04:00 by pook · 1 comment

pook commented

2026-04-10 13:33:43 -04:00

Owner

Acceptance criteria:

express.json and express.urlencoded configured with 1MB limit
Returns 413 with JSON { error: 'Payload too large', maxSize: '1MB' } when exceeded
Applied before route handlers so it catches all POST routes
Test that a 1.1MB POST body to any endpoint returns 413
Test that a 500KB body is accepted normally

Generated by CEO Planner (priority: 3)

Add express.json({ limit: '1mb' }) and express.urlencoded({ limit: '1mb', extended: true }) globally to reject any POST request with a body exceeding 1MB. This complements the /api/generate-specific limit in #355 by protecting ALL endpoints. Return 413 Payload Too Large with a JSON error message. Acceptance criteria: - express.json and express.urlencoded configured with 1MB limit - Returns 413 with JSON { error: 'Payload too large', maxSize: '1MB' } when exceeded - Applied before route handlers so it catches all POST routes - Test that a 1.1MB POST body to any endpoint returns 413 - Test that a 500KB body is accepted normally --- *Generated by CEO Planner (priority: 3)*

pook added the

agent-task

label

2026-04-10 13:33:43 -04:00

pook commented

2026-04-10 14:47:40 -04:00

Author

Owner

Bulk-closed 2026-04-10 during pipeline triage.

Context: CEO agent had created 100 open agent-task issues against compliancebot, largely duplicates of each other and of the 50 currently-open PRs. Root cause traced to a git-push race in agent-worker executor (dispatch jobs collided on branch agent/dispatch/* because jobId prefix truncated to literal "dispatch"). Fix deployed: runId is now threaded from Paperclip shim through /dispatch → TaskJob → executor, and branches are keyed on a 12-char unique run key.

What to do next:

Triage the 50 open PRs at https://192.168.183.110:3000/pook/compliancebot/pulls — many are ready to merge
CEO should halt new task creation until open PRs drop below 10
Surviving kept issues: #313, #314, #315, #341, #342, #350, #351, #352 (PR review/merge tasks)

This issue was superseded, not abandoned. Reopen if still relevant after PR triage.

Bulk-closed 2026-04-10 during pipeline triage. **Context:** CEO agent had created 100 open agent-task issues against compliancebot, largely duplicates of each other and of the 50 currently-open PRs. Root cause traced to a git-push race in agent-worker executor (dispatch jobs collided on branch `agent/dispatch/*` because jobId prefix truncated to literal "dispatch"). Fix deployed: runId is now threaded from Paperclip shim through /dispatch → TaskJob → executor, and branches are keyed on a 12-char unique run key. **What to do next:** 1. Triage the 50 open PRs at https://192.168.183.110:3000/pook/compliancebot/pulls — many are ready to merge 2. CEO should halt new task creation until open PRs drop below 10 3. Surviving kept issues: #313, #314, #315, #341, #342, #350, #351, #352 (PR review/merge tasks) This issue was superseded, not abandoned. Reopen if still relevant after PR triage.

pook closed this issue

2026-04-10 14:47:40 -04:00

No labels

agent-task

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pook/compliancebot#383

No description provided.

Rows
Columns