providers: bound error-body reads with httpware max_error_body_bytes#26
Merged
Conversation
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Pagination moved to get_with_response in the httpware 0.12 bump (#24); the HTTP-client section still named the old helper. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Mark the bundle shipped (status: shipped, pr: 26, outcome filled), move it to changes/archive/, move its Index line to Archived, and clear the now-resolved httpware item from deferred.md. architecture/providers.md was promoted in this PR's earlier commits. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adopt httpware 0.11.0's
max_error_body_bytescap to bound provider error-body reads — a defensive guard against a hostile or malfunctioning forge endpoint returning an oversized error body._MAX_ERROR_BODY_BYTESinsemvertag/ioc.py, passed to_build_gitlab_clientand_build_github_client. httpware raisesResponseTooLargeErroron a 4xx/5xx whose declaredContent-Lengthexceeds the cap, before reading the body.ResponseTooLargeError(aClientError, not aStatusError) routes through_translate_transport, which now maps it to a clearProviderAPIErrornaming the byte counts; guarded for aNonecontent-length.architecture/providers.mddocuments the cap; also corrects a stalesend_with_responsereference left by the 0.12 bump (nowget_with_response).1 MiB is ~200× the largest plausible GitLab/GitHub JSON error body, so normal operation is unchanged; only pathological responses trip the cap. Closes the
planning/deferred.md"httpware bounded-error-body adoption" item.Test Plan
just test— 443 passed, 100% branch coverage (new translation branch + None path + both client-wiring assertions)just lint-ci— eof-fixer, ruff format, ruff check, ty all cleanjust docs-build— strict mkdocs build clean🤖 Generated with Claude Code