Summary
Enforce an explicit, per-endpoint maximum response size in the gRPC interceptor layer;
block responses that exceed the configured cap. Detects mass memory-disclosure scenarios
(Heartbleed-style over-reads).
Background
ADR 004
("Lean Sentinel") is accepted but not yet implemented. This is component 1 of 3 (Core
Component 1, "Response Size Hard Limits") and the simplest — no detection engine, no span
scanning, just a size check.
What changes
- A response-size check in the gRPC interceptor layer (wherever outbound messages are
serialized before being written to the response stream), comparing against a configured
per-endpoint (or global default) maximum.
- Same block-or-audit shape as every other guard: alert via
RaspAlertBus, block by
throwing/rejecting when over the cap and blocking is enabled, audit-only otherwise.
- Configuration surface on
RaspOptions for the cap(s).
Acceptance criteria
Summary
Enforce an explicit, per-endpoint maximum response size in the gRPC interceptor layer;
block responses that exceed the configured cap. Detects mass memory-disclosure scenarios
(Heartbleed-style over-reads).
Background
ADR 004
("Lean Sentinel") is accepted but not yet implemented. This is component 1 of 3 (Core
Component 1, "Response Size Hard Limits") and the simplest — no detection engine, no span
scanning, just a size check.
What changes
serialized before being written to the response stream), comparing against a configured
per-endpoint (or global default) maximum.
RaspAlertBus, block bythrowing/rejecting when over the cap and blocking is enabled, audit-only otherwise.
RaspOptionsfor the cap(s).Acceptance criteria