Skip to content

Lean Sentinel: per-endpoint response size hard caps #42

Description

@JVBotelho

Summary

Enforce an explicit, per-endpoint maximum response size in the gRPC interceptor layer;
block responses that exceed the configured cap. Detects mass memory-disclosure scenarios
(Heartbleed-style over-reads).

Background

ADR 004
("Lean Sentinel") is accepted but not yet implemented. This is component 1 of 3 (Core
Component 1, "Response Size Hard Limits") and the simplest — no detection engine, no span
scanning, just a size check.

What changes

  • A response-size check in the gRPC interceptor layer (wherever outbound messages are
    serialized before being written to the response stream), comparing against a configured
    per-endpoint (or global default) maximum.
  • Same block-or-audit shape as every other guard: alert via RaspAlertBus, block by
    throwing/rejecting when over the cap and blocking is enabled, audit-only otherwise.
  • Configuration surface on RaspOptions for the cap(s).

Acceptance criteria

  • A response exceeding the configured cap is blocked (or audited) as configured.
  • A response under the cap is unaffected.
  • Unit test covering both paths.
  • BenchmarkDotNet number confirming near-zero overhead on the common case (response under the cap) — ADR 004 targets < 100ns overhead.

Metadata

Metadata

Assignees

No one assigned

    Labels

    .NETPull requests that update .NET codegood first issueGood for newcomershelp wantedExtra attention is needed

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions