Merge pull request #12 from Deep-CodeAI/fix/http-resource-limits

Fix/http resource limits

Author: Skobeltsyn

src/main/kotlin/agents_engine/mcp/HttpMcpTransport.kt

@@ -4,6 +4,9 @@ import java.net.URI
 import java.net.http.HttpClient
 import java.net.http.HttpRequest
 import java.net.http.HttpResponse
+import kotlin.time.Duration
+import kotlin.time.Duration.Companion.seconds
+import kotlin.time.toJavaDuration
 
 /**
  * Streamable HTTP transport. Each `rpc()` is a POST whose response is either a JSON body
@@ -13,6 +16,8 @@ import java.net.http.HttpResponse
 internal class HttpMcpTransport(
     private val url: String,
     private val auth: McpAuth = McpAuth.None,
+    private val requestTimeout: Duration = DEFAULT_REQUEST_TIMEOUT,
+    private val maxResponseBytes: Long = DEFAULT_MAX_RESPONSE_BYTES,
 ) : McpTransport {
 
     private var sessionId: String? = null
@@ -28,20 +33,28 @@ internal class HttpMcpTransport(
             .uri(URI.create(url))
             .header("Content-Type", "application/json")
             .header("Accept", "application/json, text/event-stream")
+            .timeout(requestTimeout.toJavaDuration())
             .also { if (sessionId != null) it.header("Mcp-Session-Id", sessionId!!) }
             .also { applyAuth(it) }
             .POST(HttpRequest.BodyPublishers.ofString(envelope))
-        val response = http.send(builder.build(), HttpResponse.BodyHandlers.ofString())
+        // #853 — bounded read so a malicious upstream MCP server can't OOM us.
+        val response = http.send(builder.build(), HttpResponse.BodyHandlers.ofInputStream())
+        val cap = maxResponseBytes.coerceAtMost(Int.MAX_VALUE.toLong()).toInt()
+        val bytes = response.body().use { it.readNBytes(cap + 1) }
+        if (bytes.size > cap) {
+            error("MCP response exceeded $maxResponseBytes bytes; aborting to prevent OOM")
+        }
+        val bodyStr = String(bytes, Charsets.UTF_8)
         if (response.statusCode() !in 200..299) {
-            error("MCP HTTP ${response.statusCode()}: ${response.body()}")
+            error("MCP HTTP ${response.statusCode()}: $bodyStr")
         }
         response.headers().firstValue("mcp-session-id").ifPresent { sessionId = it }
         if (!expectBody) return ""
         val ct = response.headers().firstValue("content-type").orElse("")
         return if (ct.startsWith("text/event-stream")) {
-            extractSseJson(response.body())
-                ?: error("MCP SSE response had no JSON data event: ${response.body()}")
-        } else response.body()
+            extractSseJson(bodyStr)
+                ?: error("MCP SSE response had no JSON data event: $bodyStr")
+        } else bodyStr
     }
 
     private fun applyAuth(builder: HttpRequest.Builder) {
@@ -52,7 +65,16 @@ internal class HttpMcpTransport(
     }
 
     companion object {
-        private val http: HttpClient = HttpClient.newHttpClient()
+        // See #852.
+        val DEFAULT_REQUEST_TIMEOUT: Duration = 60.seconds
+        val DEFAULT_CONNECT_TIMEOUT: Duration = 10.seconds
+
+        // 8 MiB — MCP responses are typically small JSON-RPC envelopes. See #853.
+        const val DEFAULT_MAX_RESPONSE_BYTES: Long = 8L * 1024 * 1024
+
+        private val http: HttpClient = HttpClient.newBuilder()
+            .connectTimeout(DEFAULT_CONNECT_TIMEOUT.toJavaDuration())
+            .build()
 
         private fun extractSseJson(body: String): String? =
             body.lineSequence()

src/main/kotlin/agents_engine/mcp/McpServer.kt

@@ -33,6 +33,7 @@ class McpServer private constructor(
     private val agent: Agent<*, *>,
     private val exposedSkills: List<ExposedSkill>,
     private val portRequest: Int,
+    private val maxRequestBytes: Long = DEFAULT_MAX_REQUEST_BYTES,
 ) {
     private var http: HttpServer? = null
     private val sessionId: String = java.util.UUID.randomUUID().toString()
@@ -66,7 +67,21 @@ class McpServer private constructor(
                 respond(exchange, 415, """{"error":"Unsupported Media Type — expected application/json"}""")
                 return
             }
-            val bodyText = exchange.requestBody.bufferedReader().use { it.readText() }
+            // #851 — bound the request body before reading. Honors Content-Length when
+            // present; falls back to a length-bounded read otherwise. Avoids OOM from
+            // a same-host process posting a multi-GB body to the loopback server.
+            val declaredLength = exchange.requestHeaders.getFirst("Content-Length")?.toLongOrNull()
+            if (declaredLength != null && declaredLength > maxRequestBytes) {
+                respond(exchange, 413, """{"error":"Payload Too Large — limit is $maxRequestBytes bytes"}""")
+                return
+            }
+            val cap = maxRequestBytes.coerceAtMost(Int.MAX_VALUE.toLong()).toInt()
+            val bodyBytes = exchange.requestBody.use { it.readNBytes(cap + 1) }
+            if (bodyBytes.size > cap) {
+                respond(exchange, 413, """{"error":"Payload Too Large — limit is $maxRequestBytes bytes"}""")
+                return
+            }
+            val bodyText = String(bodyBytes, Charsets.UTF_8)
             val request = LenientJsonParser.parse(bodyText) as? Map<*, *>
                 ?: return respond(exchange, 400, "{}")
             val method = request["method"] as? String ?: return respond(exchange, 400, "{}")
@@ -150,6 +165,10 @@ class McpServer private constructor(
     }
 
     companion object {
+        // 8 MiB — generous for tools/call payloads, far short of OOM on a typical
+        // JVM heap. See #851.
+        const val DEFAULT_MAX_REQUEST_BYTES: Long = 8L * 1024 * 1024
+
         fun from(agent: Agent<*, *>, block: McpExposeBuilder.() -> Unit): McpServer {
             val builder = McpExposeBuilder().apply(block)
             require(builder.exposedNames.isNotEmpty()) {
@@ -165,13 +184,15 @@ class McpServer private constructor(
                 }
                 ExposedSkill.of(skill)
             }
-            return McpServer(agent, exposed, builder.port)
+            return McpServer(agent, exposed, builder.port, builder.maxRequestBytes)
         }
     }
 }
 
 class McpExposeBuilder internal constructor() {
     var port: Int = 0  // 0 = auto-assign
+    /** Hard cap on inbound request body size. See #851. */
+    var maxRequestBytes: Long = McpServer.DEFAULT_MAX_REQUEST_BYTES
     internal val exposedNames = mutableListOf<String>()
 
     fun expose(skillName: String) { exposedNames += skillName }

src/main/kotlin/agents_engine/model/OllamaClient.kt

@@ -6,6 +6,9 @@ import java.net.URI
 import java.net.http.HttpClient
 import java.net.http.HttpRequest
 import java.net.http.HttpResponse
+import kotlin.time.Duration
+import kotlin.time.Duration.Companion.seconds
+import kotlin.time.toJavaDuration
 
 internal data class ParsedToolArguments(
     val arguments: Map<String, Any?>,
@@ -55,10 +58,18 @@ open class OllamaClient(
     private val model: String,
     private val temperature: Double = 0.7,
     private val tools: List<ToolDef> = emptyList(),
+    /** Per-request wall-clock cap. See #852. */
+    private val requestTimeout: Duration = DEFAULT_REQUEST_TIMEOUT,
+    /** TCP connect timeout for the underlying HttpClient. See #852. */
+    private val connectTimeout: Duration = DEFAULT_CONNECT_TIMEOUT,
+    /** Hard cap on response body size — anything bigger throws. See #853. */
+    private val maxResponseBytes: Long = DEFAULT_MAX_RESPONSE_BYTES,
 ) : ModelClient {
     private val baseUrl = "http://$host:$port"
 
-    private val http = HttpClient.newHttpClient()
+    private val http: HttpClient = HttpClient.newBuilder()
+        .connectTimeout(connectTimeout.toJavaDuration())
+        .build()
 
     /**
      * #706: Once a model has been observed to reject native tools, skip the native
@@ -99,9 +110,33 @@ open class OllamaClient(
         val request = HttpRequest.newBuilder()
             .uri(URI.create("$baseUrl/api/chat"))
             .header("Content-Type", "application/json")
+            .timeout(requestTimeout.toJavaDuration())
             .POST(HttpRequest.BodyPublishers.ofString(body))
             .build()
-        return http.send(request, HttpResponse.BodyHandlers.ofString()).body()
+        // #853 — bounded read so a malicious or buggy upstream can't OOM us.
+        val response = http.send(request, HttpResponse.BodyHandlers.ofInputStream())
+        val cap = maxResponseBytes.coerceAtMost(Int.MAX_VALUE.toLong()).toInt()
+        val bytes = response.body().use { it.readNBytes(cap + 1) }
+        if (bytes.size > cap) {
+            throw LlmProviderException(
+                "Ollama response exceeded $maxResponseBytes bytes; aborting to prevent OOM",
+            )
+        }
+        return String(bytes, Charsets.UTF_8)
+    }
+
+    companion object {
+        // 60s — chat completions can be slow; large enough not to false-trip on
+        // legitimate long responses, small enough to bound a hung Ollama instance.
+        // See #852.
+        val DEFAULT_REQUEST_TIMEOUT: Duration = 60.seconds
+
+        // 10s — TCP connect should never take this long on a healthy network.
+        val DEFAULT_CONNECT_TIMEOUT: Duration = 10.seconds
+
+        // 16 MiB — LLM responses can be large but not THAT large; cap keeps OOM
+        // off the table when the upstream is malicious or buggy. See #853.
+        const val DEFAULT_MAX_RESPONSE_BYTES: Long = 16L * 1024 * 1024
     }
 
     private fun isNativeToolCapabilityError(msg: String?): Boolean =

src/test/kotlin/agents_engine/mcp/McpServerBodySizeLimitTest.kt

@@ -0,0 +1,76 @@
+package agents_engine.mcp
+
+import agents_engine.core.agent
+import java.net.URI
+import java.net.http.HttpClient
+import java.net.http.HttpRequest
+import java.net.http.HttpResponse
+import kotlin.test.AfterTest
+import kotlin.test.Test
+import kotlin.test.assertEquals
+import kotlin.test.assertTrue
+
+// Tests for #851 — McpServer caps request body size and returns 413 before
+// loading the entire body into memory.
+class McpServerBodySizeLimitTest {
+
+    private val toStop = mutableListOf<() -> Unit>()
+
+    @AfterTest fun cleanup() { toStop.forEach { runCatching { it() } } }
+
+    private fun trivialAgent() = agent<String, String>("greeter") {
+        skills { skill<String, String>("greet", "Greets") { implementedBy { "hi $it" } } }
+    }
+
+    private fun startServer(maxBytes: Long = McpServer.DEFAULT_MAX_REQUEST_BYTES): McpServer {
+        val server = McpServer.from(trivialAgent()) {
+            expose("greet")
+            port = 0
+            maxRequestBytes = maxBytes
+        }.start()
+        toStop.add { server.stop() }
+        return server
+    }
+
+    private fun postRaw(url: String, body: String, contentLength: Long? = null): HttpResponse<String> {
+        val builder = HttpRequest.newBuilder()
+            .uri(URI.create(url))
+            .header("Content-Type", "application/json")
+            .POST(HttpRequest.BodyPublishers.ofString(body))
+        if (contentLength != null) {
+            // The JDK HttpClient sets Content-Length automatically; this branch is here
+            // for explicit-override tests if the framework ever needs them.
+            builder.setHeader("Content-Length", contentLength.toString())
+        }
+        return HttpClient.newHttpClient().send(builder.build(), HttpResponse.BodyHandlers.ofString())
+    }
+
+    @Test
+    fun `request larger than the cap is rejected with 413`() {
+        val server = startServer(maxBytes = 1024)  // 1 KiB cap for the test
+        val tooBig = "x".repeat(2048)  // 2 KiB
+        val response = postRaw(server.url, """{"jsonrpc":"2.0","id":1,"method":"ping","params":{"pad":"$tooBig"}}""")
+        assertEquals(413, response.statusCode())
+        assertTrue(
+            response.body().contains("Payload Too Large", ignoreCase = true),
+            "expected error body to mention size limit; got: ${response.body()}",
+        )
+    }
+
+    @Test
+    fun `request exactly at the cap is processed normally`() {
+        val server = startServer(maxBytes = 16 * 1024)  // 16 KiB cap
+        // Build a request that's well under the cap but uses real JSON-RPC shape.
+        val response = postRaw(server.url, """{"jsonrpc":"2.0","id":1,"method":"ping"}""")
+        assertEquals(200, response.statusCode())
+        assertTrue(response.body().contains("\"result\""), "expected success: ${response.body()}")
+    }
+
+    @Test
+    fun `default cap accepts a normal-sized tools-list request`() {
+        // Sanity: the default cap doesn't break ordinary traffic.
+        val server = startServer()  // default
+        val response = postRaw(server.url, """{"jsonrpc":"2.0","id":1,"method":"tools/list"}""")
+        assertEquals(200, response.statusCode())
+    }
+}

src/test/kotlin/agents_engine/model/OllamaClientResponseSizeLimitTest.kt

@@ -0,0 +1,69 @@
+package agents_engine.model
+
+import com.sun.net.httpserver.HttpServer
+import java.net.InetSocketAddress
+import kotlin.test.AfterTest
+import kotlin.test.Test
+import kotlin.test.assertEquals
+import kotlin.test.assertTrue
+import kotlin.test.fail
+
+// Tests for #853 — OllamaClient enforces a hard cap on inbound response body size.
+// A malicious or buggy upstream that streams unbounded bytes must not OOM the JVM.
+class OllamaClientResponseSizeLimitTest {
+
+    private val toStop = mutableListOf<() -> Unit>()
+
+    @AfterTest fun cleanup() { toStop.forEach { runCatching { it() } } }
+
+    /** Starts a stub server that returns the given bytes for any /api/chat POST. */
+    private fun startStub(responseBytes: ByteArray): Int {
+        val server = HttpServer.create(InetSocketAddress("127.0.0.1", 0), 0)
+        server.createContext("/api/chat") { ex ->
+            ex.responseHeaders.add("Content-Type", "application/json")
+            ex.sendResponseHeaders(200, responseBytes.size.toLong())
+            ex.responseBody.use { it.write(responseBytes) }
+        }
+        server.executor = null
+        server.start()
+        toStop.add { server.stop(0) }
+        return server.address.port
+    }
+
+    @Test
+    fun `response above maxResponseBytes throws LlmProviderException`() {
+        // Stub returns 5 KiB; client cap is 1 KiB.
+        val port = startStub(ByteArray(5 * 1024) { 'x'.code.toByte() })
+        val client = OllamaClient(
+            host = "127.0.0.1",
+            port = port,
+            model = "fake",
+            maxResponseBytes = 1024,
+        )
+        try {
+            client.chat(listOf(LlmMessage("user", "hi")))
+            fail("expected LlmProviderException for over-cap response")
+        } catch (e: LlmProviderException) {
+            assertTrue(
+                e.message!!.contains("exceeded", ignoreCase = true) ||
+                    e.message!!.contains("OOM", ignoreCase = true),
+                "expected size-limit message, got: ${e.message}",
+            )
+        }
+    }
+
+    @Test
+    fun `response at the cap is processed normally`() {
+        val body = """{"message":{"content":"ok"}}""".toByteArray(Charsets.UTF_8)
+        val port = startStub(body)
+        val client = OllamaClient(
+            host = "127.0.0.1",
+            port = port,
+            model = "fake",
+            maxResponseBytes = 4096,
+        )
+        val response = client.chat(listOf(LlmMessage("user", "hi")))
+        assertTrue(response is LlmResponse.Text, "expected text response, got: $response")
+        assertEquals("ok", (response as LlmResponse.Text).content)
+    }
+}

src/test/kotlin/agents_engine/model/OllamaClientTimeoutTest.kt

@@ -0,0 +1,54 @@
+package agents_engine.model
+
+import com.sun.net.httpserver.HttpServer
+import java.net.InetSocketAddress
+import java.net.http.HttpTimeoutException
+import kotlin.test.AfterTest
+import kotlin.test.Test
+import kotlin.test.assertTrue
+import kotlin.test.fail
+import kotlin.time.Duration.Companion.milliseconds
+
+// Tests for #852 — OllamaClient enforces a per-request HTTP timeout.
+// A non-responsive endpoint must NOT block the caller indefinitely.
+class OllamaClientTimeoutTest {
+
+    private val toStop = mutableListOf<() -> Unit>()
+
+    @AfterTest fun cleanup() { toStop.forEach { runCatching { it() } } }
+
+    /** Starts a stub HTTP server that accepts the connection and never replies. */
+    private fun startBlackHole(): Int {
+        val server = HttpServer.create(InetSocketAddress("127.0.0.1", 0), 0)
+        server.createContext("/api/chat") { /* never write a response — exchange leaks */ }
+        server.executor = null
+        server.start()
+        toStop.add { server.stop(0) }
+        return server.address.port
+    }
+
+    @Test
+    fun `request that exceeds requestTimeout throws HttpTimeoutException`() {
+        val port = startBlackHole()
+        val client = OllamaClient(
+            host = "127.0.0.1",
+            port = port,
+            model = "fake",
+            requestTimeout = 250.milliseconds,
+        )
+
+        val started = System.nanoTime()
+        try {
+            client.chat(listOf(LlmMessage("user", "hi")))
+            fail("expected HttpTimeoutException; chat returned normally")
+        } catch (e: HttpTimeoutException) {
+            val elapsedMs = (System.nanoTime() - started) / 1_000_000
+            assertTrue(
+                elapsedMs in 200..2_000,
+                "timeout fired but elapsed=${elapsedMs}ms, expected ~250ms (sanity bound)",
+            )
+        } catch (e: Throwable) {
+            fail("expected HttpTimeoutException, got ${e::class.simpleName}: ${e.message}")
+        }
+    }
+}