docs(security): document primary-surface-first extraction ordering#433
Merged
VascoSch92 merged 4 commits intoMay 22, 2026
Merged
Conversation
Document the per-field extraction cap introduced in OpenHands/software-agent-sdk#2709. Explains the starvation vector, the fix, and the remaining boundaries. Coding-Agent: claude-code Model: claude-opus-4-6
all-hands-bot
approved these changes
Apr 4, 2026
Contributor
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
Taste Rating: 🟢 Good taste
Clean technical documentation that accurately describes the implementation in SDK PR #2709. All claims verified against source code:
✅ _FIELD_CAP = _EXTRACT_HARD_CAP // 2 implementation
✅ Starvation vector accurately described
✅ Remaining boundaries match xfail tests
✅ tool_name has no length validation (verified in ActionEvent)
Worth merging.
The "extraction budget and per-field cap" section described a proposed `_FIELD_CAP` design that never shipped. Rewrite it to match the merged mechanism (#2709): one shared 30k budget per corpus consumed in priority order (arguments first for exec, summary first for reasoning), with no per-field cap. Both previously listed "remaining boundaries" are closed by the ordering; the only real residual is a single-field payload past 30k, already covered in the limitations table.
Fieldnote-Echo
changed the title
Contributor
Author
|
@VascoSch92 gentle nudge -- this one was outdated, I updated the docs to match the deployed code. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Documents the extraction-budget behavior shipped in OpenHands/software-agent-sdk#2709.
Adds a subsection under the existing "Known limitations" explaining that the 30k scanning budget is shared per corpus and consumed in priority order: the primary attack surface is extracted first (
tool_call.argumentsfor executable fields,summaryfor reasoning fields), so it always receives budget even when a later field is adversarially large. This is ordering, not a per-field cap.The one real residual (a strict xfail): a payload past 30k within a single field stays invisible, the deliberate ReDoS trade-off already noted in the limitations table.
Companion to OpenHands/software-agent-sdk#2709.