fix(guard, runner): enforce http body size and ws msg size

[MasterPtato]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

Fixes RVT-5967

[railway-app]

🚅 Deployed to the rivet-pr-4252 environment in rivet-frontend

Service	Status	Web	Updated (UTC)
frontend-inspector	❌ Build Failed (View Logs)	Web	Feb 21, 2026 at 1:49 am
frontend-cloud	❌ Build Failed (View Logs)	Web	Feb 21, 2026 at 1:48 am
ladle	❌ Build Failed (View Logs)	Web	Feb 21, 2026 at 1:42 am
website	❌ Build Failed (View Logs)	Web	Feb 21, 2026 at 1:41 am
mcp-hub	✅ Success (View Logs)	Web	Feb 21, 2026 at 1:41 am

[MasterPtato]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(guard, runner): enforce http body size and ws msg size #4252 👈 (View in Graphite)
• fix(pegboard): add threshold parameters to runner protocol metadata #4247
• chore: get docker compose working again #4246
• fix(epoxy): make quorum sizes match paper #4234
• fix(gas): gracefully handle corrupt wf #4220 : 1 other dependent PR (#4235 )
• chore: improve debugging for runners #4219
• fix: add max prunes to pruner #4191
• fix: add max param to prune signals cmd #4190
• fix: reduce metrics aggregator cardinality #4183
• fix: docker cache issues, dashboards #4181
• main

---

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[linear]

RVT-5967 Add HTTP body size limits to pegboard gateway tunnel

[claude]

PR Review: fix(guard, runner): enforce http body size and ws msg size

Good defense-in-depth approach to enforcing size limits at multiple layers (guard proxy, runner WS tunnel). The overall design is sound. A few issues worth addressing:

---

Issues

1. HTTP 413 returned for non-size body read errors

In proxy_service.rs, Limited::collect().await can fail for two distinct reasons:

• The body exceeds MAX_BODY_SIZE (correct → 413)
• The underlying body read fails (e.g., connection dropped mid-request → this should be a different status, not 413)

Both are currently mapped to InvalidRequestBody and 413 via:

.map_err(|err| errors::InvalidRequestBody(err.to_string()).build())?

LengthLimitError can be downcast or inspected to distinguish the limit case from an inner transport error. Consider adding a separate error variant (e.g., RequestBodyReadError) that maps to 400 or 500 for non-size failures, so clients aren't told their payload is too large when the connection simply dropped.

2. Missing newline at end of JSON artifact files

Both engine/artifacts/errors/guard.invalid_request_body.json and guard.invalid_response_body.json are missing a trailing newline (\ No newline at end of file). This should be consistent with other artifact files in the directory.

3. TextEncoder allocation for string WebSocket size check

In websocket-tunnel-adapter.ts:

const encoder = new TextEncoder();
if (encoder.encode(data).byteLength > MAX_BODY_SIZE) {

This encodes the entire string into a new Uint8Array just to measure byte length, allocating up to 20 MiB of memory for a message at the size limit. Since the worst-case UTF-8 expansion of a JavaScript string (UTF-16) is 3x, a cheaper two-phase check could skip the allocation for most messages:

// Fast path: JS string length * 3 is worst-case UTF-8 byte count
if (data.length * 3 > MAX_BODY_SIZE) {
    // Precise check only when needed
    if (new TextEncoder().encode(data).byteLength > MAX_BODY_SIZE) {
        throw new Error("WebSocket message too large");
    }
}

---

Observations

Cross-language constant synchronization

MAX_BODY_SIZE is defined in Rust (proxy_service.rs) and duplicated in TypeScript (utils.ts) with a manual sync comment. This is acceptable, but it's a potential drift point. If the constant changes in one place and not the other, enforcement becomes inconsistent. The comment is good, but this is worth being aware of in future changes.

TypeScript response body fully buffered before size check

In tunnel.ts:

const body = response.body ? await response.arrayBuffer() : null;
if (body && body.byteLength > MAX_BODY_SIZE) {

The full response is buffered before the size check, which means a very large response could OOM the runner before being rejected. This is unavoidable with arrayBuffer() but the guard-side Limited check on the response path (proxy_service.rs ~L800) provides the real protection here. The TypeScript check is a useful secondary guard. The layered approach is reasonable.

tunnel_message_inner_data_len rename

The rename to tunnel_message_inner_data_len_mk2 and addition of tunnel_message_inner_data_len_mk1 is clean and clearly separates the two protocol versions. The mk1 version correctly adds DeprecatedTunnelAck => 0 which was absent from the shared implementation.

Note in pegboard-gateway

The added comment // NOTE: Size constraints have already been applied by guard correctly documents the assumed invariant. This is good, though it means a future deployment path that bypasses guard would silently skip size enforcement in the gateway.

---

Minor

• The capitalization changes to internal error strings in tunnel.ts ("invalid websocket ack index" → "Invalid websocket ack index") are stylistically fine, but inconsistent with the Rust side which uses lowercase ("payload too large"). Not a blocker.
• Typo fix in actor-driver.ts (immeidatley → immediately) is a welcome cleanup.

[graphite-app]

Add a newline at the end of the file to fix the 'No newline at end of file' linting error

Spotted by Graphite Agent (based on CI logs)



Is this helpful? React 👍 or 👎 to let us know.