mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-13 07:26:05 +00:00
fix(provider-transport-fetch): raise SSE sanitize buffer cap to 16 MiB
The 64 KiB inter-event SSE sanitize buffer added in #96989 rejects a single legitimate event larger than 64 KiB — e.g. a large gpt-5.5 reasoning summary on the openai-chatgpt-responses API — throwing "SSE response exceeded max buffer size (65536 bytes) without event boundary" and failing the whole request. The default ChatGPT-subscription gpt-5.5 path is unusable (present in v2026.6.11-beta.1). Decouple the two bounds: keep the non-OK error-body cap tight at 64 KiB (SSE_NONOK_BODY_MAX_BYTES), and raise the inter-event sanitize buffer to the same 16 MiB ceiling as the JSON-synthesis path. The guard still trips on a genuinely boundary-less (hostile/broken) stream, just not on a real large event. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
committed by
Ayaan Zaidi
parent
c16bb8725a
commit
81d60ca30d
@@ -1370,7 +1370,7 @@ describe("buildGuardedModelFetch", () => {
|
||||
});
|
||||
|
||||
it("errors on oversized SSE body without event boundary in sanitizer", async () => {
|
||||
const oversized = "x".repeat(65 * 1024);
|
||||
const oversized = "x".repeat(16 * 1024 * 1024 + 1024);
|
||||
const encoder = new TextEncoder();
|
||||
fetchWithSsrFGuardMock.mockResolvedValue({
|
||||
response: new Response(
|
||||
|
||||
@@ -51,10 +51,16 @@ const log = createSubsystemLogger("provider-transport-fetch");
|
||||
* without Content-Length. */
|
||||
const SSE_SYNTHESIZE_JSON_MAX_BYTES = 16 * 1024 * 1024;
|
||||
|
||||
/** Max bytes read from a non-OK (error) response body before truncation. Error
|
||||
* payloads are small, so keep this tight to bound memory on a hostile error stream. */
|
||||
const SSE_NONOK_BODY_MAX_BYTES = 64 * 1024;
|
||||
|
||||
/** Max bytes for the internal SSE sanitization buffer between event boundaries.
|
||||
* A response that cannot find a \n\n boundary within this many characters is
|
||||
* almost certainly hostile or broken — cap the buffer rather than let it grow. */
|
||||
const SSE_SANITIZE_BUFFER_MAX_BYTES = 64 * 1024;
|
||||
* A single legitimate event (e.g. a large reasoning summary on the chatgpt-responses
|
||||
* API) can far exceed 64 KiB, so bound this at the same 16 MiB ceiling as the
|
||||
* JSON-synthesis path: only a genuinely boundary-less (hostile/broken) stream trips
|
||||
* the guard, not a real large event. */
|
||||
const SSE_SANITIZE_BUFFER_MAX_BYTES = 16 * 1024 * 1024;
|
||||
|
||||
const BLOCKED_EXACT_ORIGIN_TRUST_HOSTNAME_LABELS = new Set(["instance-data"]);
|
||||
const PLAIN_DECIMAL_NUMBER_RE = /^\d+(?:\.\d+)?$/;
|
||||
@@ -132,7 +138,7 @@ function sanitizeOpenAISdkSseResponse(
|
||||
return response;
|
||||
}
|
||||
if (!response.ok) {
|
||||
return capNonOkResponseBodyLazily(response, SSE_SANITIZE_BUFFER_MAX_BYTES);
|
||||
return capNonOkResponseBodyLazily(response, SSE_NONOK_BODY_MAX_BYTES);
|
||||
}
|
||||
if (
|
||||
options?.synthesizeJsonAsSse === true &&
|
||||
|
||||
Reference in New Issue
Block a user