Hongming Wang 0a06cb4fc9 fix(cp_provisioner): cap IsRunning body read at 64 KiB ... IsRunning used an unbounded json.NewDecoder(resp.Body).Decode on CP status responses. Start already caps its body read at 64 KiB (cp_provisioner.go:137) to defend against a misconfigured or compromised CP streaming a huge body and exhausting memory. IsRunning is called reactively per-request from a2a_proxy and periodically from healthsweep, so it's a hotter path than Start and arguably deserves the same defense more. Adds TestIsRunning_BoundedBodyRead that serves a body padded past the cap and asserts the decode still succeeds on the JSON prefix. Follow-up to code-review Nit-2 on #1073. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-04-20 09:06:20 -07:00
..
cmd/server	feat(ws-server): pull env from CP on startup	2026-04-19 02:41:15 -07:00
internal	fix(cp_provisioner): cap IsRunning body read at 64 KiB	2026-04-20 09:06:20 -07:00
migrations	Merge pull request #976 from Molecule-AI/feat/last-outbound-at-817	2026-04-19 00:30:01 -07:00
pkg/provisionhook	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
.gitignore	feat(ws-server): pull env from CP on startup	2026-04-19 02:41:15 -07:00
Dockerfile	fix: Dockerfile go.sum path after platform → workspace-server rename	2026-04-18 00:31:16 -07:00
Dockerfile.tenant	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
entrypoint-tenant.sh	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
go.mod	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
go.sum	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00