Skip to content

feat: add query length validation with 20k character limit #275

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AshishKumar4 merged 1 commit into from
Dec 18, 2025
Merged

feat: add query length validation with 20k character limit #275

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/api-types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,7 @@ export type {

export type { RateLimitError } from "worker/services/rate-limit/errors";
export type { AgentPreviewResponse, CodeGenArgs } from 'worker/api/controllers/agent/types';
export { MAX_AGENT_QUERY_LENGTH } from 'worker/api/controllers/agent/types';
export type { RateLimitErrorResponse } from 'worker/api/responses';
export { RateLimitExceededError, SecurityError, SecurityErrorType } from '../shared/types/errors.js';

Expand Down
15 changes: 10 additions & 5 deletions src/lib/api-client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -592,11 +592,16 @@ class ApiClient {

async createAgentSession(args: CodeGenArgs): Promise<AgentStreamingResponse> {
try {
const { response, data } = await this.requestRaw('/api/agent', {
method: 'POST',
body: args,
skipJsonParsing: true, // Don't parse JSON for streaming response
});
const { response, data } = await this.requestRaw(
'/api/agent',
{
method: 'POST',
body: args,
skipJsonParsing: true, // Don't parse JSON for streaming response
},
false,
true,
);

// Check if response is ok
if (!response.ok) {
Expand Down
8 changes: 8 additions & 0 deletions src/routes/chat/hooks/use-chat.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
import { toast } from 'sonner';
import {
RateLimitExceededError,
MAX_AGENT_QUERY_LENGTH,
type BlueprintType,
type WebSocketMessage,
type CodeFixEdits,
Expand Down Expand Up @@ -447,6 +448,13 @@ export function useChat({
return;
}

if (userQuery.length > MAX_AGENT_QUERY_LENGTH) {
const errorMsg = `Prompt too large (${userQuery.length} characters). Maximum allowed is ${MAX_AGENT_QUERY_LENGTH} characters.`;
toast.error(errorMsg);
setMessages(() => [createAIMessage('main', errorMsg)]);
return;
}

// Prevent duplicate session creation on rerenders while streaming
connectionStatus.current = 'connecting';

Expand Down
10 changes: 8 additions & 2 deletions src/routes/home.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { ArrowRight, Info } from 'react-feather';
import { useNavigate } from 'react-router';
import { useAuth } from '@/contexts/auth-context';
import { ProjectModeSelector, type ProjectModeOption } from '../components/project-mode-selector';
import type { ProjectType } from '@/api-types';
import { MAX_AGENT_QUERY_LENGTH, SUPPORTED_IMAGE_MIME_TYPES, type ProjectType } from '@/api-types';
import { useFeature } from '@/features';
import { useAuthGuard } from '../hooks/useAuthGuard';
import { usePaginatedApps } from '@/hooks/use-paginated-apps';
Expand All @@ -14,7 +14,6 @@ import { useImageUpload } from '@/hooks/use-image-upload';
import { useDragDrop } from '@/hooks/use-drag-drop';
import { ImageUploadButton } from '@/components/image-upload-button';
import { ImageAttachmentPreview } from '@/components/image-attachment-preview';
import { SUPPORTED_IMAGE_MIME_TYPES } from '@/api-types';
import { toast } from 'sonner';

export default function Home() {
Expand Down Expand Up @@ -89,6 +88,13 @@ export default function Home() {
const discoverReady = useMemo(() => !loading && (apps?.length ?? 0) > 5, [loading, apps]);

const handleCreateApp = (query: string, mode: ProjectType) => {
if (query.length > MAX_AGENT_QUERY_LENGTH) {
toast.error(
`Prompt too large (${query.length} characters). Maximum allowed is ${MAX_AGENT_QUERY_LENGTH} characters.`,
);
return;
}

const encodedQuery = encodeURIComponent(query);
const encodedMode = encodeURIComponent(mode);

Expand Down
9 changes: 9 additions & 0 deletions worker/agents/core/stateMigration.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { StructuredLogger } from '../../logger';
import { TemplateDetails } from 'worker/services/sandbox/sandboxTypes';
import { generateNanoId } from '../../utils/idGenerator';
import { generateProjectName } from '../utils/templateCustomizer';
import { MAX_AGENT_QUERY_LENGTH } from 'worker/api/controllers/agent/types';

// Type guards for legacy state detection
type LegacyFileFormat = {
Expand Down Expand Up @@ -38,6 +39,14 @@ export class StateMigration {
static migrateIfNeeded(state: AgentState, logger: StructuredLogger): AgentState | null {
let needsMigration = false;


// If the query is too long, truncate it to avoid performance issues
if (state.query && state.query.length > MAX_AGENT_QUERY_LENGTH) {
logger.warn("Large prompt detected. Truncating query to avoid performance issues");
state.query = state.query.slice(0, MAX_AGENT_QUERY_LENGTH);
needsMigration = true;
}

//------------------------------------------------------------------------------------
// Migrate files from old schema
//------------------------------------------------------------------------------------
Expand Down
20 changes: 18 additions & 2 deletions worker/api/controllers/agent/controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,13 @@ import { generateId } from '../../../utils/idGenerator';
import { AgentState } from '../../../agents/core/state';
import { BehaviorType, ProjectType } from '../../../agents/core/types';
import { getAgentStub, getTemplateForQuery } from '../../../agents';
import { AgentConnectionData, AgentPreviewResponse, CodeGenArgs } from './types';
import {
AgentConnectionData,
AgentPreviewResponse,
CodeGenArgs,
MAX_AGENT_QUERY_LENGTH,
} from './types';
import { SecurityError, SecurityErrorType } from 'shared/types/errors';
import { ApiResponse, ControllerResponse } from '../types';
import { RouteContext } from '../../types/route-context';
import { ModelConfigService } from '../../../database';
Expand Down Expand Up @@ -59,9 +65,19 @@ export class CodingAgentController extends BaseController {
}

const query = body.query;
if (!query) {
if (typeof query !== 'string' || query.trim().length === 0) {
return CodingAgentController.createErrorResponse('Missing "query" field in request body', 400);
}
if (query.length > MAX_AGENT_QUERY_LENGTH) {
return CodingAgentController.createErrorResponse(
new SecurityError(
SecurityErrorType.INVALID_INPUT,
`Prompt too large (${query.length} characters). Maximum allowed is ${MAX_AGENT_QUERY_LENGTH} characters.`,
413,
),
413,
);
}
const { readable, writable } = new TransformStream({
transform(chunk, controller) {
if (chunk === "terminate") {
Expand Down
2 changes: 2 additions & 0 deletions worker/api/controllers/agent/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ import type { PreviewType } from "../../../services/sandbox/sandboxTypes";
import type { ImageAttachment } from '../../../types/image-attachment';
import type { BehaviorType, ProjectType } from '../../../agents/core/types';

export const MAX_AGENT_QUERY_LENGTH = 20_000;

export interface CodeGenArgs {
query: string;
language?: string;
Expand Down