Skip to content

feat(ocap-kernel): add resource limits for remote communications #714

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sirtimid wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat(ocap-kernel): add resource limits for remote communications #714

sirtimid wants to merge 8 commits into from

Conversation

@sirtimid
Copy link
Contributor

@sirtimid sirtimid commented Dec 18, 2025
edited by cursor bot
Loading

Closes #660

  • Add connection limit (default 100 concurrent connections)
  • Add message size limit (default 1MB per message)
  • Add stale peer cleanup (removes data for peers disconnected >1 hour)
  • Make all limits configurable via RemoteCommsOptions
  • Add ResourceLimitError for limit violations
  • Add comprehensive tests for all resource limits

This prevents memory exhaustion and manages system resources by:

  • Rejecting new connections when limit is reached
  • Rejecting messages exceeding size limit
  • Periodically cleaning up stale peer data

Note

Enforces connection and message-size limits with stale peer cleanup, adds ResourceLimitError, and updates reconnection and stream-closing logic.

  • ocap-kernel (remotes):
    • Resource limits:
      • Enforce max concurrent connections (default 100) on outbound and inbound paths with race-condition safeguards.
      • Enforce max message size (default 1MB) via pre-send validation.
      • Periodic stale peer cleanup (default every 15m; peers stale after 1h) with tracking of lastConnectionTime.
      • All limits configurable via RemoteCommsOptions (maxConcurrentConnections, maxMessageSizeBytes, cleanupIntervalMs, stalePeerTimeoutMs).
    • Reconnection: Respects connection limit, continues retries if blocked; flushes queues with timeout-protected writes; centralized give-up handling.
    • Inbound handling: Rejects connections when limits reached; ignores intentionally closed peers.
    • Utilities: Add closeChannel in ConnectionFactory to close/abort underlying stream; add registerChannel, checkConnectionLimit, validateMessageSize helpers.
    • Tests: Comprehensive coverage for limits, cleanup, reconnection behavior, race conditions, and close/abort paths.
  • kernel-errors:
    • New ResourceLimitError: Code RESOURCE_LIMIT_ERROR, marshaling schema/validation and unmarshal support; exported and mapped in errorClasses with tests.

Written by Cursor Bugbot for commit 8e04986. This will update automatically on new commits. Configure here.

@sirtimid sirtimid requested a review from a team as a code owner December 18, 2025 14:38
cursor[bot]
cursor bot reviewed Dec 18, 2025
View reviewed changes
@sirtimid sirtimid force-pushed the sirtimid/remote-comms-resource-limits branch from a40d3eb to 96f26e2 Compare December 18, 2025 15:05
cursor[bot]
cursor bot reviewed Dec 18, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Dec 19, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Dec 19, 2025
View reviewed changes
@sirtimid
feat(ocap-kernel): add resource limits for remote communications
0e4059f 
- Add connection limit (default 100 concurrent connections)
- Add message size limit (default 1MB per message)
- Add stale peer cleanup (removes data for peers disconnected >1 hour)
- Make all limits configurable via RemoteCommsOptions
- Add ResourceLimitError for limit violations
- Add comprehensive tests for all resource limits

This prevents memory exhaustion and manages system resources by:
- Rejecting new connections when limit is reached
- Rejecting messages exceeding size limit
- Periodically cleaning up stale peer data
@sirtimid
fix bugs
1627ba6
@sirtimid
merge
33be846
@sirtimid
close channel to release network resources
e12be1b
@sirtimid
small refactor
a0aa335
@sirtimid
update last timestamp on inbound message receipt
c0795cc
@sirtimid
fix yet another bug
25e81ac
@sirtimid sirtimid force-pushed the sirtimid/remote-comms-resource-limits branch from b6c23e0 to 25e81ac Compare December 19, 2025 19:55
cursor[bot]
cursor bot reviewed Dec 19, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remote comms: Implement Resource Limits

2 participants

@sirtimid