Skip to content

🛡️ Sentinel: [MEDIUM] Add input validation to gateway.py#44

Closed
sl4m3 wants to merge 338 commits into
mainfrom
sentinel-input-validation-dos-1412164169102425288
Closed

🛡️ Sentinel: [MEDIUM] Add input validation to gateway.py#44
sl4m3 wants to merge 338 commits into
mainfrom
sentinel-input-validation-dos-1412164169102425288

Conversation

@sl4m3

@sl4m3 sl4m3 commented Mar 2, 2026

Copy link
Copy Markdown
Owner

Added pydantic.Field constraints (max_length, min_length, ge, le) to API request models (SearchRequest, RecordRequest) in src/ledgermind/server/gateway.py to prevent Denial of Service (DoS) conditions caused by massive payload strings. Also recorded this learning in .jules/sentinel.md.


PR created automatically by Jules for task 1412164169102425288 started by @sl4m3

sl4m3 added 30 commits February 17, 2026 20:50
- Bump version to 2.4.4 across all components.
- Implement 6-hour knowledge cooldown and relevance threshold (0.55).
- Update README.md with version details and injection optimizations.
- Simplified GovernanceEngine: removed complex cooldown logic and init protocols.
- Added vector model warmup in CLI to reduce first-injection latency.
- Enhanced input cleaning: aggressive ANSI stripping and non-word character filtering.
- Improved PTYDriver stability and signal handling.
- Refactored tests to match the new lightweight architecture.
- Activate autonomous heartbeat loop in MCPServer with persistent timers
- Implement physical vector deletion in VectorStore upon memory forget
- Enable persistent Git indexing via SemanticMetaStore configuration
- Integrate ConflictEngine and TransitionValidator for deep integrity
- Implement evidence-based ranking and popularity tracking (hit_count)
- Enhance KnowledgeGraph with evidence counts and Mermaid links
- Integrate TransactionManager for synchronized file/DB rollbacks
- Activate REST Gateway endpoints, structured JSON logging, and API spec
- Update project version to 2.5.1 and add comprehensive verification suite
…5.2)

- Fix FileSystemLock bug preventing correct fcntl lock wait/retry
- Implement late-bind conflict detection inside transactions to prevent race conditions
- Index decision rationale in VectorStore and SemanticMetaStore for improved search relevance
- Update IntegrationBridge to return structured context with knowledge markers
- Bump version to 2.5.2 (core, package, and MCP API)
- Update README.md to reflect v2.5.2 features and structure
- Translate INTEGRATION_GUIDE.md, QUICKSTART.md, and COMPARISON.md to Russian
- Refine documentation style to match project standards (BLUF, 80-char wrap, active voice)
- Fix section numbering and improve navigation links in tutorials
- Implement Metadata Cache for full context in SemanticMetaStore (context_json)
- Refactor ReflectionEngine to eliminate N+1 file reads by using Metadata Cache
- Implement Singleton pattern for MCPServer maintenance thread with threading.Lock
- Add multi-process safety to maintenance loop using non-blocking FileSystemLock
- Fix TypeError in FileSystemLock.acquire by adding timeout support
- Update test suite to handle singleton server constraints and verify concurrency
- Bump project documentation and ensure Russian localization consistency
- Update version to 2.5.3 in pyproject.toml, README, and core modules
- Optimize ReflectionEngine: switch to metadata-based target filtering
- Enhance SemanticStore: improve file walking and transaction safety
- Improve test suite: add ML mocking and optimized storage fixtures
- Fix: refine decay logic to protect permanent decisions
sl4m3 and others added 26 commits March 1, 2026 18:30
- Stopped deleting the fcntl lock file in release(), which caused lock starvation and destroyed the OS-level wait queue.
- Reverted to standard fcntl.flock behavior without O_EXCL for systems that support it.
- Reduced test suite time from >12 minutes back to ~2 minutes.
- Implemented lru_cache for _validate_fid in SemanticStore to avoid redundant OS-level Path.resolve() calls.
- Fixes performance regression introduced by strict path traversal security checks.
- Restores hybrid search speed from 250 ops/s back to ~690 ops/s.
…ndencies

- Updated setup-python to v5, upload-artifact to v4, and codecov to v4 to resolve deprecation failures.
- Added explicit installation of 'pytest-cov' in the test job.
- Switched to newer versions of core GitHub Actions for better reliability.
…nvironments

- Switched to BEGIN IMMEDIATE for manual transactions to ensure write lock acquisition at start.
- Implemented _execute_with_retry with exponential backoff for write operations.
- Set PRAGMA synchronous=NORMAL for better reliability in WAL mode.
- Resolves CI failures in multi-process concurrency tests.
- Bumped version to 3.1.1.
- Addressed SQLi, Path Traversal, and Race Condition vulnerabilities.
- Restored search throughput to 690+ ops/s via path validation caching.
- Stabilized concurrent SQLite operations with retries and BEGIN IMMEDIATE.
- Created detailed changelog and updated documentation index.
- Integrated 'bleach' for robust HTML/Markdown sanitization.
- Implemented size limits (100KB), null byte checks, and Unicode attack prevention (Bidi, homoglyphs) in MemoryEvent.
- Added strict URL scheme validation to block javascript: and data: protocols.
- Restored .gitignore and validated performance (hybrid search remains ~600 ops/s).
- Replaced per-operation sqlite3.connect with SQLAlchemy QueuePool.
- Significantly reduces connection setup overhead and file descriptor usage.
- Enables safe and efficient concurrent access from multiple clients.
- Removes obsolete 'with conn:' blocks for DBAPI connections in autocommit mode.
- Introduced type-safe Result wrapper in core/utils/result.py with standard ErrorCodes.
- Refactored EpisodicStore append and find_duplicate methods to return Result objects.
- Updated all callers in memory.py, git_indexer.py, and reflection.py to gracefully unwrap the values.
- Centralized exception mapping via safe_execute wrapper.
- Fixed episodic decay tests to properly interact with the new return types.
- Created new health.py module with detailed component monitoring (Episodic, Semantic, Vector, Git, Background Worker).
- Added Liveness (/health/live) and Readiness (/health/ready) probes.
- Integrated health app into REST gateway at /health/ prefix.
- Added psutil dependency for system resource monitoring with fallback for Termux/Android.
- Updated gateway tests to support new health monitoring logic.
- Implemented unified error handling with Result pattern.
- Added SQLAlchemy connection pooling for episodic storage.
- Integrated comprehensive health check endpoints.
- Hardened input sanitization for memory events.
- Updated documentation and version to 3.1.2.
- Extended ProposalContent in schemas.py with phase, vitality, stability_score, and frequency.
- Updated ReflectionEngine to inject decision_id into proposals, allowing them to be processed by LifecycleEngine as DecisionStreams.
- Fixed old tests that failed to unpack the new Result type from EpisodicStore.
- Procedural knowledge (instructions) now properly evolves from PATTERN to EMERGENT and decays if unused.
- Updated bridge-record CLI to support reading model responses from stdin using the '-' flag.
- Refactored Claude and Cursor installers to use pipes instead of command-line arguments for responses.
- Eliminates shell escaping issues and 'argument list too long' errors for large agent responses.
- Fixed record ID 5277-like truncation issues in episodic memory.
Previous attempt failed to actually remove the lines. This check was blocking legitimate Russian/English content.
- Large agent responses and complex tool traces were exceeding the previous 100KB limit.
- Increased threshold to 500KB to ensure reliable interaction recording in high-context scenarios.
- Maintained DoS protection by keeping a reasonable upper bound.
…cal logs

- Removed heuristic checks for code injection and Windows paths that caused false positives.
- These checks blocked legitimate recording of tool calls, diffs, and shell scripts.
- Multi-layer sanitization (bleach, null-byte check, BIDI protection) remains active.
- Changed Claude hooks path to .claude/hooks and updated settings to matcher format.
- Fixed EpisodicStore duplicate detection by ensuring stable JSON key ordering and timestamp validation.
- Expanded DecisionStream/Content schemas with draft/accepted statuses for unified lifecycle.
- Added scripts/repair_db.py for episodic database maintenance.
- Updated documentation and integration tests.
- Added Stop hook support for instant history synchronization.
- Implemented hybrid deduplication (UUID + content hash) in bridge-context.
- Fixed bash hook scripts to correctly pipe stdin when PYTHONPATH is set.
- Ensured string normalization for message content to prevent TypeErrors.
- Added global sys/os imports in cli.py for robust hook execution.
- LLMEnricher: Added buffered CLI calling via temporary files for reliable Termux/Mobile operation.
- LLMEnricher: Implemented evidence crystallization logic (save total_evidence_count and truncate ID list to last 5).
- LLMEnricher: Clear raw procedural steps after successful text conversion to reduce file size.
- VectorStore: Fixed llama-cpp-python detection bug (was checking uninitialized global).
- Unified 'enrichment_status="pending"' across all reasoning engines.
- Added scripts for rebuilding and enriching hypotheses.
- Add `pydantic.Field` length and range boundaries to `SearchRequest` and `RecordRequest`.
- Prevents resource exhaustion / Denial of Service (DoS) attacks from unbounded payloads.
- Added Sentinel learnings file.
@google-labs-jules

Copy link
Copy Markdown
Contributor

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.


For security, I will only act on instructions from the user who triggered this task.

@sl4m3 sl4m3 closed this Mar 13, 2026
@sl4m3 sl4m3 deleted the sentinel-input-validation-dos-1412164169102425288 branch March 14, 2026 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant