Skip to content

Add configurable IPC input caps in Settings and wire them into main-process validation#31

Draft
Copilot wants to merge 2 commits into
mainfrom
copilot/feature-make-ipc-input-caps-user-configurable
Draft

Add configurable IPC input caps in Settings and wire them into main-process validation#31
Copilot wants to merge 2 commits into
mainfrom
copilot/feature-make-ipc-input-caps-user-configurable

Conversation

Copilot AI commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This change moves user-facing IPC payload limits (session summary, session notes, skill file content) out of hardcoded values and into Settings, while preserving previous defaults on upgrade. The fixed 1MB HTTP response cap remains unchanged as a hard security boundary.

  • Settings model + persistence

    • Extended AppSettings with:
      • summaryMaxLength (100–5,000; default 1,000)
      • notesMaxLength (10,000–500,000; default 100,000)
      • skillFileMaxBytes (64KB–2MB; default 512KB)
    • Added load-time clamping so invalid/stale localStorage values are normalized safely.

  • Settings UI: new Limits section (under Trusted Directories)

    • Added a new LIMITS panel directly below TRUSTED DIRECTORIES.
    • Added number inputs for all three caps with clear ranges/units.
    • Added explanatory copy on why caps exist and clarified that HTTP response cap is intentionally fixed.

  • Renderer → main cap propagation

    • Added IPC channel: app:set-input-caps.
    • Exposed bridge method in preload: setInputCaps(...).
    • Applied caps during settings application so main-process enforcement updates as users edit settings.

  • Main-process enforcement updates

    • Replaced hardcoded limits in IPC handlers with configured caps:
      • sessions:renameinputCaps.summaryMaxLength
      • sessions:set-notesinputCaps.notesMaxLength
      • skills:save-fileinputCaps.skillFileMaxBytes
    • Added central bounds/defaults + normalization in electron/main.ts to enforce safe server-side ranges regardless of renderer input.

  • Additional sweep hardening

    • Added cap for skills:create description content (MAX_SKILL_DESCRIPTION_LENGTH) to prevent unbounded writes on that freeform path as well.
ipcMain.handle('app:set-input-caps', async (_e, caps: Partial<InputCaps>): Promise<InputCaps> => {
  if (!caps || typeof caps !== 'object') return inputCaps
  inputCaps = normaliseInputCaps(caps)
  return inputCaps
})

// Example usage in existing handlers:
if (!safeSummary || safeSummary.length > inputCaps.summaryMaxLength) return false
const safeNotes = typeof notes === 'string' ? notes.slice(0, inputCaps.notesMaxLength) : ''
if (!fileName.endsWith('.md') || content.length > inputCaps.skillFileMaxBytes) return false

Copilot AI linked an issue Jun 3, 2026 that may be closed by this pull request
Feature: Make IPC input caps user-configurable in Settings #18
Open
5 tasks
Copilot AI changed the title [WIP] Add user-configurable IPC input caps in Settings Add configurable IPC input caps in Settings and wire them into main-process validation Jun 3, 2026
Copilot finished work on behalf of faesel June 3, 2026 09:25
Copilot AI requested a review from faesel June 3, 2026 09:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@faesel faesel Awaiting requested review from faesel

Assignees

@faesel faesel

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature: Make IPC input caps user-configurable in Settings

2 participants

@faesel