security(phase-1): bundle push size gates

Three gates, zero trust:

1. presign rejects size_bytes > bundle_max_bytes → 413 Fires before the presigned URL is issued.

2. unpack-bundle rejects wire_bytes > bundle_max_bytes → 422 Defends against direct MinIO PUT bypassing presign.

3. unpack-bundle rejects commits_count / objects_count above caps → 422 Bounds client-supplied logging inputs; prevents absurd allocations in the background worker.

All caps live in Settings (config.py) — tunable per environment: bundle_max_bytes = 512 MB bundle_max_commits = 100k bundle_max_objects = 1M

TDD: test_bundle_size_gates.py — 6 tests green.

sha256:9076f2e667fe458121f908717e4d396f07e4b29a1fefb082ec0bda6cd45109b3 sha

sha256:8a7f1c45aaf698ac58dd9f0de7772bbeb02c0a539d180d9de31952dd20e35e48 parent

sha256:133bfe57e5842bbe6057a2e79bd59a92d8535e3ca70c08983d9f75d51dbc878d snapshot

← Older Oldest on task/bundle-size-gates

All commits

Newer → Latest on task/bundle-size-gates

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:9076f2e667fe458121f908717e4d396f07e4b29a1fefb082ec0bda6cd45109b3 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump BREAKING

Agent claude-code

Breaking

musehub/config.py::Settings

Signature Cryptographically verified

Snapshot

ID sha256:133bfe57e5842bbe6057a2e79bd59a92d8535e3ca70c08983d9f75d51dbc878d

Files 0

Browse tree at this commit →

Commit

SHA sha256:9076f2e667fe458121f908717e4d396f07e4b29a1fefb082ec0bda6cd45109b3

Parent

sha256:8a7f1c45aaf698ac58dd9f0de7772bbeb02c0a539d180d9de31952dd20e35e48

Branch task/bundle-size-gates