Hugh Brown 4960d8561b security: fix fail-open auth, streaming payload limit, and rate limiter memory leak ...

- agent.py: Fail closed when gateway lookup returns None instead of
  silently dropping the organization filter (cross-tenant board leak)
- board_webhooks.py: Read request body via streaming chunks so an
  oversized payload is rejected before it is fully loaded into memory
- rate_limit.py: Add periodic sweep of expired keys to prevent
  unbounded memory growth from inactive clients
- test_rate_limit.py: Add test for the new sweep behavior

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-07 23:35:10 +05:30

2.5 KiB

Raw Blame History

View Raw