feat: add max length validation for user chat messages#256
Open
sharma-sugurthi wants to merge 2 commits intojenkinsci:mainfrom
Open
feat: add max length validation for user chat messages#256sharma-sugurthi wants to merge 2 commits intojenkinsci:mainfrom
sharma-sugurthi wants to merge 2 commits intojenkinsci:mainfrom
Conversation
Adds a configurable max_message_length (default: 5000 chars) enforced
across all three input paths:
- ChatRequest (REST POST /sessions/{id}/message)
- ChatRequestWithFiles (REST POST /sessions/{id}/message/upload)
- WebSocket /sessions/{id}/stream
Oversized messages now get a clear 422/error response instead of
flowing into the LLM pipeline and wasting context window + compute.
The limit is configurable via config.yml under chat.max_message_length.
Fixes jenkinsci#255
berviantoleo
reviewed
Mar 7, 2026
chatbot-core/api/routes/chatbot.py
Outdated
| if not user_message: | ||
| continue | ||
|
|
||
| max_msg_len = CONFIG.get("chat", {}).get( |
Contributor
There was a problem hiding this comment.
It's not recommended for getting the config like this. It's better to have a helper, so you can set the default value in one place. As the current approach, it will set default value in multiple place.
Contributor
Author
There was a problem hiding this comment.
extracted MAX_MESSAGE_LENGTH as a module-level constant in schemas.py so the default lives in one place. chatbot.py now imports it instead of reading config directly.
Address review feedback: replace scattered CONFIG.get() calls with a single MAX_MESSAGE_LENGTH constant defined in schemas.py. The default value (5000) now lives in one place. - schemas.py: export MAX_MESSAGE_LENGTH from chat config - chatbot.py: import MAX_MESSAGE_LENGTH instead of reading CONFIG - Remove unused CONFIG import from chatbot.py
berviantoleo
added
the
enhancement
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #255
Problem
ChatRequest.messageonly validates emptiness - no upper bound. Users can submit arbitrarily large payloads (e.g., 1MB) that flow directly into the LLM pipeline, wasting context window and compute. the WebSocket endpoint has no input validation at all.by contrast, the file upload path already enforces
MAX_TEXT_CONTENT_LENGTH = 10000- but the primary chat path has none.Fix
adds a configurable
max_message_length(default: 5000 chars) enforced across all three input paths:ChatRequest(POST /sessions/{id}/message) -@field_validatorrejects with 422ChatRequestWithFiles(POST /sessions/{id}/message/upload) -@model_validatorrejects with 422/sessions/{id}/stream) - sends JSON error and continues the connectionthe limit is configurable via
config.ymlunderchat.max_message_length.Changes
schemas.pyChatRequestandChatRequestWithFilesvalidatorschatbot.pyCONFIGimportconfig.ymlchat.max_message_length: 5000config-testing.ymlTesting
pylint- 10.00/10ChatRequest- zero breakage risk