security: add max_evaluation_chars limit to prevent giant prompt DoS

[yossiovadia]

Summary

Fixes #1454 — signal evaluation latency grows super-linearly with prompt size (10K chars = 21s, 25K+ = timeout). A single client can make the router unresponsive.

Fix

Add max_evaluation_chars config with 8192-char default that truncates evaluation text before any signal processing:

# In router config (optional — default 8192)
max_evaluation_chars: 8192  # set to -1 to disable

• Truncation at character level before compression/embedding/classification
• 8192 chars ≈ ~2K tokens — well within embedding model capacity
• Does NOT truncate the request body — only text used for routing decisions
• Complements prompt_compression (quality-aware NLP) with a hard safety bound

Changes

File	Change
pkg/config/config.go	Add MaxEvaluationChars field with documentation
pkg/extproc/req_filter_classification.go	Truncate evaluationText before signal processing

2 files, 22 insertions.

Test plan

• make build-router passes
• golangci-lint — 0 issues on changed files
• Default 8192 limit applied when config is omitted
• Prompts under limit pass through unchanged
• Prompts over limit truncated with warning log

[netlify]

✅ Deploy Preview for vllm-semantic-router ready!

Name	Link
🔨 Latest commit	3fdacb8
🔍 Latest deploy log	https://app.netlify.com/projects/vllm-semantic-router/deploys/69bb0acde5525c00080fddc4
😎 Deploy Preview	https://deploy-preview-1455--vllm-semantic-router.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[github-actions]

👥 vLLM Semantic Team Notification

The following members have been identified for the changed files in this PR and have been automatically assigned:

📁 src

Owners: @rootfs, @Xunzhuo, @wangchen615
Files changed:

• src/semantic-router/pkg/config/config.go
• src/semantic-router/pkg/config/config_test.go
• src/semantic-router/pkg/extproc/req_filter_classification.go

📁 tools

Owners: @yuluo-yx, @rootfs, @Xunzhuo
Files changed:

• tools/agent/structure-rules.yaml

---

🎉 Thanks for your contributions!

This comment was automatically generated based on the OWNER files in the repository.

[rootfs]

@yossiovadia truncating long prompt introduces attention loss, please check the prompt compression feature #1437 that reduces the seq len

[yossiovadia]

Prompt compression helps with classification quality but doesn't protect against DoS. In our testing (#1454), a 25K char prompt caused the router to become completely unresponsive — health endpoint stopped responding. This happened because:

1. Compression is disabled by default — most deployments have no protection
2. Even when enabled, compression itself is O(n²) on the input sentences — a giant prompt overwhelms the compression step before it even reaches signal evaluation

max_evaluation_chars is a hard safety bound that truncates before any processing (compression or classification). It's defense-in-depth — complements compression, doesn't replace it.