security: validate looper breadth_schedule and modelRefs limits

[yossiovadia]

Summary

Fixes #1456 — ReMoM algorithm accepted arbitrary breadth_schedule values with no upper bound. A config like breadth_schedule: [32, 16, 8, 4, 4] = 65 backend calls per single user request, causing potential cost explosion.

Fix

Add config-time validation for looper cost bounds:

• breadth_schedule total limit: rejects configs where total backend calls exceed 64 (sum of schedule + 1 final round)
• Positive values: rejects zero or negative values in breadth_schedule
• modelRefs warning: logs a warning when a decision has more than 10 modelRefs (each looper request may trigger up to N calls)

Validation runs at config parse time (startup), so invalid configs are caught before any requests are processed.

Changes

File	Change
pkg/config/validator.go	Add ReMoM breadth_schedule validation + modelRefs count warning
pkg/config/validator_test.go	3 unit tests: accepts reasonable, rejects excessive, rejects zero

2 files, 89 insertions.

Test plan

• make build-router passes
• golangci-lint — 0 issues on changed files
• test_accepts_remom_with_reasonable_breadth_schedule — PASS
• test_rejects_remom_with_excessive_breadth_schedule — PASS
• test_rejects_remom_with_zero_breadth_value — PASS
• All 283 config tests pass

[netlify]

✅ Deploy Preview for vllm-semantic-router ready!

Name	Link
🔨 Latest commit	728069f
🔍 Latest deploy log	https://app.netlify.com/projects/vllm-semantic-router/deploys/69bb026cbfb2420008f779ef
😎 Deploy Preview	https://deploy-preview-1457--vllm-semantic-router.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[github-actions]

👥 vLLM Semantic Team Notification

The following members have been identified for the changed files in this PR and have been automatically assigned:

📁 src

Owners: @rootfs, @Xunzhuo, @wangchen615
Files changed:

• src/semantic-router/pkg/config/validator.go
• src/semantic-router/pkg/config/validator_test.go

📁 tools

Owners: @yuluo-yx, @rootfs, @Xunzhuo
Files changed:

• tools/agent/structure-rules.yaml

---

🎉 Thanks for your contributions!

This comment was automatically generated based on the OWNER files in the repository.

[Copilot]

Pull request overview

Adds config-parse-time safeguards to prevent ReMoM/looper configurations from accidentally creating excessive backend fanout (cost amplification).

Changes:

• Add a warning when a decision declares more than 10 modelRefs.
• Validate ReMoM breadth_schedule values are positive and cap total backend calls to 64 (including final synthesis round).
• Add unit tests covering accept/reject paths for ReMoM breadth_schedule.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
src/semantic-router/pkg/config/validator.go	Adds config-time warning for high modelRefs counts and enforces ReMoM breadth_schedule positivity + total-call limit.
src/semantic-router/pkg/config/validator_test.go	Adds tests for reasonable/excessive/zero ReMoM breadth_schedule values.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

The accumulation into totalCalls can overflow int if a config supplies extremely large breadth_schedule values, potentially wrapping to a small/negative number and bypassing the max-call limit. Consider switching to a wider unsigned type for counting (e.g., uint64) and/or performing overflow-safe addition (e.g., check totalCalls > maxTotalCalls-breadth / early-return once the cap is exceeded) so the limit cannot be evaded via integer overflow.

[Copilot]

This warning is emitted for any decision with >10 modelRefs, but the message specifically says "Each looper request" (and the comment mentions only looper algorithms). If the decision's algorithm is not a looper, this log line becomes misleading/noisy. Either (a) gate the warning to known looper algorithm types, or (b) reword the warning to be algorithm-agnostic (and optionally include algorithm.type in the message).

Suggested change

	// Looper algorithms (confidence, ratings) execute up to len(modelRefs) backend calls.
	const maxModelRefs = 10
	if len(decision.ModelRefs) > maxModelRefs {
	logging.Warnf("Decision '%s' has %d modelRefs (max recommended: %d). "+
	"Each looper request may trigger up to %d backend calls.",
	// Some algorithms may execute up to len(modelRefs) backend calls per decision request.
	const maxModelRefs = 10
	if len(decision.ModelRefs) > maxModelRefs {
	logging.Warnf("Decision '%s' has %d modelRefs (max recommended: %d). "+
	"A single request using this decision may trigger up to %d backend calls, depending on the algorithm.",

[Copilot]

The new max-call logic is sensitive to off-by-one behavior (sum(schedule) + 1 final round). It would be valuable to add a boundary test that accepts exactly the limit (totalCalls == 64) to ensure > vs >= remains correct (e.g., a schedule whose sum is 63).

Suggested change

	It("accepts remom at max backend calls", func() {
	// sum(BreadthSchedule) == 63, plus 1 final round == 64 total calls (max allowed)
	cfg := &RouterConfig{
	IntelligentRouting: IntelligentRouting{
	Decisions: []Decision{{
	Name: "remom-max",
	ModelRefs: []ModelRef{{
	Model: "model-a",
	ModelReasoningControl: ModelReasoningControl{UseReasoning: boolPtr(false)},
	}},
	Algorithm: &AlgorithmConfig{
	Type: "remom",
	ReMoM: &ReMoMAlgorithmConfig{BreadthSchedule: []int{32, 16, 8, 4, 3}},
	},
	}},
	},
	}
	Expect(validateConfigStructure(cfg)).To(Succeed())
	})

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.