harden: add 8 MiB frame limit + Section 23 guardrail (v0.2.7)

omoshola-o · omoshola-o · commit 418eed55ac1a · 2026-02-26T09:15:15.000-05:00
- Add MAX_CONTENT_LENGTH_BYTES to MCP stdio transport
- Reject oversized Content-Length with explicit error
- Add Section 23 guardrail enforcing hardening in source
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,7 +9,7 @@ members = [
 exclude = ["npm/wasm"]
 
 [workspace.package]
-version = "0.2.6"
+version = "0.2.7"
 edition = "2021"
 license = "MIT"
 repository = "https://github.com/agentralabs/agentic-codebase"
@@ -19,7 +19,7 @@ authors = ["Agentra Labs <contact@agentralabs.tech>"]
 [package]
 default-run = "acb"
 name = "agentic-codebase"
-version = "0.2.6"
+version = "0.2.7"
 edition = "2021"
 license = "MIT"
 repository = "https://github.com/agentralabs/agentic-codebase"
diff --git a/crates/agentic-codebase-cli/Cargo.toml b/crates/agentic-codebase-cli/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "agentic-codebase-cli"
-version = "0.2.6"
+version = "0.2.7"
 edition = "2021"
 license = "MIT"
 repository = "https://github.com/agentralabs/agentic-codebase"
@@ -15,6 +15,6 @@ name = "acb"
 path = "src/main.rs"
 
 [dependencies]
-agentic-codebase = { path = "../..", version = "0.2.6" }
+agentic-codebase = { path = "../..", version = "0.2.7" }
 clap = { version = "4", features = ["derive"] }
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
diff --git a/crates/agentic-codebase-ffi/Cargo.toml b/crates/agentic-codebase-ffi/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "agentic-codebase-ffi"
-version = "0.2.6"
+version = "0.2.7"
 edition = "2021"
 license = "MIT"
 repository = "https://github.com/agentralabs/agentic-codebase"
@@ -14,7 +14,7 @@ categories = ["api-bindings"]
 crate-type = ["cdylib", "rlib"]
 
 [dependencies]
-agentic-codebase = { path = "../..", version = "0.2.6" }
+agentic-codebase = { path = "../..", version = "0.2.7" }
 pyo3 = { version = "0.20", features = ["extension-module"], optional = true }
 wasm-bindgen = { version = "0.2", optional = true }
 serde-wasm-bindgen = { version = "0.6", optional = true }
diff --git a/crates/agentic-codebase-mcp/Cargo.toml b/crates/agentic-codebase-mcp/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "agentic-codebase-mcp"
-version = "0.2.6"
+version = "0.2.7"
 edition = "2021"
 license = "MIT"
 repository = "https://github.com/agentralabs/agentic-codebase"
@@ -15,7 +15,7 @@ name = "agentic-codebase-mcp"
 path = "src/main.rs"
 
 [dependencies]
-agentic-codebase = { path = "../..", version = "0.2.6", features = ["stdio"] }
+agentic-codebase = { path = "../..", version = "0.2.7", features = ["stdio"] }
 clap = { version = "4", features = ["derive"] }
 sha2 = "0.10"
 walkdir = "2"
diff --git a/crates/agentic-codebase-mcp/src/main.rs b/crates/agentic-codebase-mcp/src/main.rs
@@ -151,6 +151,9 @@ fn run_stdio(graph_path: Option<&str>, graph_name: Option<String>) {
     run_stdio_loop(&mut reader, &mut stdout, &mut server, &mut ghost);
 }
 
+/// Hard limit for framed stdio payloads (8 MiB).
+const MAX_CONTENT_LENGTH_BYTES: usize = 8 * 1024 * 1024;
+
 fn run_stdio_loop<R: BufRead + Read, W: Write>(
     reader: &mut R,
     writer: &mut W,
@@ -180,8 +183,17 @@ fn run_stdio_loop<R: BufRead + Read, W: Write>(
         if lower.starts_with("content-length:") {
             let rest = trimmed.split_once(':').map(|(_, rhs)| rhs).unwrap_or("");
             match rest.trim().parse::<usize>() {
-                Ok(n) => content_length = Some(n),
-                Err(_) => content_length = None,
+                Ok(n) if n <= MAX_CONTENT_LENGTH_BYTES => content_length = Some(n),
+                Ok(n) => {
+                    eprintln!(
+                        "Content-Length {n} exceeds max frame size of {MAX_CONTENT_LENGTH_BYTES} bytes"
+                    );
+                    break;
+                }
+                Err(_) => {
+                    eprintln!("Invalid Content-Length header: {trimmed}");
+                    content_length = None;
+                }
             }
             continue;
         }
diff --git a/scripts/check-canonical-sister.sh b/scripts/check-canonical-sister.sh
@@ -16,7 +16,6 @@ FRONTMATTER_EXTRA=(
 )
 # ── End sister-specific configuration ────────────────────────────────────────
 
-
 # ── Shared helpers ───────────────────────────────────────────────────────────
 
 fail() {
@@ -323,6 +322,24 @@ assert_file "python/pyproject.toml"
 assert_dir "npm/wasm"
 assert_file "npm/wasm/Cargo.toml"
 
+# ── 23. MCP stdio hardening (Section 13 enforcement) ────────────────────────
+# Every sister's MCP server must enforce:
+#   - 8 MiB frame size limit (MAX_CONTENT_LENGTH_BYTES)
+#   - Content-Length framing support
+#   - JSON-RPC version validation ("2.0")
+
+MCP_SRC="crates/agentic-${SISTER_KEY}-mcp/src"
+assert_dir "$MCP_SRC"
+
+# 8 MiB frame limit constant must exist in MCP server source
+assert_contains "MAX_CONTENT_LENGTH_BYTES" "$MCP_SRC"
+
+# Content-Length header parsing must exist
+assert_contains "content-length:" "$MCP_SRC"
+
+# JSON-RPC 2.0 version must be validated (reject non-2.0)
+assert_contains 'jsonrpc' "$MCP_SRC"
+
 # ── Done ────────────────────────────────────────────────────────────────────
 
 echo "Canonical sister guardrails passed."
