charles/claude-hooks

Fork

You've already forked claude-hooks

Code Issues 10 Pull requests Projects Releases Packages 1 Wiki Activity Actions

Hardening: bounded dedup maps, fetch timeouts, buildTaskRequest helper #35

New issue

Closed

opened 2026-04-18 10:33:39 +00:00 by claude-desktop · 0 comments

claude-desktop commented

2026-04-18 10:33:39 +00:00

Collaborator

Copy link

User story

As a maintainer, I want three small correctness/readability fixes batched into one PR — bounded in-memory maps, timeouts on every Forgejo fetch, and a single buildTaskRequest helper — so that the webhook stops leaking memory under high event volume, stops blocking for 30 s on Forgejo hangs, and stops duplicating the same 12-field object six times.

Context

Audit 2026-04-18 surfaced three pre-existing issues in src/webhook.ts:

Unbounded maps. _fixCiDispatched (line ~460) and _reviewFallbacks (line ~470) grow indefinitely under high event volume; _fixCiDispatched only prunes after hitting a hard 200-entry cap.
Four fetch() calls without AbortSignal.timeout. repoHasWorkflows and three inside requestReviewIfFresh. A Forgejo hang blocks the webhook handler until OS TCP timeout (~30 s).
Six identical TaskRequest object literals across event handlers — 12 fields × 6 occurrences = ~72 lines of boilerplate.

Acceptance criteria

BoundedMap utility

Introduce a small BoundedMap<K, V>(maxSize, ttlMs?) class (can live in src/util/bounded-map.ts or inline in webhook-ci.ts if #A has already landed). On set, if size exceeds maxSize, evict the oldest entry. If ttlMs is provided, also evict entries older than ttlMs on write.
Replace _fixCiDispatched (plain Map) with BoundedMap<string, number>(500, 3_600_000) — cap matches the 1 h dedup window plus headroom.
Replace _reviewFallbacks (plain Map) with either BoundedMap or keep as-is if the existing arm-cancels-prior-timer logic is already sufficient. Document the choice in a comment.
Unit tests: BoundedMap evicts on size and on TTL; does not mis-evict entries that are still within TTL.

Fetch timeouts

Add signal: AbortSignal.timeout(5_000) to every fetch() call in src/webhook.ts (or the split files if #A landed first). If #A landed and introduced src/forgejo-api.ts, add the timeout there exactly once and verify all callers go through it.
Manual verification note in PR: curl https://httpbin.org/delay/10 takes ≥ 10 s; confirm our handler bails at 5 s with a clear log line, not a hang.

buildTaskRequest helper

Extract buildTaskRequest(agent: Agent, repo: string, issueOrPr: number, task: string, overrides?: Partial<TaskRequest>): TaskRequest into either src/webhook-handlers.ts (if #A landed) or src/webhook.ts. It must:
- Populate forgejo_token, forgejo_mcp_command, forgejo_url, callback_url, role, git_name, git_email, branch_prefix, system_prompt, model, container from the config for the given agent.
- Accept overrides to let handlers tweak stateless_session (review) and other per-event fields.
Replace all six in-line literals with calls to the helper. Each handler drops from ~15 lines to ~3.

Tests

BoundedMap has dedicated tests (size eviction, TTL eviction, get/set/has semantics).
Existing webhook tests continue to pass; no new assertions required beyond the BoundedMap tests.

Out of scope

The webhook.ts structural split (see #A). This issue lives in whatever the current file layout is — if #A lands first, do the work in the new files; otherwise do it in webhook.ts.
Deeper test coverage for CI gate (see #D).

References

Codebase audit 2026-04-18.

Dependencies

Not blocked by: anything (compatible with either pre- or post-#A layout).
Sibling: #A, #C, #D.
Branch off: main

## User story As a **maintainer**, I want three small correctness/readability fixes batched into one PR — bounded in-memory maps, timeouts on every Forgejo fetch, and a single `buildTaskRequest` helper — so that the webhook stops leaking memory under high event volume, stops blocking for 30 s on Forgejo hangs, and stops duplicating the same 12-field object six times. ## Context Audit 2026-04-18 surfaced three pre-existing issues in `src/webhook.ts`: 1. **Unbounded maps.** `_fixCiDispatched` (line ~460) and `_reviewFallbacks` (line ~470) grow indefinitely under high event volume; `_fixCiDispatched` only prunes after hitting a hard 200-entry cap. 2. **Four `fetch()` calls without `AbortSignal.timeout`.** `repoHasWorkflows` and three inside `requestReviewIfFresh`. A Forgejo hang blocks the webhook handler until OS TCP timeout (~30 s). 3. **Six identical `TaskRequest` object literals** across event handlers — 12 fields × 6 occurrences = ~72 lines of boilerplate. ## Acceptance criteria ### BoundedMap utility - [ ] Introduce a small `BoundedMap<K, V>(maxSize, ttlMs?)` class (can live in `src/util/bounded-map.ts` or inline in `webhook-ci.ts` if #A has already landed). On `set`, if size exceeds `maxSize`, evict the oldest entry. If `ttlMs` is provided, also evict entries older than `ttlMs` on write. - [ ] Replace `_fixCiDispatched` (plain `Map`) with `BoundedMap<string, number>(500, 3_600_000)` — cap matches the 1 h dedup window plus headroom. - [ ] Replace `_reviewFallbacks` (plain `Map`) with either `BoundedMap` or keep as-is if the existing arm-cancels-prior-timer logic is already sufficient. Document the choice in a comment. - [ ] Unit tests: `BoundedMap` evicts on size and on TTL; does not mis-evict entries that are still within TTL. ### Fetch timeouts - [ ] Add `signal: AbortSignal.timeout(5_000)` to every `fetch()` call in `src/webhook.ts` (or the split files if #A landed first). If #A landed and introduced `src/forgejo-api.ts`, add the timeout there exactly once and verify all callers go through it. - [ ] Manual verification note in PR: `curl https://httpbin.org/delay/10` takes ≥ 10 s; confirm our handler bails at 5 s with a clear log line, not a hang. ### buildTaskRequest helper - [ ] Extract `buildTaskRequest(agent: Agent, repo: string, issueOrPr: number, task: string, overrides?: Partial<TaskRequest>): TaskRequest` into either `src/webhook-handlers.ts` (if #A landed) or `src/webhook.ts`. It must: - Populate `forgejo_token`, `forgejo_mcp_command`, `forgejo_url`, `callback_url`, `role`, `git_name`, `git_email`, `branch_prefix`, `system_prompt`, `model`, `container` from the config for the given agent. - Accept overrides to let handlers tweak `stateless_session` (review) and other per-event fields. - [ ] Replace all six in-line literals with calls to the helper. Each handler drops from ~15 lines to ~3. ### Tests - [ ] `BoundedMap` has dedicated tests (size eviction, TTL eviction, get/set/has semantics). - [ ] Existing webhook tests continue to pass; no new assertions required beyond the `BoundedMap` tests. ## Out of scope - The `webhook.ts` structural split (see **#A**). This issue lives in whatever the current file layout is — if #A lands first, do the work in the new files; otherwise do it in `webhook.ts`. - Deeper test coverage for CI gate (see **#D**). ## References - Codebase audit 2026-04-18. ## Dependencies - **Not blocked by:** anything (compatible with either pre- or post-#A layout). - **Sibling:** `#A`, `#C`, `#D`. - **Branch off:** `main`

claude-desktop added the

area:webhook

type:user-story

labels

2026-04-18 10:34:49 +00:00

claude-desktop referenced this issue

2026-04-18 11:18:05 +00:00

On merge-to-main, rebase other open PRs that just lost mergeability #40

dev was assigned by claude-desktop

2026-04-18 11:30:12 +00:00

dev referenced this issue from a commit

2026-04-18 11:34:29 +00:00

feat(webhook): bounded dedup map, fetch timeouts, buildTaskRequest helper

dev referenced this issue from a pull request that will close it,

2026-04-18 11:34:40 +00:00

Hardening: bounded dedup map, fetch timeouts, buildTaskRequest helper #41

dev referenced this issue from a commit

2026-04-18 11:55:52 +00:00

feat(webhook): bounded dedup map, fetch timeouts, buildTaskRequest helper

code-lead closed this issue

2026-04-18 13:24:43 +00:00

No Branch/Tag specified

main

chore/sync-pre-push-from-forge-base

fix/flows-yaml-dispatch-identity

feat/board-tap-to-assign

dev/1107

code-lead/1106

code-lead/1108

dev/1104

code-lead/1103

code-lead/1080

dev/1087

feat/flows-yaml-ci-events

chore/board-drop-stalled-and-density-controls

fix/flows-yaml-routes-always-register

flows-yaml/api-defaults

dev/1023

fix/event-log-history-bleed

fix/janitor-fix-ci-logs-and-cap

dev/1022

fix/board-card-provider

code-lead/1036

dev/1025

code-lead/1020

dev/1017

code-lead/1026

feat/web-shortcut-registry-1018

dev/1015

code-lead/1009

code-lead/1008

dev/975

dev/969

dev/973

dev/967

code-lead/968

code-lead/953

dev/970

dev/976

code-lead/966

code-lead/956

code-lead/951

dev/962

dev/963

dev/977

dev/955

dev/983

dev/961

dev/974

code-lead/950

code-lead/939

dev/941

dev/940

dev/937

dev/938

dev/936

dev/935

feat/web-i18n-fr-locale

feat/spec-editor-ui-polish

chore/drop-legacy-compat

fix/skills-drop-preview-pane

fix/882-skills-safety-rail

dev/911

dev/909

dev/923

dev/917

dev/915

feat/879-sr11-m2-drop-legacy-skill

code-lead/873

dev/881

code-lead/869

dev/867

code-lead/845

code-lead/843

code-lead/844

dev/837

dev/861

dev/849

code-lead/837

code-lead/842

fix/dedup-rebase-inflight

dev/838

code-lead/847

dev/833

code-lead/848

pr/838

code-lead/841

feat/settings-save-bar/836

code-lead/840

dev/846

code-lead/839

dev/832

fix/board-sse-stale-cache

dev/834

dev/835

feat/settings-breadcrumbs

feat/forge-oauth-credentials

refactor/service-config-consolidation

feat/agent-tokens-to-secrets

feat/gitlab-oauth-to-db

feat/authelia-rip-and-voice-fixes

fix/rebase-storm-and-dead-letter

code-lead/797

code-lead/796

dev/811

code-lead/798

dev/810

code-lead/795

dev/808

code-lead/794

dev/805

dev/802

dev/803

feat/avatar-menu-settings-entry

feat/per-agent-token-tracking

dev/793

dev/747

dev/752

code-lead/790

code-lead/759

dev/756

dev/760

dev/741

dev/767

dev/740

dev/709

dev/644

dev/637

boss/614

dev/600

dev/611

dev/585

fix/login-bonus-fixes

boss/544

dev/542

refactor/api-prefix-and-session-gate

dev/489

boss/531

boss/518

dev/499

boss/516

dev/530

dev/517

dev/519

dev/515

dev/522

dev/503

dev/471

boss/329

dev/417

dev/418

dev/402

boss/327

dev/334

dev/332

boss/326

boss/325

dev/331

boss/324

boss/323

boss/322

dev/294

test/s11-task-analytics

dev/262

boss/270

dev/268

foreman/ui-consolidation-spec

dev/234

boss/196

boss/176

boss/164

fix/124-session-persist-bind

boss/52

dev/87

boss/73

dev/77

dev/81

dev/82

boss/79

dev/42

dev/35

boss/7

No results found.

Labels

Clear labels

area:agents

Agent types, pool scheduling, per-instance config

area:dashboard

Dashboard UI and observability surfaces

area:database

DB layer — schema, migrations, ORM, raw SQL

area:design

UI/UX mockup work — routes to designer agent

area:design-review

Design review dispatch — routes to design-reviewer agent

area:flows

Flow runner — YAML loader, executor, op registry, expression eval

area:infra

Deployment, isolation, containers, systemd units

area:meta

Tracking, scaffolding, project setup

area:security

Security — routes to reviewer-security (opus)

area:sessions

Session-id store, Claude SDK resume logic

area:webhook

Forgejo webhook routing and handlers

area:workdir

Clone cache, worktrees, git identity

security

Security-sensitive issue

Tracking or decisions, not implementation work

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

dev

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

charles/claude-hooks#35

Reference in a new issue

Repository

charles/claude-hooks

Title

Body

No description provided.

Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?

Rows
Columns