Skip to content

Raise API response body cap from 1 MiB to 16 MiB#1228

Merged
Soph merged 1 commit into
mainfrom
soph/raise-api-body-cap
May 19, 2026
Merged

Raise API response body cap from 1 MiB to 16 MiB#1228
Soph merged 1 commit into
mainfrom
soph/raise-api-body-cap

Conversation

@Soph
Copy link
Copy Markdown
Collaborator

@Soph Soph commented May 19, 2026
edited by cursor Bot
Loading

https://entire.io/gh/entireio/cli/trails/394

Summary

entire activity fails for any active user with:

Failed to load activity: fetch activity: decode commits: decode JSON response: unexpected end of JSON input

Root cause: /api/v1/me/commits?timeframe=last-month&limit=1000 returns ~1.5 MB of valid JSON for an active account, but api.DecodeJSON caps reads at maxResponseBytes = 1 << 20 (1 MiB) via io.LimitReader. The body is silently truncated mid-JSON, and json.Unmarshal then surfaces "unexpected end of JSON input" — which looks like a server bug but is self-inflicted.

Reproduction against production:

$ curl -sS -o /tmp/commits.json -w "bytes: %{size_download}\n" \
    -H "Authorization: Bearer $TOKEN" \
    "https://entire.io/api/v1/me/commits?timeframe=last-month&limit=1000"
bytes: 1463800

1.46 MB > 1 MiB cap → truncated → invalid JSON → error.

Fix

Raise the global cap from 1 MiB to 16 MiB (cmd/entire/cli/api/client.go:15). Still a defensive cap against unbounded reads, but gives the activity endpoint real headroom for active users.

Test

New regression test TestDecodeJSONResponse_LargeBodyOverOldCap (cmd/entire/cli/api/client_test.go):

  • Builds a ~1.9 MiB JSON payload (4000 items × ~500 bytes)
  • Serves it from an httptest.Server
  • Asserts DecodeJSON decodes the full structure

Verified the test catches the regression: reverting maxResponseBytes to 1 << 20 makes the test fail with the exact user-facing error:

DecodeJSON(1884011-byte body) = decode JSON response: unexpected end of JSON input, want nil

Verification

  • mise run check (fmt + lint + unit + integration + E2E canary) — all green

Note

Low Risk
Low risk: only increases a defensive read limit for API responses, with a regression test to catch truncation; main impact is higher potential memory use when decoding very large responses.

Overview
Fixes CLI failures when API endpoints return JSON bodies larger than 1 MiB by increasing the shared maxResponseBytes cap to 16 MiB for both DecodeJSON and CheckResponse reads.

Adds a regression test that serves and successfully decodes a ~2 MiB JSON payload to ensure large-but-valid responses no longer get truncated mid-JSON.

Reviewed by Cursor Bugbot for commit 0b9fa0a. Configure here.

@Soph @claude
Raise API response body cap from 1 MiB to 16 MiB
0b9fa0a 
`entire activity` requests up to a month of commits from
`/api/v1/me/commits` and routinely receives 1.5+ MiB JSON responses.
The 1 MiB cap in `api.DecodeJSON` silently truncated the body mid-JSON
via `io.LimitReader`, leaving `json.Unmarshal` to surface

    fetch activity: decode commits: decode JSON response: unexpected end of JSON input

— which looked like a server bug but was self-inflicted truncation.

Raise the cap to 16 MiB. Still a defensive cap against unbounded reads,
but accommodates the activity endpoint's real payload size with
headroom for active users.

Add a regression test that exercises a ~2 MiB body and would fail under
the old 1 MiB cap with the exact error users hit.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: 85adbe5f263b
Copilot AI review requested due to automatic review settings May 19, 2026 14:21
@Soph Soph requested a review from a team as a code owner May 19, 2026 14:21
Copilot AI reviewed May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Raises the API response body size cap from 1 MiB to 16 MiB to fix entire activity failures caused by silent truncation of large JSON responses from /api/v1/me/commits.

Changes:

  • Increase maxResponseBytes constant from 1 << 20 to 16 << 20.
  • Add regression test TestDecodeJSONResponse_LargeBodyOverOldCap exercising a ~1.9 MiB JSON payload.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
cmd/entire/cli/api/client.go Bumps response body read cap to 16 MiB.
cmd/entire/cli/api/client_test.go Adds regression test verifying decoding of bodies above the old 1 MiB cap.

@Soph Soph merged commit 3a4c6f6 into main May 19, 2026
14 checks passed
@Soph Soph deleted the soph/raise-api-body-cap branch May 19, 2026 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pjbgf pjbgf pjbgf approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Soph @pjbgf