serve: follow-up improvements from PR #119 review #120

New Issue

2026-05-08T05:45:56Z

xingyue commented

2026-05-08 05:45:56 +00:00

Context

PR #119 review left 9 non-blocking suggestions. Track them here.

Tasks

Error Handling

Add global error handler (catch unhandled exceptions, return structured JSON)
JSON body parsing validation (malformed body should return 400, not 500)

Security

CORS: restrict origins (currently wide open with cors() defaults)
Add body size limit to POST endpoints

Performance

Reuse CAS store instance instead of creating per-request

Test Coverage

Error path tests (invalid JSON, missing fields)
CORS header assertions
Body limit behavior tests
Global error handler tests

Ref

Follow-up from #119, part of #118

## Context PR #119 review left 9 non-blocking suggestions. Track them here. ## Tasks ### Error Handling - [ ] Add global error handler (catch unhandled exceptions, return structured JSON) - [ ] JSON body parsing validation (malformed body should return 400, not 500) ### Security - [ ] CORS: restrict origins (currently wide open with `cors()` defaults) - [ ] Add body size limit to POST endpoints ### Performance - [ ] Reuse CAS store instance instead of creating per-request ### Test Coverage - [ ] Error path tests (invalid JSON, missing fields) - [ ] CORS header assertions - [ ] Body limit behavior tests - [ ] Global error handler tests ## Ref Follow-up from #119, part of #118

xingyue referenced this issue

2026-05-08 10:03:51 +00:00

RFC: Workflow Dashboard — HTTP API + Cloudflare Web UI #118

xingyue referenced this issue from a commit

2026-05-08 10:12:06 +00:00

fix(serve): error handling, CORS, body limit, CAS store reuse

xingyue referenced a pull request that will close this issue

2026-05-08 10:12:18 +00:00

fix(serve): error handling, CORS, body limit, CAS store reuse #136

xiaomo closed this issue

2026-05-08 15:00:33 +00:00

This repo is archived. You cannot comment on issues.

Branches Tags

main

chore/migrate-ocas

retrospect/fix-committer-tea

retrospect/solve-issue-fixes

fix/517-expand-skill

fix/574-silent-fail-handling

fix/573-unify-cas-store

fix/571-current-role

fix/567-trim-leading-whitespace

fix/566-adapter-json-stdout

fix/544-remove-legacy-frontmatter

fix/553-edge-prompt-empty

fix/557-step-show-json-escape

fix/559-thread-show-status

fix/561-thread-start-cwd-option

fix/558-thread-edge-location

fix/531-config-mask-apikey

fix/532-config-key-validation

fix/533-double-prefix

fix/551-hermes-bin-engines

fix/549-commit-scope

feat/541-skill-developer

feat/539-skill-author

feat/538-skill-user

feat/540-skill-actor

fix/ci-skip-integration-tests

fix/535-sqlite-fallback

fix/531-532-533

fix/528-refactor-apikey

fix/526-config-subcommand

fix/522-cancelled-thread-status

fix/523-bin-entry-point

fix/519-read-session-file

fix/enum-multi-exit-validation

fix/remove-chinese-cli-output

feat/424-setup-agent-discovery

fix/hermes-integration-test-import

fix/449-reduce-dashboard-complexity

refactor/512-rename-packages

chore/510-open-source-readiness

chore/solve-issue-portable

fix/489-step-timing

fix/506-semantic-validation

feat/502-oneOf-output-instruction

feat/499-phase2-discriminated-union

feat/499-dollar-status

fix/497-update-docs

feat/490-phase3-dashboard

feat/490-phase2-yaml-migration

feat/490-status-routing

fix/487-refactor-step-read

fix/484-step-read-command

fix/480-thread-read-quota

fix/481-cas-has-exit-code

fix/474-tea-pr-worktree-fix

fix/469-step-commands-completed-threads

fix/473-first-time-role-context

fix/471-thread-list-filters

fix/466-continuation-prompt-content

chore/cleanup-cli-docs

fix/463-http-methods

fix/464-worktree-isolation

fix/461-per-agent-session-cache

fix/459-xml-tag-isolation

fix/444-biome-complexity-warnings

fix/456-thread-step-background

fix/448-reduce-complexity

fix/445-reduce-setup-complexity

fix/446-reduce-thread-complexity

docs/sync-readme

fix/447-reduce-loop-complexity

fix/439-detail-merge-and-acp

fix/440-thread-read-prompt-dedup

fix/builtin-session-lifecycle

debug/439-raw-ndjson-dump

fix/428-multi-strategy-workflow-resolution

fix/yaml-no-alias

feat/428-workflow-resolution

feat/turn-jsonl-session

feat/426-builtin-session-resume

fix/builtin-agent-system-user-split

feat/422-claude-code-detail-enrichment

feat/builtin-agent

test/418-resume-e2e-repro

chore/update-cli-reference

fix/413-log-subcommands

feat/411-process-logger

feat/405-phase2-find-last-role-index

feat/405-edge-prompt-required

feat/402-edge-prompt-session-resume

feat/398-hermes-acp-client

fix/395-worktree-hygiene

feat/391-workflow-agent-claude-code

jshang/workflow-dashboard

fix/394-forbid-extra-frontmatter-fields

feat/335-setup-validate-model

fix/389-dynamic-format-instruction

fix/388-frontmatter-dynamic-fields

fix/385-revert-output-protocol

feat/384-agent-session-protocol

feat/remove-llm-extract

feat/cas-put-text

fix/380-hermes-quiet-flag

feat/373-thread-step-count

fix/fallback-transition-validation

feat/376-first-last-jsonata

refactor/374-meta-to-frontmatter

feat/370-solve-issue-workflow

feat/369-uwf-skill-cli

chore/ignore-legacy-biome

feat/365-project-local-workflows

refactor/364-rename-role-fields

feat/359-role-four-phase

chore/rename-uwf-to-workflow

chore/repo-restructure

feat/357-thread-read-content

feat/355-uwf-frontmatter

feat/351-phase3-prompt-focus

feat/351-phase2-adapter-frontmatter

feat/351-frontmatter-markdown-phase1

feat/349-thread-read

fix/348-session-id-stderr

fix/342-parse-session-id

fix/342-fork-simplify

feat/342-thread-steps-fork

refactor/simplify-agent-context

refactor/pass-store-via-context

feat/337-agent-detail-merkle

feat/cas-reindex

refactor/use-list-by-type

refactor/merge-cas-get-cat

refactor/remove-table-format

fix/328-table-vertical

user/jiayiyan/feat_office-agent-document-template-v2

feat/328-format-option

fix/319-cas-json-output

fix/319-validate-schema-only-inline

fix/319-schema-titles

feat/319-uwf-cas-builtin

user/jiayiyan/feat_office-agent-document-template

feat/309-uwf-stateless

feat/285-phase3-x-cas-ref

chore/remove-old-templates

feat/294-phase7-cli

private/json-cas-refactor

feat/294-phase5-react-layer

feat/294-phase4-engine-migration

feat/294-phase3-workflow-json

feat/294-jsonata-moderator

docs/architecture-cards

feat/285-phase2-remove-extractrefs

feat/285-cas-ref-annotation

chore/fix-biome-complexity-warnings

refactor/agent-fn-required-opt

chore/audit-exports-cleanup

chore/remove-symlink-dead-code

chore/no-external-bundle

feat/show-system-prompt

chore/205-env-example

chore/biome-fix-and-pre-push-hook

chore/remove-parentRequired-param

fix/265-flaky-thread-rm

feat/workflow-detail-layout

chore/252-remove-text-adapter

feat/261-adapter-migration

feat/252-agent-fn

feat/graph-interactions

fix/dashboard-graph-side-handles

fix/dashboard-graph-visual-247

fix/cursor-agent-runtime-extract

refactor/serve-remove-http-tunnel

chore/slim-role-output

feat/changesets-version-management

chore/bump-0.4.0

chore/merge-publish-scripts

chore/remove-link-all

feat/merge-publish-scripts

fix/auto-discover-publish

refactor/dashboard-custom-spine-layout

fix/cli-bin-path

fix/dashboard-elk-review-feedback

feat/dashboard-elk-layout

fix/skill-author-pitfalls

fix/publish-lockfile-regen

feat/210-ws-gateway-phase2

refactor/thread-detail-side-by-side-layout

feat/210-ws-gateway-phase1

feat/222-tools-smoke-test-phase3

feat/222-react-adapter-phase2

feat/222-adapter-fn-phase1

fix/219-review-followup

feat/216-setup-and-build-scripts

fix/206-bundle-build-register

feat/197-agent-observability

feat/198-dashboard-workflow-graph

feat/194-merkle-call-stack-phase2

refactor/200-moderator-table

feat/194-merkle-call-stack-phase1

feat/cursor-agent-workspace-extract

fix/191-dashboard-thread-sort

feat/187-end-node-llm-summary

refactor/185-remove-max-rounds

refactor/180-simplify-extract-fn

feat/177-gateway-route-reorg

feat/172-declarative-moderator-table

fix/170-thread-status-detection

feat/164-cf-worker-gateway

fix/161-162-cas-content-refs

feat/155-cas-thread-phase-5

feat/155-cas-thread-phase-4

feat/155-cas-thread-phase-3

feat/155-cas-thread-phase-2

feat/155-cas-thread-phase-1

chore/rename-dashboard-folder

refactor/143-split-packages

feat/139-thread-reactor

refactor/runtime-descriptor-boundary

fix/128-dashboard-enhancements

fix/130-sse-incremental

fix/120-serve-hardening

feat/131-dashboard-sse

refactor/thread-context-runtime

feat/118-serve-write-sse

feat/118-dashboard

refactor/121-split-workflow-runtime

feat/118-serve-api

chore/bump-0.2.0

feat/110-phase3-supervisor

chore/114-remove-deprecated

feat/110-phase2-migrate-extract

docs/package-readmes

feat/110-phase1-config-layer

chore/108-cli-module-discipline

chore/106-workflow-module-discipline

chore/cleanup-cas-thread-id

refactor/102-module-folders

refactor/97-phase4-cleanup

refactor/96-phase3-split-dispatch

refactor/95-phase2-control-merge

chore/remove-build-scripts

refactor/93-phase1-directory-restructure

feat/91-reviewer-prompt

docs/88-readme-architecture-cleanup

fix/85-usage-format

fix/83-cli-ux

feat/81-skill-topics

fix/75-nits

refactor/75-merge-roles-phase1

refactor/71-auto-gen-skill-doc

feat/63-workflow-storage-root

feat/69-help-skill

refactor/cli-noun-verb-grouping

feat/59-solve-issue-refactor

feat/37-live-command

feat/58-develop-workflow

feat/36-init-command

feat/44-react-extract

feat/43-extract-provider-config

feat/42-thread-root-node

feat/41-merkle-content-cas

feat/33-workflow-as-agent

feat/32-cas-gc

feat/31-refs-tracking

feat/30-global-cas

feat/28-preparer-role

fix/26-planner-cas-cli-prompt

test/19-validate-workflow-descriptor

feat/23-phase-title-in-planner-meta

fix/21-moderator-coder-transition

fix/review-feedback-and-typecheck

fix/type-errors-and-tsbuildinfo

1 Participants

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: uncaged/workflow#120