Skip to content

Impose limits on facet name length and nesting depth.#6325

Open
kentonv wants to merge 1 commit intomainfrom
kenton/facet-limits
Open

Impose limits on facet name length and nesting depth.#6325
kentonv wants to merge 1 commit intomainfrom
kenton/facet-limits

Conversation

@kentonv
Copy link
Member

@kentonv kentonv commented Mar 15, 2026

Name length limit: 256 chars
Nesting depth limit: 4 (including root)

We could increase these limits if we needed to but it's hard to imagine anyone needing more than this, in fact I have yet to see a use case for multiple levels of child facets at all.

@kentonv
Impose limits on facet name length and nesting depth.
af4894c 
Name length limit: 256 chars
Nesting depth limit: 4 (including root)

We could increase these limits if we needed to but it's hard to imagine anyone needing more than this, in fact I have yet to see a use case for multiple levels of child facets at all.
@kentonv kentonv requested a review from justin-mp March 15, 2026 02:26
@kentonv kentonv requested review from a team as code owners March 15, 2026 02:26
@ask-bonk
Copy link
Contributor

ask-bonk bot commented Mar 15, 2026

The facets feature is experimental (the test uses compatibilityFlags = ["experimental"]). Adding limits to an experimental feature is fine and doesn't need a separate compat flag.

After thorough review, I find no actionable issues:

  1. Logic correctness - The depth check and name length checks are correct with proper boundary conditions.
  2. Safety - No memory safety issues. The recursive getDepth() is bounded by the enforced depth limit.
  3. Test coverage - Comprehensive tests for boundary values and all code paths.
  4. Backward compatibility - Feature is experimental, so adding limits is acceptable.
  5. API design - Error types and messages are clear and appropriate.
  6. Code style - Follows KJ conventions properly.

LGTM

github run

jasnell
jasnell reviewed Mar 15, 2026
View reviewed changes
src/workerd/api/actor-state.h

// Maximum depth of the facet tree, including the root Durable Object. Root is at depth 0, so
// the deepest allowed facet is at depth MAX_FACET_TREE_DEPTH - 1.
static constexpr uint MAX_FACET_TREE_DEPTH = 4;
Copy link
Collaborator

@jasnell jasnell Mar 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nit: if these are only used directly within actor-state.c++, they likely don't need to be constants on the class and could be moved into an anonymous namespace in actor-state.c++

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell jasnell approved these changes

@justin-mp justin-mp Awaiting requested review from justin-mp

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kentonv @jasnell