Why
#5492 added a request-body size cap (pkg/bodylimit) on the MCP proxies and vMCP, defaulting to bodylimit.DefaultMaxRequestBodySize (8MB) and rejecting oversized bodies with 413. 8MB is a sensible default, but operators should be able to tune it:
- raise it for deployments with unusually large
tools/call payloads (e.g. big inline base64 images/documents), or
- lower it for a stricter DoS posture.
This is the planned configurability follow-up to #5492. Non-urgent — the 8MB default covers most real traffic.
Scope
Expose the cap across the three surfaces, mirroring the existing RateLimiting wiring. Zero/unset must fall back to the default (zero never means "unlimited").
Notes
- Caps requests only; server-produced response content is unaffected.
- Out of scope: the management API (1MB) and auth-server (64KB) keep their own tighter caps — they don't carry MCP tool payloads.
Refs GHSA-grwg-v9p7-76m2, #5492.
Why
#5492 added a request-body size cap (
pkg/bodylimit) on the MCP proxies and vMCP, defaulting tobodylimit.DefaultMaxRequestBodySize(8MB) and rejecting oversized bodies with 413. 8MB is a sensible default, but operators should be able to tune it:tools/callpayloads (e.g. big inline base64 images/documents), orThis is the planned configurability follow-up to #5492. Non-urgent — the 8MB default covers most real traffic.
Scope
Expose the cap across the three surfaces, mirroring the existing
RateLimitingwiring. Zero/unset must fall back to the default (zero never means "unlimited").RunConfig.MaxRequestBodySize int64+WithMaxRequestBodySizebuilder option (pkg/runner/config_builder.go), read inPopulateMiddlewareConfigs/addBodyLimitMiddleware(0 →DefaultMaxRequestBodySize).--max-request-body-sizeCLI flag (cmd/thv/app/run_flags.goandcmd/thv/app/proxy.go); runtask docs.maxRequestBodySizeonMCPServerSpec, wired incmd/thv-operator/controllers/mcpserver_runconfig.go(mirrorRateLimiting); runtask operator-manifests operator-generate+task crdref-gen.Notes
Refs GHSA-grwg-v9p7-76m2, #5492.