jaegermcp: enforce MaxSpanDetailsPerRequest in get_span_details#8174
Open
jkowall wants to merge 2 commits intojaegertracing:mainfrom
Open
jaegermcp: enforce MaxSpanDetailsPerRequest in get_span_details#8174jkowall wants to merge 2 commits intojaegertracing:mainfrom
jkowall wants to merge 2 commits intojaegertracing:mainfrom
Conversation
Signed-off-by: Jonah Kowall <jkowall@kowall.net>
jkowall
added
the
changelog:refactoring
Contributor
Author
|
Porting over Yuri's review note from the fork PR for context:
Addressed in this PR by:
My reply: updated accordingly. The handler now relies on validated config instead of carrying its own backup default. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR makes the get_span_details MCP tool respect the existing MaxSpanDetailsPerRequest configuration, preventing unbounded span ID requests from driving excessive CPU/memory work.
Changes:
- Pass
MaxSpanDetailsPerRequestfrom the MCP server into theget_span_detailshandler. - Enforce the max span ID count in
get_span_detailsrequest validation. - Strengthen config validation and expand unit test coverage for invalid config and oversized requests.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| cmd/jaeger/internal/extension/jaegermcp/server.go | Wires MaxSpanDetailsPerRequest into the get_span_details handler constructor. |
| cmd/jaeger/internal/extension/jaegermcp/internal/handlers/get_span_details.go | Adds a per-request span_ids length guard based on configured max. |
| cmd/jaeger/internal/extension/jaegermcp/internal/handlers/get_span_details_test.go | Updates handler construction in tests and adds coverage for oversized span_ids. |
| cmd/jaeger/internal/extension/jaegermcp/config.go | Adds an explicit low-end validation for MaxSpanDetailsPerRequest. |
| cmd/jaeger/internal/extension/jaegermcp/config_test.go | Adds a test case for too-low MaxSpanDetailsPerRequest. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Jonah Kowall <jkowall@kowall.net>
jkowall
force-pushed
the
codex/upstream-get-span-details-limit-dco
branch
from
bae483a to
c47b392
Compare
yurishkuro
reviewed
Mar 14, 2026
|
|
||
| if len(input.SpanIDs) > h.maxSpanDetailsPerRequest { | ||
| return querysvc.GetTraceParams{}, fmt.Errorf( | ||
| "span_ids must not exceed %d items", |
Member
There was a problem hiding this comment.
Suggested change
| "span_ids must not exceed %d items", | |
| "Number of input Span IDs must not exceed %d items", |
yurishkuro
reviewed
Mar 14, 2026
| ServerVersion string `mapstructure:"server_version" valid:"required"` | ||
|
|
||
| // MaxSpanDetailsPerRequest limits the number of spans that can be fetched in a single request. | ||
| MaxSpanDetailsPerRequest int `mapstructure:"max_span_details_per_request" valid:"range(1|100)"` |
yurishkuro
reviewed
Mar 14, 2026
| if cfg.MaxSpanDetailsPerRequest < 1 { | ||
| return fmt.Errorf("max_span_details_per_request must be at least 1") | ||
| } | ||
| if cfg.MaxSpanDetailsPerRequest > 100 { |
Member
There was a problem hiding this comment.
why do this manually instead of via govalidator.ValidateStruct ?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
get_span_detailsaccepted unboundedspan_idslists even though the MCP config already exposedMaxSpanDetailsPerRequest.Description
MaxSpanDetailsPerRequestinto theget_span_detailshandler from the server.span_idsexceed the configured limit.MaxSpanDetailsPerRequestinConfig.Validate()so the handler can rely on it.span_idsrequest case.Testing
make fmt/make linthad to be executed manually because this Windows + WSL environment cannot execute the repo shebang scripts directly).go test -race ./cmd/jaeger/internal/extension/jaegermcp/....make test; it still fails in this environment due unrelated existing failures incmd/anonymizer/app/uiconvandinternal/uimodel/converter/v1/json.