Per-container circuit breaker Maps have no maximum size cap. resetContainerBreakers and CONTAINER_BREAKER_TTL_MS are exported solely for test isolation, widening the public API surface.
Impact: Memory exhaustion under adversarial session ID stream.
Remediation:
- Add max-size guard in
getOrCreateBreaker()
- Remove
export from test-only symbols; use vi.resetModules() instead
Per-container circuit breaker Maps have no maximum size cap.
resetContainerBreakersandCONTAINER_BREAKER_TTL_MSare exported solely for test isolation, widening the public API surface.Impact: Memory exhaustion under adversarial session ID stream.
Remediation:
getOrCreateBreaker()exportfrom test-only symbols; usevi.resetModules()instead