fix(tool_def): bound parsed array flag inputs

[chaliy]

Motivation

• Prevent unbounded heap amplification from comma-split array flags which allows an attacker-controlled single argument to allocate millions of JSON values and cause an OOM/DoS.
• Ensure flag parsing accounts for parsed-parameter size before callbacks run so interpreter memory limits are not bypassed.

Description

• Add a small flag-parse budget (FlagParseBudget) and enforce a per-invocation parsed-bytes cap of 64 KiB via MAX_PARSED_FLAG_BYTES.
• Cap array-typed flags to at most MAX_ARRAY_FLAG_ITEMS (4096) and enforce that for JSON arrays, comma-split scalar shorthand, and repeated flag appends via ensure_array_item_limit.
• Thread the budget through parse_flags (now parse_flags_with_budget) and all aggregate/value consumers (consume_array_value, collect_object_from_pairs, consume_object_value) so parsed bytes are charged and oversized inputs are rejected before large allocations.
• Add unit tests exercising comma-split amplification, repeated-array append limits, and total parsed-bytes limit, and document the limits in specs/scripted-tool-orchestration.md.

Testing

• Ran formatting check with cargo fmt --check which passed.
• Ran unit tests cargo test --lib --features scripted_tool tool_def and all added + existing tests passed (41 tool_def/scripted_tool tests ran locally and passed).
• Ran linter cargo clippy --all-targets --features scripted_tool -- -D warnings which completed cleanly.

---

Codex Task

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	bashkit	80097ab	Commit Preview URL	Jun 02 2026, 09:31 AM