fix(orb): authenticate relay registration before body parse

[JSONbored]

Motivation

• Close a security-relevant DoS vector where /v1/orb/relay/register parsed an unbounded JSON body before validating the caller's enrollment secret.
• Authenticate the enrollment secret before any body read and add a small hard body cap to limit per-request parsing cost (defense-in-depth consistent with other orb ingress paths).

Description

• Add MAX_ORB_RELAY_REGISTER_BODY_BYTES and readOrbRelayRegisterBody in src/orb/relay.ts to enforce a 4 KiB streamed body ceiling and a Content-Length pre-check.
• Introduce validateOrbRelayEnrollment and registerValidatedOrbRelay in src/orb/relay.ts, and refactor registerOrbRelay to reuse them so enrollment validation can be done independently of body parsing.
• Update the route handler in src/api/routes.ts to validate the enrollment secret first, short-circuit with 401/403 on invalid secrets, call readOrbRelayRegisterBody to enforce the size cap (returning 413 on overflow), and only then parse JSON and persist the relay URL.
• Add/adjust integration tests in test/integration/orb-relay.test.ts to cover oversized registration payloads (413) and to assert that an invalid enrollment is rejected before any request-body access.

Testing

• Ran npx vitest run test/integration/orb-relay.test.ts and the integration suite for orb-relay passed (all tests in that file succeeded).
• Ran npm run typecheck and git diff --check which succeeded with no type or diff errors.
• Ran npm run ui:openapi:check which completed successfully.
• Attempted the full local gate via npm run test:ci, but the run failed during coverage generation with an unrelated Vitest coverage provider error (TypeError: jsTokens is not a function), so the full CI/gate could not be completed locally; npm audit --audit-level=moderate also failed due to an npm registry 403 Forbidden during the audit request.

---

Codex Task

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.38%. Comparing base (9e1c351) to head (65d30a1).
⚠️ Report is 4 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1397   +/-   ##
=======================================
  Coverage   95.38%   95.38%           
=======================================
  Files         201      201           
  Lines       21598    21629   +31     
  Branches     7807     7816    +9     
=======================================
+ Hits        20601    20631   +30     
  Misses        416      416           
- Partials      581      582    +1     

Files with missing lines	Coverage Δ
src/api/routes.ts	94.57% <100.00%> (-0.04%)	⬇️
src/orb/relay.ts	100.00% <100.00%> (ø)

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	gittensory-ui	f20438e	Commit Preview URL Branch Preview URL	Jun 26 2026, 09:13 PM

[superagent-security]

Superagent didn't find any vulnerabilities or security issues in this PR.

[gittensory-orb]

Tip

🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩

✅ Gittensory review — safe to merge

3 files · 1 AI reviewers · no blockers · readiness 48/100 · CI green · blocked

✅ Approved — safe to merge

Signal	Result	Evidence
Code review	✅ No blockers	1 reviewers, synthesized
Linked issue	⚠️ Missing	No linked issue or no-issue rationale found.
Related work	⚠️ 3 scoped overlaps	Top overlaps are listed below; lower-confidence bulk is hidden.
Review load	❌ 8/20	Readiness component derived from cached public PR metadata and labels; size label size:M.
Validation evidence	❌ 5/25	Cached preflight status is hold.
Open PR queue	❌ 3/10	48 open PR(s), 9 likely reviewable, 39 unlinked.
Contributor context	✅ Confirmed Gittensor contributor	JSONbored; Gittensor profile; 81 PR(s), 261 issue(s).
Gate result	✅ Passing	No configured blocker found.

Nits — 2 non-blocking

• Repository config was not parsed
• No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.

Review context

• Author: JSONbored
• Role context: owner (maintainer lane)
• Public audience mode: oss maintainer
• Lane context: Repository registration is not available in the local Gittensory cache.
• Public profile languages: not available
• Official Gittensor activity: 81 PR(s), 261 issue(s).
• Related work: Titles/paths share 8 meaningful terms. (PR #1395)
• Related work: Titles/paths share 8 meaningful terms. (PR #1427, PR #1489)
• Related work: Titles/paths share 7 meaningful terms. (PR #1537, PR #1546)
• Additional title-only matches omitted; title-only overlap does not block.

Contributor next steps

• Treat this as maintainer-lane context rather than normal contributor-lane activity.
• Explain no-issue PR.
• Review top overlaps.
• Add scope summary.
• Fix blocker.
• Expect slower review.
• Refresh registry data or choose a registered active repo.
• Link the issue being solved, or explicitly explain why this is a no-issue PR.
• Check active issues and PRs before submitting.

Signal definitions

• Related work = same linked issue, overlapping active PRs, or title/path similarity.
• Review load = cached public PR metadata such as size labels, changed paths, and preflight status.
• Open PR queue = repo-wide review pressure; it is not a PR quality failure.
• Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

_{🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed}

---

💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

• Re-run Gittensory review