Correctness: SSE event stream has no backpressure handling #98

New issue

Open

opened 2026-05-11 13:49:52 +00:00 by thabeta · 0 comments

thabeta commented

2026-05-11 13:49:52 +00:00

Owner

Severity: Medium

Location

crates/hero_aibroker_lib/src/sse.rs

Finding

The SSE event channel uses a bounded channel but doesn't handle backpressure when the client is slow:

let (tx, rx) = tokio::sync::mpsc::channel(100);

When the channel fills up:

tx.send() waits (blocking the async task)
This blocks the upstream provider response from being processed
Could cascade backpressure to the provider connection

Impact

Slow clients can block upstream connections
Memory pressure from buffered events
No mechanism to disconnect slow clients

Recommendation

Use try_send and disconnect clients that can't keep up
Add a configurable buffer size per client
Implement heartbeat/timeout for idle SSE connections

## Severity: Medium ## Location `crates/hero_aibroker_lib/src/sse.rs` ## Finding The SSE event channel uses a bounded channel but doesn't handle backpressure when the client is slow: ```rust let (tx, rx) = tokio::sync::mpsc::channel(100); ``` When the channel fills up: - `tx.send()` waits (blocking the async task) - This blocks the upstream provider response from being processed - Could cascade backpressure to the provider connection ## Impact - Slow clients can block upstream connections - Memory pressure from buffered events - No mechanism to disconnect slow clients ## Recommendation - Use `try_send` and disconnect clients that can't keep up - Add a configurable buffer size per client - Implement heartbeat/timeout for idle SSE connections