Truncate per-node error snippets in the ClusterError payload

find_leader concatenates ``{address}: {exception}`` strings across
every probed node. A server that emits a multi-megabyte FailureResponse
message would otherwise inflate the final ClusterError to O(N * M)
characters, which gets copied into every traceback and log record.
Cap each per-node snippet at 200 characters with a "[truncated, N
chars]" marker.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: antoineleclair

src/dqliteclient/cluster.py

@@ -29,6 +29,18 @@
 # max_attempts=...).
 _DEFAULT_CONNECT_MAX_ATTEMPTS = 3
 
+# Cap per-node error messages at this length before concatenating them
+# into the final ClusterError. A failing peer that returns a multi-MB
+# FailureResponse message would otherwise produce an O(N * M) string
+# held in memory and serialised into every traceback.
+_MAX_ERROR_MESSAGE_SNIPPET = 200
+
+
+def _truncate_error(message: str) -> str:
+    if len(message) <= _MAX_ERROR_MESSAGE_SNIPPET:
+        return message
+    return message[:_MAX_ERROR_MESSAGE_SNIPPET] + f"... [truncated, {len(message)} chars]"
+
 
 class ClusterClient:
     """Client with automatic leader detection and failover."""
@@ -134,7 +146,7 @@ async def find_leader(self, *, trust_server_heartbeat: bool = False) -> str:
                 # Narrow the catch so programming bugs (TypeError, KeyError,
                 # etc.) propagate directly instead of being stringified into
                 # a retryable ClusterError.
-                errors.append(f"{node.address}: {e}")
+                errors.append(f"{node.address}: {_truncate_error(str(e))}")
                 last_exc = e
                 continue
 

tests/test_cluster.py

@@ -601,3 +601,31 @@ async def get_leader(self) -> tuple[int, str]:
             result = await client._query_leader("localhost:9001")
 
         assert result is None
+
+
+class TestClusterErrorMessageTruncation:
+    """Per-node error snippets are capped before concatenation so a
+    verbose server message cannot inflate the ClusterError payload to
+    O(N * M).
+    """
+
+    async def test_large_per_node_error_is_truncated(self) -> None:
+        store = MemoryNodeStore(["a:9001", "b:9001", "c:9001"])
+        client = ClusterClient(store, timeout=1.0)
+
+        huge = "x" * 50_000
+
+        async def fake_query(_address: str, **_kwargs: object) -> str | None:
+            raise DqliteConnectionError(huge)
+
+        with (
+            patch.object(client, "_query_leader", side_effect=fake_query),
+            pytest.raises(ClusterError) as exc_info,
+        ):
+            await client.find_leader()
+
+        message = str(exc_info.value)
+        # Each per-node snippet is capped to ~200 chars + truncation
+        # marker; total upper bound well under the raw 150k.
+        assert len(message) < 3_000
+        assert "truncated" in message