candle-annotator/openspec/changes/archive/2026-02-20-code-review-fix/specs/ml-training/spec.md at 925e7284e33f1af4d058fe210335c44a2f50a316

Marko Djordjevic 925e7284e3 Archive code-review-fix change and sync specs to main

- Synced 14 capability delta specs to main specs
- Created 6 new main specs: api-authentication, error-boundary, input-validation, security-headers, shared-types
- Updated 8 existing specs with security, validation, and performance requirements
- Archived change to openspec/changes/archive/2026-02-20-code-review-fix/

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-02-20 08:54:59 +01:00

1.2 KiB

Raw Blame History

ADDED Requirements

Requirement: Training resource limits

The POST /training/start endpoint SHALL enforce resource limits: the training dataset file size SHALL not exceed 500MB, and the training thread SHALL have a configurable timeout (default: 30 minutes). If the timeout is exceeded, the training thread SHALL be marked as failed.

Scenario: Dataset too large

WHEN the training dataset exceeds 500MB
THEN training fails immediately with { "detail": "Dataset too large. Maximum 500MB." }

Scenario: Training timeout

WHEN a training run exceeds the 30-minute timeout
THEN the training status is set to "failed" with reason "Training timed out"

Requirement: run_id validation on training endpoints

The FastAPI training endpoints (DELETE /training/runs/{run_id}, GET /training/runs/{run_id}) SHALL validate that run_id matches /^[a-zA-Z0-9_-]+$/ before any database or file operation.

Scenario: Valid run_id

WHEN DELETE /training/runs/run-2024-01-15_v3 is called
THEN the request proceeds normally

Scenario: Invalid run_id

WHEN DELETE /training/runs/../../admin is called
THEN the endpoint returns HTTP 400 with { "detail": "Invalid run_id format" }

1.2 KiB Raw Blame History