Failure Atlas

Navigate failure domains, deterministic reproductions, containment guardrails, and postmortems as one connected documentation system.

FP = Failure Pattern FM = Failure Mode / Reproduction GR = Guardrail PM = Postmortem

GR_005 · Bounded Pagination State Registry

Type
GR
Failure domain
Resource Exhaustion
Mechanism
Server-side Cursor Growth
Status
validated
View source on GitHub

Related artifacts

FM_002 · FP_005 · PM_005

Failure Pattern Mitigated

  • FP_005 Unbounded Pagination Cookie State Amplification

Invariant Enforced

  • INV_006 — remote request-driven state growth must remain bounded.

Guardrail Design

Project pagination into a deterministic bounded state budget. Every new cookie allocation must pass through capacity enforcement with explicit overflow behavior (evict/reject/expire).

Implementation Sketch

  • maintain a cookie registry with explicit MAX_COOKIES_TRACKED
  • on cookie insert:
  • if under cap: insert
  • if at cap: evict oldest entry first (FIFO in FM_002) and then insert
  • expose evicted_count and cookie_count as detection signals

Tradeoffs / Limits

  • attacker can churn cookies and evict legitimate pagination state
  • bounded memory is preserved, but pagination continuity may degrade under abuse
  • FIFO is simple but not always optimal; TTL/LRU or stateless authenticated cookies may better fit production constraints
  • atlas: atlas/FP_005_unbounded_pagination_cookie_state_amplification.md
  • lab proof: lab/failure_modes/FM_002_unbounded_pagination_state/