Add metadata size limits

[punk6529]

Summary

• Add contract-enforced byte limits for StreamCore collection metadata, token data/image/attributes, generated tokenURI, and DependencyRegistry script/provenance inputs.
• Add structured MetadataFieldTooLarge / DependencyFieldTooLarge custom errors plus focused boundary/oversized-input tests.
• Refresh metadata docs, roadmap/run-state traceability, changelog, ABI/bytecode artifacts, deployment manifests, release manifest, source verification inputs, and checksum bundle for the ABI/bytecode delta.

Continues #51. This intentionally leaves URI policy, semantic/structured attribute validation, invalid UTF-8 policy, and browser render-sandbox tests for later P1-META-006 slices.

Local validation

• forge test --match-contract StreamMetadataSizeLimitsTest -vvv
• forge test --match-contract StreamMetadataEscapingTest -vvv
• forge test --match-contract StreamDependencyRegistryTest -vvv
• forge build --sizes --via-ir --skip test --skip script --force (StreamCore 24,461 bytes, 115 bytes headroom)
• make release-checksums
• make check
• powershell -ExecutionPolicy Bypass -File scripts\check.ps1
• forge fmt --check smart-contracts\StreamCore.sol smart-contracts\DependencyRegistry.sol test\StreamMetadataSizeLimits.t.sol
• git diff --check

Note: full forge fmt --check smart-contracts still fails on existing legacy formatting outside this PR, as tracked in the roadmap; the files touched by this PR pass formatting.

Summary by CodeRabbit

• New Features

  • Metadata size limits enforced for collection and token fields, scripts, and generated URIs
  • Dependency metadata (scripts and provenance) now subject to byte-size validation
  • New error handling for oversized metadata submissions

• Tests

  • Added comprehensive test coverage for metadata size limit enforcement

• Documentation

  • Updated documentation on metadata size policies

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[punk6529]

@coderabbitai review

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3990088e-7a85-4472-b842-c32465c04a00

📥 Commits

Reviewing files that changed from the base of the PR and between d248502 and dff71a8.

📒 Files selected for processing (21)

• CHANGELOG.md
• deployments/address-books/anvil-6529stream-v0.1.0-001-broadcast.json
• deployments/address-books/anvil-6529stream-v0.1.0-001.json
• deployments/examples/anvil-6529stream-v0.1.0-001-broadcast.json
• deployments/examples/anvil-6529stream-v0.1.0-001.json
• docs/adr/0006-metadata-freeze.md
• docs/known-blockers.md
• docs/metadata.md
• docs/status.md
• ops/AUTONOMOUS_RUN.md
• ops/ROADMAP.md
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/abi-checksums.json
• release-artifacts/latest/release-artifact-manifest.json
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-manifest.json
• release-artifacts/latest/source-verification-inputs.json
• smart-contracts/DependencyRegistry.sol
• smart-contracts/StreamCore.sol
• test/README.md
• test/StreamMetadataSizeLimits.t.sol

---

📝 Walkthrough

Walkthrough

StreamCore and DependencyRegistry contracts enforce numeric byte-size limits on metadata fields, scripts, and generated tokenURI output through new constants and validation helpers. Tests verify boundary conditions and rejections. Documentation, operational logs, and release artifacts are updated to reflect the changes.

Changes

Metadata Size Limits

Layer / File(s)	Summary
Size limit constants and custom errors smart-contracts/StreamCore.sol, smart-contracts/DependencyRegistry.sol	StreamCore introduces seven public max-byte constants (collection text, token data/image/attributes, collection script chunks, generated tokenURI) and MetadataFieldTooLarge error. DependencyRegistry adds three constants (dependency script chunks, provenance) and DependencyFieldTooLarge error.
StreamCore enforcement across mutation paths smart-contracts/StreamCore.sol	All metadata mutations—createCollection, mint, updateCollectionInfo, changeTokenData, updateImagesAndAttributes, and _onchainTokenURI—integrate validation via _requireCollectionInfoLimits (collection fields, script chunks) and _requireMaxBytes (individual field byte checking) helpers. Generated tokenURI output is captured and validated before return.
DependencyRegistry enforcement smart-contracts/DependencyRegistry.sol	_createDependencyVersion calls _requireDependencyLimits to validate script chunk count/size and provenance bytes before persisting dependency versions. Helper functions implement structured validation.
Comprehensive test coverage test/StreamMetadataSizeLimits.t.sol, test/README.md	New test contract accepts boundary-sized inputs and rejects oversized collection/token/generated-URI/dependency metadata via expected reverts with encoded field identifiers and max values. Private helpers decode revert payloads and generate oversized content. README documents full P1-META-006 numeric-limit coverage.
Documentation and ADR updates CHANGELOG.md, docs/adr/0006-metadata-freeze.md, docs/known-blockers.md, docs/metadata.md, docs/status.md	CHANGELOG documents contract-enforced byte limits and Gate D/G artifact deltas. ADR 0006 expands P1-META-006 coverage to include all numeric byte-limit scopes. Blockers list updated to enumerate newly covered fields. Metadata.md adds "Size Limits" section with table of byte caps and error types. Status.md updates size-gate baseline and metadata test coverage.
Operational status and roadmap ops/AUTONOMOUS_RUN.md, ops/ROADMAP.md	AUTONOMOUS_RUN marks PR #111 (Queue Item 57) active with validation notes and decision log. ROADMAP updates StreamCore production size baseline and reflects numeric byte-limit enforcement as completed metadata escaping/render-safety implementation slice.
Release artifact regeneration deployments/address-books/*, deployments/examples/*, release-artifacts/latest/*	All deployment manifests, address books, and release checksums (SHA256SUMS, abi-checksums.json, release-artifact-manifest.json, release-manifest.json, source-verification-inputs.json) regenerated to reflect ABI/bytecode changes from new constants and error types.

Sequence Diagram(s)

sequenceDiagram
    participant Client as createCollection / mint / updateCollectionInfo
    participant StreamCore
    participant ValidateCollection as _requireCollectionInfoLimits
    participant ValidateBytes as _requireMaxBytes
    
    Client->>StreamCore: call mutation with metadata
    StreamCore->>ValidateCollection: validate all collection fields / full metadata
    ValidateCollection->>ValidateBytes: check each field byte length
    ValidateBytes-->>ValidateCollection: revert MetadataFieldTooLarge if exceeded
    ValidateCollection-->>StreamCore: revert if any field oversized
    StreamCore-->>Client: revert MetadataFieldTooLarge(field, actual, max)
    
    Note over Client,StreamCore: On valid input
    StreamCore->>StreamCore: persist collection/token data
    StreamCore-->>Client: success

Loading

sequenceDiagram
    participant Client as _onchainTokenURI
    participant Renderer as StreamMetadataRenderer
    participant ValidateBytes as _requireMaxBytes
    
    Client->>Renderer: render metadata to JSON
    Renderer-->>Client: generatedTokenUri
    Client->>ValidateBytes: validate generatedTokenUri length
    ValidateBytes-->>Client: revert MetadataFieldTooLarge(tokenURI, actual, max) if exceeded
    
    Note over Client,Renderer: On valid length
    Client-->>Client: return generatedTokenUri

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• 6529-Collections/6529Stream#84: Both modify smart-contracts/StreamCore.sol's metadata-significant write paths (changeTokenData, updateImagesAndAttributes), with this PR adding byte-limit checks layered above prior freeze-guard logic.
• 6529-Collections/6529Stream#87: Both change the same metadata update pipeline in StreamCore (updateImagesAndAttributes); retrieved PR adds JSON/raw-attribute escaping and structural guarding while this PR enforces byte-length limits on the same paths.
• 6529-Collections/6529Stream#90: Both refine the metadata/tokenURI generation flow in StreamCore (extracted StreamMetadataRenderer usage and on-chain generation); this PR adds missing byte-length limit enforcement atop that renderer-based pipeline.

Poem

🐰 Byte limits blooming in the spring,
Each field now knows its maximum thing,
Chunks and scripts and URIs defined,
Metadata safely size-aligned! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add metadata size limits' directly and clearly summarizes the main change: enforcement of byte limits for metadata fields across StreamCore and DependencyRegistry contracts.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/metadata-size-limits

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.