Skip to content

Workflow status is tracked in GitHub: https://github.com/emulebb/emulebb/issues/40. This local document is retained as an engineering spec/evidence record.

BUG-132 - Follow up deferred qBit session and bulk REST hardening

Summary

Track the remaining non-RC-blocking REST/qBit hardening findings from the final pre-RC1 C++ stabilization pass. These should be revalidated against current main before implementation because controller behavior has been changing quickly during RC preparation.

Findings

  • qBit compatibility sessions currently outlive API-key rotation because the static SID is not bound to the credential generation in srchybrid\WebServerQBitCompat.cpp.

Acceptance Criteria

  • [ ] qBit sessions are invalidated or generation-bound when API credentials change.
  • [x] qBit torrent-info responses avoid unbounded full-queue serialization on hot polling paths.
  • [x] Bulk native transfer-add rejects oversized links payloads before expensive parsing.
  • [ ] Behavior is documented as compatibility hardening with minimal API drift.

Notes

Deferred by operator decision while RC1-focused fixes landed under BUG-131. The qBit torrent-info hot-polling sub-finding was resolved later under BUG-133 and tightened under BUG-134. Native bulk transfer-add caps were resolved under BUG-134. This item remains deferred for qBit session invalidation.