Add limits.max_agent_doc_size config

[michel-laterman]

What is the problem this PR solves?

Prevent fleet-server from going OOM when a compressed checkin request size explodes on decompression.

How does this PR solve the problem?

Add a new config option called limits.max_agent_doc_size that defaults to 20mb. This limit is applied to the gzip.Reader for compressed requests.

Design Checklist

• I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
• I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
• I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool

[github-actions]

TL;DR

The E2E Test Buildkite step failed at package level (testing/e2e), but the provided log is truncated and does not include the actual failing test/error line. Immediate next action is to re-run the job (or fetch build/test-e2e-<os>.out) to capture the first failure line.

Remediation

• Re-run Buildkite build 14954 (or open the full raw log/artifact) and capture the first --- FAIL: / panic: / WARNING: DATA RACE line from testing/e2e output.
• If available, upload/extract build/test-e2e-linux.out from the failing run (the mage target writes this file even when go test fails) and use that as the canonical failure source.

Investigation details

Root Cause

Not conclusive from available data. The pre-fetched step log ends with package-level failure only:

• FAIL github.com/elastic/fleet-server/testing/e2e 1242.627s
• no corresponding --- FAIL: <test> / panic / race line is present in the provided file.

Related execution paths:

• .buildkite/scripts/e2e_test.sh:16 runs mage test:e2e test:junitReport
• magefile.go:2162 runs e2e with go test ... -race ... ./...
• magefile.go:2172 writes build/test-e2e-<os>.out after test execution

Evidence

• Build: https://buildkite.com/elastic/fleet-server/builds/14954
• Job/step: E2E Test (.buildkite/scripts/e2e_test.sh)
• Key log excerpt:
  • FAIL github.com/elastic/fleet-server/testing/e2e 1242.627s
  • Error: exit status 1

Verification

• Not run locally: Docker daemon is unavailable in this environment, so e2e reproduction here is not possible.

Follow-up

Once the first failing line is available, I can map it to the exact source/test and provide a concrete code-level fix.

Note

🔒 Integrity filter blocked 2 items

The following items were blocked because they don't meet the GitHub integrity level.

• Add limits.max_agent_doc_size config #7135 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #7135 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

---

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.