Category: spec-conformance Severity: minor
Location: packages/runtime/src/lease.ts:174-179
Spec: ARCP v1.1 §9.5
What
At op-check time an unparseable expires_at is treated as 'never expires' (early return). Submission-time validation backstops this in the normal path, but if a lease ever reaches enforcement with an invalid timestamp the operation runs unbounded instead of failing closed.
Evidence
const expiresMs = Date.parse(expiresAt);
if (!Number.isFinite(expiresMs) || now < expiresMs) return;
throw new LeaseExpiredError(`Lease expired at ${expiresAt}`, {Proposed fix
On !Number.isFinite(expiresMs), fail closed — throw LeaseExpiredError (or InvalidRequestError) rather than returning.
Acceptance criteria
Category: spec-conformance Severity: minor
Location:
packages/runtime/src/lease.ts:174-179Spec: ARCP v1.1 §9.5
What
At op-check time an unparseable expires_at is treated as 'never expires' (early return). Submission-time validation backstops this in the normal path, but if a lease ever reaches enforcement with an invalid timestamp the operation runs unbounded instead of failing closed.
Evidence
Proposed fix
On !Number.isFinite(expiresMs), fail closed — throw LeaseExpiredError (or InvalidRequestError) rather than returning.
Acceptance criteria