Problem
The HTTP route doesn't wrap request.json() / model_validate, so a malformed request envelope (bad JSON, or a body that fails envelope validation) surfaces as a 500 rather than a 400 / structured protocol error.
This is the same robustness theme as the SESSION_PROPOSE hardening in PR #17, one level out: #17 guards the body of a well-formed envelope, this is the envelope itself.
What to do
Wrap envelope parsing at the route boundary so a malformed envelope returns a 400 (or a structured LDP error response) instead of a 500. Keep the tolerant-degradation behavior for forward-compat fields; this is specifically about not leaking an unhandled exception as a server error when a peer sends a bad envelope.
Scope
Python SDK HTTP route first. @phillipclapham flagged this in #17 and offered to take it.
Problem
The HTTP route doesn't wrap
request.json()/model_validate, so a malformed request envelope (bad JSON, or a body that fails envelope validation) surfaces as a 500 rather than a 400 / structured protocol error.This is the same robustness theme as the SESSION_PROPOSE hardening in PR #17, one level out: #17 guards the body of a well-formed envelope, this is the envelope itself.
What to do
Wrap envelope parsing at the route boundary so a malformed envelope returns a 400 (or a structured LDP error response) instead of a 500. Keep the tolerant-degradation behavior for forward-compat fields; this is specifically about not leaking an unhandled exception as a server error when a peer sends a bad envelope.
Scope
Python SDK HTTP route first. @phillipclapham flagged this in #17 and offered to take it.