NORTHSET
Proof-of-Pass Receipt
Receipt ID M-114
ISSUE / WORKabort and correct the error message when `body.formData()` fails · PR #1904
CONTRIBUTOR SELF-RUN — NOT MAINTAINER VERIFICATION
RUN→
01 / TECHNICAL RESULT
Technical result
declared commands passed
Recorded on the named code in the named execution environment. The evidence annex carries the exact scope.
- Upstream
- OPENmutable external state
- Attempts
- 2 totalcurrent
M-114· #2 - Cost record
- PARTIALunpriced
02 / RECORDED WORK SEQUENCE
Northset Proofline
Every task-bound attempt is shown in recorded order. Anatomy geometry follows each non-null elapsed duration’s share; labels retain exact recorded time.
- ATTEMPT 1
M-109FAILED ORACLEverification - ATTEMPT 2
M-114READY
ATTEMPT 2 / EXECUTION ANATOMY
03 / ECONOMIC NARRATIVE
Economic identity
Observed sponsorship, authorization, scope, transfer, and outcome. No estimates or inferred value.
01 / MANDATE
Sponsored and authorized
The recorded mandate names both its sponsor and initiative, with authorization tied to a named approver and approval time.
02 / WORK
Demand became scoped work
An external issue invitation became a stable task and a recorded code-and-test scope, without treating scope as a measure of value.
03 / EXTERNAL OUTCOME
Transfer and upstream state
The recorded maintainer transfer and its contingency are separate from upstream state, which remains a mutable external observation.
04 / COST COMPLETENESS
Known, unknown, and unpriced
Known: maintainer payment was none. A known zero external transfer is not a zero total cost.
Missing or unpriced components
- model inference
- actual host compute
- human review
- shared tooling
No complete total is recorded; see the missing or unpriced component record above.
Evidence annexEconomic · technical · provenance · limitations
01Economic evidence
Lineage, usage, caps, outcome, and cost provenance
Economic evidence
Lineage, usage, caps, outcome, and cost provenanceAttempt lineage
M-109attempt 1 · FAILED ORACLE · verificationM-114attempt 2 · READY
Recorded usage
- requested reviewer model
- gpt-5.6-sol
- actual reviewer model
- not captured
- requested author model
- gpt-5.6-sol
- actual author model
- not captured
- networked setup phase
- 2m03s
- install-only duration
- not captured
- declared commands
- 2.5s
- unclassified executor time
- 27s
- CPU time
- not captured
- peak RSS
- not captured
Configured resource envelope
- CPU cap
- 2
- memory cap
- 4096 MB
- PID cap
- 512
- command wall cap
- 1800s
- output cap / stream
- 2000000 bytes
Configured limits are an envelope, not observed consumption.
Cost lines
- maintainer paymentobserved quantity unpriced · 0 external transfer · amount unavailable
Cost status: partial. Values without source-backed quantities and rates remain null.
Outcome facts
- technical checks passed
- true
- PR opened
- true
- CI
- pending
- merged
- false
- accepted as submitted
- not established
- external cycle time
- not captured
- released
- not observed
- deployed
- not observed
- business result
- not observed
02Technical evidence
Code, environment, exact commands, patch, and outputs
Technical evidence
Code, environment, exact commands, patch, and outputsProject
Work
abort and correct the error message when `body.formData()` fails · PR #1904
Verification execution
runtime: northset-oss executor v1
human operator: aeziz
Code
- base
8b3320d2a7c07bce4afc6b2bf6c3bbddda85b01f- recorded patch commit
56531be33fda3097c6541a7b987fa7f525489987
declared metadata; not execution-bound- patch diff SHA-256
sha256:4e0b253daa4007befcc64821ab107700155ba5cc08676b8132a74470676ee032
bound to executed patch bytes
Environment
- image reference
- node@sha256:40ad9f3064e67d6860b4bc3fe1880b2953934fd6320ada990e45fe0efa6badd7
- repository digest
node@sha256:40ad9f3064e67d6860b4bc3fe1880b2953934fd6320ada990e45fe0efa6badd7- immutable image ID
sha256:6ed6ff875e9714bb845b850b08f3ad231ccbb5848812647bcf11acdd4bd1d2f8- platform
- linux/arm64
- network
- phaseA:bridge,phaseB:none
Declared checks
Execution summary
1/1 declared command returned exit 0 in the recorded environment
npm test -- test/form-data-invalid-content-type.jsexit 0 · 2.5s
run wall (derived from recorded timestamps) 2m32s
PASS — 1/1 declared command
Every command listed returned exit 0 in the declared environment. Only the listed commands are in scope. Unlisted test, lint, typecheck, build, coverage, compiler, full-suite, and CI gates are not implied or recorded.
Public scope interpretation
The receipt proves the declared automated checks only; maintainer review and merge remain independent human decisions.
Committed patch.diff
diff --git a/src/body.js b/src/body.js
index 714e27ec4aa74103a246480cf2bbcd9ae2103823..7226a0ccdac7439d66ecdca2271cc974d44b2134 100644
--- a/src/body.js
+++ b/src/body.js
@@ -109,8 +109,9 @@ export default class Body {
async formData() {
const ct = this.headers.get('content-type');
+ const contentType = ct?.split(';', 1)[0].trim().toLowerCase();
- if (ct.startsWith('application/x-www-form-urlencoded')) {
+ if (contentType === 'application/x-www-form-urlencoded') {
const formData = new FormData();
const parameters = new URLSearchParams(await this.text());
@@ -121,6 +122,11 @@ export default class Body {
return formData;
}
+ if (contentType !== 'multipart/form-data') {
+ this.body?.destroy();
+ throw new TypeError('Failed to fetch');
+ }
+
const {toFormData} = await import('./utils/multipart-parser.js');
return toFormData(this.body, ct);
}
diff --git a/test/form-data-invalid-content-type.js b/test/form-data-invalid-content-type.js
new file mode 100644
index 0000000000000000000000000000000000000000..0620afe7ea05b017f58ddb4ed310ae966caa2d90
--- /dev/null
+++ b/test/form-data-invalid-content-type.js
@@ -0,0 +1,38 @@
+import {PassThrough} from 'node:stream';
+
+import chai from 'chai';
+import {Request, Response} from '../src/index.js';
+
+const {expect} = chai;
+
+describe('Body.formData', () => {
+ it('destroys body for invalid form data content type', async () => {
+ const createBodies = [
+ (body, headers) => new Response(body, {headers}),
+ (body, headers) => new Request('https://example.com', {
+ method: 'POST',
+ body,
+ headers
+ })
+ ];
+
+ for (const contentType of [undefined, 'text/plain']) {
+ for (const createBody of createBodies) {
+ const stream = new PassThrough();
+ const headers = contentType === undefined ? {} : {'content-type': contentType};
+ const body = createBody(stream, headers);
+ let error;
+
+ try {
+ await body.formData();
+ } catch (error_) {
+ error = error_;
+ }
+
+ expect(error).to.be.instanceOf(TypeError);
+ expect(error.message).to.equal('Failed to fetch');
+ expect(stream.destroyed).to.be.true;
+ }
+ }
+ });
+});
Redacted stdout
=== cmd 1: npm test -- test/form-data-invalid-content-type.js ===
> node-fetch@3.1.1 test
> mocha test/form-data-invalid-content-type.js
Body.formData
✔ destroys body for invalid form data content type
1 passing (7ms)
Redacted stderr
=== cmd 1: npm test -- test/form-data-invalid-content-type.js ===
03Provenance & limitations
Bundle identity, attestation, verification, and claims boundary
Provenance & limitations
Bundle identity, attestation, verification, and claims boundaryRecord details
- payment
- none · not merge-contingent
- redactions
- none recorded
- Bundle contents digest
sha256:afc23ce06661733092154c50fda1ce11041d26114fb060712dc5ec78fba7f9b9- Signed asset SHA-256
sha256:567f7f77c13be6665b71c0b045265986385d259377dd7e423d1224e5432908b3- Signed provenance recorded
- verified 2026-07-16T19:32:26.173Z
NOT INCLUDED
- Does not prove code quality
- Does not prove security
- Contributor self-run record of Northset's own contribution; not the maintainer's verification.
- The receipt proves the declared automated checks only; maintainer review and merge remain independent human decisions.
Signed bundle
Verify this receipt
gh attestation verify run-record-M-114-afc23ce06661.tar.gz --repo northset-oss/verification-pilot --signer-workflow northset-oss/verification-pilot/.github/workflows/attest-bundle.ymlAttestation confirms that Northset's signing workflow produced this exact bundle. The signer does not witness the recorded run, and verification does not turn it into maintainer verification.
QR → receipt page