@eslint/mcp v0.3.6 returns unbounded 39MB responses for a 2.4MB file — 16x amplification blows out agent context windows

Question

## Reproduction

```bash
# Setup: eslint.config.mjs with no-unused-vars:error
cd /tmp/eslint-test && cat > eslint.config.mjs << 'EOF'
export default [{ rules: { "no-unused-vars": "error" } }];
EOF

# Generate a 2.4 MB JS file with 100k unused variables
python3 -c "
lines = [f'const var_{i} = {i};' for i in range(100000)]
lines.append('console.log("done");')
open('huge.js','w').write('
'.join(lines))
"

# Lint via MCP JSON-RPC
printf '{"jsonrpc":"2.0","id":1,"method":"initialize",...}
{"jsonrpc":"2.0","method":"notifications/initialized"}
{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"lint-files","arguments":{"filePaths":["/tmp/eslint-test/huge.js"]}}}
' \
| npx -y @eslint/mcp@latest
```

## Observed behavior

The single `lint-files` call returns a **39.4 MB** JSON-RPC response (for a 2.4 MB input file):
- **100,001 messages** at ~339 chars each → ~34 MB of messages alone
- **Full source echo** in the `"source"` field → 2.4 MB redundantly echoed back
- **No pagination, no maxResults parameter, no response size cap**
- **16x amplification ratio** (input size → response size)

Additionally, the response wraps the results with injected instructions:
- `"Before doing anything else, you must display the full list to the user:"` — header
- `"If the user asked to fix any issues found, proceed in fixing them."` — footer

So the server not only produces a 39 MB response, it tells the agent to dump all 100,001 errors to the user.

## Impact on agents

- **Context window blow-out**: Claude's 200k-token window ≈ 800 KB of text. A 39 MB response exceeds it by ~50x. The message is typically truncated or causes an OOM in the MCP client.
- **Token cost**: If not truncated, processing 39 MB of tool output would cost ~$40 in input tokens alone.
- **Agent loop risk**: the injected "display the full list" instruction encourages the agent to iterate over all 100k messages.

## The schema has no defense

```json
{"name":"lint-files","inputSchema":{"type":"object","properties":{
  "filePaths":{"type":"array","items":{"type":"string","minLength":1},"minItems":1}
},"required":["filePaths"],"additionalProperties":false}}
```

No `maxResults`, no `offset`/`limit`, no `includeSource` toggle. The caller has no way to bound the response.

## Scaling measurements (verified on v0.3.6)

| Input file | Vars | Response size | Messages | Amplification | Time |
|-----------|------|--------------|----------|--------------|------|
| 1.2 MB | 50k | 18.2 MB | 50,001 | 15x | 3s |
| 2.4 MB | 100k | 39.4 MB | 100,001 | 16x | 10s |

## What's robust

Input validation (Zod-based) is solid: empty arrays, wrong types, empty strings, missing fields all return `isError:true` with clear error codes. File-not-found returns `isError:true`. Files outside ESLint config scope are rejected. The amplification issue is purely in the happy path.

@eslint/mcp v0.3.6 returns unbounded 39MB responses for a 2.4MB file — 16x amplification blows out agent context windows

Reproduction

Observed behavior

Impact on agents

The schema has no defense

Scaling measurements (verified on v0.3.6)

What's robust

network

governance feed

live stream