feat(offload): add bounded tool-result recovery#448
Conversation
|
Thank you for submitting this PR and participating in Tencent Rhino-bird Open-source Training Program! |
YOMXXX
left a comment
There was a problem hiding this comment.
I cannot approve this as-is.
tdai_offload_read needs a stricter session boundary. The new tool reads full offloaded tool-result refs, but when ctx.sessionKey is missing it falls back to _lastActiveMgr:
const mgr = ctx?.sessionKey ? await _resolveSession(ctx.sessionKey, ctx?.sessionId) : _lastActiveMgr;That is not safe for a ref-reading tool. A caller without a session key can read from whichever session happened to be active last, as long as it supplies a refs/*.md name. Tool-result refs may contain raw command output, file contents, diagnostics, or other sensitive task data, so this should not inherit the looser fallback pattern used by internal lifecycle hooks.
Please require an active ctx.sessionKey (or another explicit, validated session binding) for tdai_offload_read, and add tests covering:
- missing
ctx.sessionKeyis rejected instead of using_lastActiveMgr - a valid session can read its own ref
- traversal/nested/absolute paths remain rejected
- requested
max_tokenscannot exceed the configured hard limit
There is also a correctness gap worth testing: when replacePromptFacingToolResult() cannot find the matching tool-result message, the raw large result may remain in event.messages even though event.result was replaced. The front-offload path should either guarantee replacement or log/fallback in a way that does not leave the prompt-facing history unbounded.
|
Addressed in e760342.
Added coverage for:
Also made front-offload replacement atomic: Validation:
|
|
Fixed in 9fc5563. The ref directory is agent-scoped, so requiring a valid sessionKey alone was insufficient. Refs now carry an owner sessionKey marker when they are written, and A ref written by Legacy refs without an owner marker are intentionally treated as unreadable through Validation:
|
Description | 描述
本 PR 从 #410 中拆分,仅聚焦工具结果卸载与按需读取行为。
主要改动:
inlineToolResultMaxTokens时,将完整结果写入refs/*.md,prompt 中仅保留摘要、result_ref、内容 hash 和恢复指引。tdai_offload_read,支持按 query、行号范围和 token 预算读取最小必要片段。refs/*.md校验,并要求存在活动 session。result_ref,避免重复写入完整结果。不包含以下内容:
Related Issue | 关联 Issue
Related to #120
从 #410 拆分,按评审意见收敛为独立的工具结果卸载/读取 PR。
Change Type | 修改类型
Self-test Checklist | 自测清单
验证命令:
npm.cmd testnpm.cmd run build:pluginnode --check dist\index.mjsgit diff --check验证结果:
dist/index.mjs语法检查通过。Additional Notes | 其他说明
该 PR 与 #375 独立,评审范围限定在有界卸载与恢复行为本身,不包含 recall 注入布局调整。