fix(reliability): session-boundary — ghost sessions, bridge leak, session validation
Neuron Soul CI / build (pull_request) Has been cancelled
Neuron Soul CI / build (pull_request) Has been cancelled
- sessions.el: add session_exists() for chat-path session validation (ISSUE #6/#7) - sessions.el: add session_create_cleanup() for ghost-session rollback (ISSUE #1) - sessions.el: set session_pending_first_msg flag in session_create; clear it in session_hist_save so the first successful chat marks the session active (ISSUE #1) - sessions.el: session_delete now clears mcp_bridge:<id> and always_allow_<id> state keys so abandoned pending-tool sessions do not accumulate (ISSUE #5) - sessions.el: add TODO comments for ISSUE #2 (no TTL/expiry), ISSUE #3 (non-atomic delete-then-create), ISSUE #4 (no concurrent-create guard), and ISSUE #8 (reconnect/duplicate resume race) where fixes are too invasive to land without new runtime primitives - chat.el: validate session_id exists via session_exists() before entering agentic_loop; unknown session_ids now return a 404-style error instead of silently starting a fresh empty session (ISSUE #6/#7)
This commit is contained in:
@@ -648,6 +648,21 @@ fn handle_chat_agentic(body: String) -> String {
|
||||
// Thread-aware activation: same logic as handle_chat.
|
||||
// Use the session's or global history to anchor short messages to the thread.
|
||||
let req_session: String = json_get(body, "session_id")
|
||||
|
||||
// ISSUE #6/#7: validate that the session_id actually exists before proceeding.
|
||||
// Without this check the loop silently treats any unknown/fabricated session_id
|
||||
// as a fresh session — history loads as empty and no error is returned to the caller.
|
||||
// Only validate when a session_id is explicitly provided; anonymous calls
|
||||
// (no session_id) continue to work for backward compatibility.
|
||||
let session_valid: Bool = if str_eq(req_session, "") {
|
||||
true
|
||||
} else {
|
||||
session_exists(req_session)
|
||||
}
|
||||
if !session_valid {
|
||||
return "{\"error\":\"session not found\",\"session_id\":\"" + req_session + "\",\"reply\":\"\"}"
|
||||
}
|
||||
|
||||
let hist_key: String = if str_eq(req_session, "") { "conv_history" } else { "session_hist_" + req_session }
|
||||
let agentic_hist: String = state_get(hist_key)
|
||||
let agentic_hist_len: Int = if str_eq(agentic_hist, "") { 0 } else { json_array_len(agentic_hist) }
|
||||
|
||||
Reference in New Issue
Block a user