Skip to content

[pull] main from danny-avila:main#127

Merged
pull[bot] merged 5 commits into
innFactory:mainfrom
danny-avila:main
Jul 1, 2026
Merged

[pull] main from danny-avila:main#127
pull[bot] merged 5 commits into
innFactory:mainfrom
danny-avila:main

Conversation

@pull

@pull pull Bot commented Jul 1, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

* fix: stop eager tool execution from corrupting large streamed args

Two related eager-execution defects surfaced by create_file writing a large
(multi-KB) Python file to the sandbox:

1. mergeToolCallArgsText's overlap-dedup heuristic stripped any >=8-char
   sequence where the accumulated text's suffix matched an incoming chunk's
   prefix. Indented code (8 spaces of double-indent, repeated tokens) trips
   this constantly, silently deleting hundreds of characters from the eager
   args. The corrupted eager args then (a) get written to disk and (b) diverge
   from the final LangChain-collapsed args, tripping the 'changed after eager
   execution' guard -> the model is told the write failed and loops.

   Fix: only dedupe an overlap when doing so yields a MORE complete parse than
   a plain append (a genuine partial resend recovers structure a doubled seam
   would break); otherwise concatenate and keep every character. Preserves the
   existing resend/cumulative dedup tests.

2. Side-effecting tools should not be executed speculatively at all: a
   speculative write can land even when the turn is superseded. Add
   EagerEventToolExecutionConfig.excludeToolNames so hosts can opt specific
   tools (create_file/edit_file) out of eager execution; excluded calls fall
   through to normal ToolNode execution with final args.

Adds tests: large indented args accumulate without dropping characters, and
excludeToolNames suppresses prestart.

* refactor: withdraw mergeToolCallArgsText heuristic; rely on eager exclusion

The parse-completeness heuristic can't disambiguate a genuine string-internal
resend from a coincidental overlap — they're byte-identical patterns with
opposite correct merges (Codex Finding 1). Rather than trade one corruption
for another, revert the merge to its original behavior and rely solely on
excludeToolNames: excluding side-effecting tools (create_file/edit_file) from
eager execution routes them through the normal ToolNode path, which uses the
final LangChain-collapsed args — correct for incremental-delta providers like
Bedrock — with no speculative write and no merge guessing.

* fix: apply eager exclusion after batch-level direct-tool guards

Filtering excluded tools before createEagerToolExecutionPlan hid them from
hasDirectToolCallInBatch, so an excluded tool that is also a direct tool could
let a sibling event tool prestart in a mixed direct-tool batch. Move the
exclusion into the plan's candidate selection, after the batch-level guards run
against the full batch. Adds a regression test.
src/specs/summarization.test.ts is a single ~3.7k-line file, and Jest runs
tests within one file sequentially (--maxWorkers only parallelizes across
files). The summarization-tests job therefore ran every provider E2E suite
(Anthropic, Bedrock, OpenAI) plus all local suites back-to-back on one runner.

Split the job into a fail-fast:false matrix that runs each provider group and
the hermetic "no API keys" group as independent parallel jobs, selected via
Jest -t name patterns:
  - anthropic: Anthropic E2E + Token accounting audit (both hit the Anthropic API)
  - openai:    OpenAI E2E
  - bedrock:   Bedrock E2E
  - local:     all "(no API keys)" suites

Keeping each provider in its own serial job avoids cross-job rate-limit
contention while cutting wall-clock time to the slowest group. The patterns
partition all 25 tests with no gaps or overlaps.
…lNames) (#283)

* feat: let host tools share the code-execution session (codeSessionToolNames)

Files written by a host sandbox tool (e.g. LibreChat's create_file) were
invisible to later bash_tool/execute_code calls because the shared code session
(sessions[EXECUTE_CODE]) is only updated for built-in CODE_EXECUTION_TOOLS. A
host authoring tool wrote to one exec session; the next code tool started its
own — so 'create_file then run it' failed with file-not-found.

Add RunConfig.codeSessionToolNames: a host-declared set of tool names that
write to the sandbox. Their successful results fold the returned exec
session_id into the shared code session, so subsequent code tools reuse the
same sandbox. Kept name-scoped (not a blanket artifact opt-in) so only
host-declared tools can influence the shared session; threaded RunConfig ->
Graph -> ToolNode like eagerEventToolExecution.

Adds ToolNode.session tests: a declared host tool stores its exec session; the
same tool undeclared does not.

* fix: attach code session to declared host tools + wire traditional ToolNode

Two gaps in the codeSessionToolNames wiring (Codex review):

- Read direction: codeSessionContext was attached to requests only for
  built-in code tools, skill, and read_file. A declared host tool (create_file/
  edit_file) called when a session already exists got no session_id/files, so
  it wrote into a fresh sandbox and lost prior in-session state. Now gated on
  participatesInCodeSession in the event request builder and the eager stream
  planner (getCodeSessionContext).
- The non-event-driven ToolNode in initializeTools didn't receive
  codeSessionToolNames, so the option was ignored on the traditional path. Pass
  it there too.

Adds a test: a declared host tool request receives the existing code session.

* fix: inject session for direct host tools + auto-exclude session tools from eager

Two more gaps (Codex review):
- The direct runTool pre-invocation injection (session_id/_injected_files) was
  gated on built-in CODE_EXECUTION_TOOLS, so a declared host tool on the
  traditional path got no current session and wrote to a fresh sandbox. Gate on
  participatesInCodeSession.
- A codeSessionToolNames tool writes to the shared sandbox, so it is
  side-effecting and must not be eagerly prestarted. isEagerExecutionExcludedTool
  now treats codeSessionToolNames members as excluded, so hosts don't have to
  duplicate the name in excludeToolNames.
@pull pull Bot locked and limited conversation to collaborators Jul 1, 2026
@pull pull Bot added the ⤵️ pull label Jul 1, 2026
@pull
pull Bot merged commit 2ff48ea into innFactory:main Jul 1, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant