Skip to content

fix: stop leaking prePromptMessageCount to daemon in afterTurn#1

Closed
xDarkicex wants to merge 1 commit intofuller-stack-dev:mainfrom
xDarkicex:fix/afterturn-prePromptMessageCount-leak
Closed

fix: stop leaking prePromptMessageCount to daemon in afterTurn#1
xDarkicex wants to merge 1 commit intofuller-stack-dev:mainfrom
xDarkicex:fix/afterturn-prePromptMessageCount-leak

Conversation

@xDarkicex
Copy link
Copy Markdown

@xDarkicex xDarkicex commented Apr 29, 2026
edited by coderabbitai Bot
Loading

Summary

  • afterTurn was spreading ...args into the RPC call, leaking prePromptMessageCount, tokenBudget, and runtimeContext to the daemon
  • The daemon uses prePromptMessageCount to skip messages by array position — if the framework passes a stale value, messages are silently dropped before persistence
  • The daemon already has content-hash dedup (afterTurnIngestedKeys), so the positional skip is redundant for correctness

Fix

  • Kernel path: removed prePromptMessageCount forwarding
  • RPC path: replaced ...args spread with explicit { sessionId, sessionKey, userId, messages, isHeartbeat }
  • Both paths now let the daemon default prePromptMessageCount to 0, processing all messages; content-hash dedup catches any already-ingested

Test plan

  • npm run test:integration — all 30 pass
  • npm run test:ts — 72 pass, 10 pre-existing failures (unrelated, present on clean main)

Summary by CodeRabbit

  • Bug Fixes
    • Corrected internal data forwarding to exclude unnecessary fields from kernel communication handlers.

@xDarkicex @claude
fix: stop leaking prePromptMessageCount to daemon in afterTurn
926ed92 
The `...args` spread forwarded every framework-provided field to the
daemon — prePromptMessageCount, tokenBudget, runtimeContext. The daemon
uses prePromptMessageCount to skip messages by array position, and a
stale value from the framework silently drops messages before persistence.

The daemon already has content-hash dedup (afterTurnIngestedKeys), so
the positional prePromptMessageCount hint is redundant for correctness.
Strip it from both the kernel and RPC paths and use explicit params
instead of the spread.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 29, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The afterTurn implementation in context-engine.ts was modified to stop forwarding prePromptMessageCount and construct a minimal RPC payload containing only sessionId, sessionKey, userId, messages, and isHeartbeat instead of spreading all arguments. The test was updated accordingly to validate this behavior.

Changes

Cohort / File(s) Summary
Core Implementation
src/context-engine.ts		 Modified afterTurn method to exclude prePromptMessageCount from kernel handler and construct minimal RPC payload with only essential fields: sessionId, sessionKey, userId, messages, isHeartbeat.
Integration Test
test/integration/host-flow.test.ts		 Updated test to validate that prePromptMessageCount is stripped from RPC payload while confirming other fields remain forwarded as expected.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🐰 A payload trimmed so clean,
No extra fields clogging the stream,
The kernel whispers true,
Only what matters shines through—
Elegance in every RPC dream! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and clearly summarizes the main change: removing leaked prePromptMessageCount parameter from daemon RPC calls in afterTurn implementation.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
⚔️ Resolve merge conflicts
  • Resolve merge conflict in branch fix/afterturn-prePromptMessageCount-leak

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 60 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
test/integration/host-flow.test.ts (1)

460-473: Cover the full leaked-field set in this regression test.

This only proves prePromptMessageCount is stripped. The old ...args spread also leaked tokenBudget and runtimeContext, so it would be better to pass both here and assert they stay out of after_turn_kernel as well.

Suggested test tightening 
   await context.afterTurn({
     sessionId: "test-session",
     userId: "test-user",
     messages: mockMessages,
     prePromptMessageCount: 2,
     isHeartbeat: false,
+    tokenBudget: 1024,
+    runtimeContext: { currentTokenCount: 900 },
   });

   const params = rpc.getLastCall("after_turn_kernel");
   assert.ok(params, "Expected after_turn_kernel to be called");
   assert.equal(params.sessionId, "test-session");
   assert.equal(params.userId, "test-user");
   assert.equal("prePromptMessageCount" in params, false, "prePromptMessageCount must not leak to daemon — daemon defaults to 0 and uses content-hash dedup");
+  assert.equal("tokenBudget" in params, false, "tokenBudget must stay host-local");
+  assert.equal("runtimeContext" in params, false, "runtimeContext must stay host-local");
   assert.equal(params.isHeartbeat, false);
   assert.deepEqual(params.messages, mockMessages);
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@test/integration/host-flow.test.ts` around lines 460 - 473, The test
currently only asserts that prePromptMessageCount is stripped from the params
passed to after_turn_kernel; extend it to also verify that tokenBudget and
runtimeContext are not leaked: after calling context.afterTurn(...) and
retrieving params via rpc.getLastCall("after_turn_kernel"), add assertions that
"tokenBudget" and "runtimeContext" are not present on params (e.g.,
assert.equal("tokenBudget" in params, false) and assert.equal("runtimeContext"
in params, false)) while keeping the existing checks for sessionId, userId, and
isHeartbeat so the test ensures the full leaked-field set
(prePromptMessageCount, tokenBudget, runtimeContext) is stripped before the RPC
call.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@test/integration/host-flow.test.ts`:
- Around line 460-473: The test currently only asserts that
prePromptMessageCount is stripped from the params passed to after_turn_kernel;
extend it to also verify that tokenBudget and runtimeContext are not leaked:
after calling context.afterTurn(...) and retrieving params via
rpc.getLastCall("after_turn_kernel"), add assertions that "tokenBudget" and
"runtimeContext" are not present on params (e.g., assert.equal("tokenBudget" in
params, false) and assert.equal("runtimeContext" in params, false)) while
keeping the existing checks for sessionId, userId, and isHeartbeat so the test
ensures the full leaked-field set (prePromptMessageCount, tokenBudget,
runtimeContext) is stripped before the RPC call.
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5e7e085a-892e-42ac-93df-049839d762b4

📥 Commits

Reviewing files that changed from the base of the PR and between 6c3c64b and 926ed92.

📒 Files selected for processing (2)
  • src/context-engine.ts
  • test/integration/host-flow.test.ts

@xDarkicex xDarkicex closed this Apr 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xDarkicex