mirror of
https://github.com/claude-code-best/claude-code.git
synced 2026-06-22 00:05:51 +00:00
fix: bound agent communication memory growth (#369)
* fix: bound agent communication memory growth UDS messaging now uses private local capabilities instead of exposing auth tokens through SDK metadata, environment variables, session registry, peer listing, or tool output. The receive path bounds NDJSON frames, response buffers, active clients, and pending inbox bytes, and strips auth metadata before messages enter the prompt queue. Teammate mailboxes now validate file and message sizes, fail closed on corrupt mutation inputs, compact by count and retained bytes, and use stable message identity for in-process acknowledgements. Agent summaries now fork only a bounded recent context using lazy size estimation and content fingerprints instead of retaining or serializing unbounded histories. Constraint: PR #361 was already merged; this branch is based on upstream/main@c2ac9a74. Rejected: Default-disabling COORDINATOR_MODE/TEAMMEM only | explicit feature enablement still hit unbounded paths. Rejected: Persisting UDS auth in SDK/env/session registry | bridge/remote metadata can leak local capability secrets. Rejected: Inline uds #token addresses | observable/tool/classifier paths can reflect raw addresses outside the UDS request frame. Rejected: Positional mailbox marking after compaction | compaction can shift indices across the lock boundary. Confidence: high Scope-risk: moderate Directive: Do not expose UDS capability tokens through SDK messages, environment variables, session registry, peer-list output, or SendMessage result/classifier surfaces. Directive: Do not reintroduce positional mailbox acknowledgements unless compaction is removed or read+mark is atomic under one lock. Tested: bun test src/utils/__tests__/ndjsonFramer.test.ts src/utils/__tests__/udsMessaging.test.ts packages/builtin-tools/src/tools/SendMessageTool/__tests__/udsRecipientSanitization.test.ts Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: bunx biome lint modified src/package files Tested: bun run test:all (3704 pass, 0 fail, 6734 expects) Tested: bun audit (No vulnerabilities found) Tested: bun run build Tested: bun run build:vite Tested: git diff --check Not-tested: End-to-end external UDS client driving a full production headless model turn. * fix: harden bounded agent communication review fixes CodeRabbit and Codecov surfaced real gaps in UDS framing, peer discovery, mailbox retention, and summary context coverage. This tightens those paths without suppressing review or coverage signals. Constraint: PR #369 must address CodeRabbit and Codecov findings without warning suppression or fake fallbacks Rejected: Suppress Codecov or CodeRabbit warnings | leaves real receive-path and test-isolation gaps Rejected: Add unreachable feature-gated tests | bun:bundle keeps those branches compile-time gated in local tests Confidence: high Scope-risk: moderate Directive: Keep UDS auth-token rejection outside feature flags; do not reintroduce inline token fallbacks Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage; bun run test:all; bun run lint; bun run build; bun run build:vite; bun audit; git diff --cached --check Not-tested: Remote Codecov/CodeRabbit refreshed reports until pushed * fix: prevent agent communication bounds from hiding CI regressions Tighten the UDS auth, framing, and response-reader boundaries while keeping the AgentSummary lifecycle covered so Codecov and CI fail on real regressions instead of missing coverage. The poorMode settings mock mirrors unrelated real settings defaults to avoid Bun mock retention changing later permission tests. Constraint: PR #369 must fix Codecov/CI precisely without warning suppression, fallback masking, or mock pollution Rejected: Delete AgentSummary lifecycle coverage | would hide Codecov loss and stale-summary behavior Rejected: Store inline UDS rejection in a hidden input sentinel | cloned observable inputs can drop it and bypass rejection Rejected: Ignore malformed UDS frames until timeout | leaves client slots and SendMessage calls open to exhaustion Confidence: high Scope-risk: moderate Directive: Keep empty #token= markers rejected; do not require a non-empty token value in hasInlineUdsToken Tested: bun test packages/builtin-tools/src/tools/SendMessageTool/__tests__/udsRecipientSanitization.test.ts src/utils/__tests__/udsMessaging.test.ts src/utils/__tests__/udsResponseReader.test.ts src/utils/__tests__/ndjsonFramer.test.ts Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage Tested: bun run test:all Tested: bun audit Tested: bun run build Tested: bun run build:vite Not-tested: GitHub-hosted Codecov upload until pushed PR checks rerun --------- Co-authored-by: unraid <local@unraid.local>
This commit is contained in:
Dosion
462
src/utils/__tests__/teammateMailbox.test.ts
Normal file
462
src/utils/__tests__/teammateMailbox.test.ts
Normal file
@@ -0,0 +1,462 @@
|
||||
import { afterEach, beforeEach, describe, expect, test } from 'bun:test'
|
||||
import { mkdir, readFile, rm, writeFile } from 'node:fs/promises'
|
||||
import { mkdtempSync } from 'node:fs'
|
||||
import { tmpdir } from 'node:os'
|
||||
import { dirname, join } from 'node:path'
|
||||
import type { Message } from 'src/types/message.js'
|
||||
import {
|
||||
compactMailboxMessages,
|
||||
getLastPeerDmSummary,
|
||||
getInboxPath,
|
||||
markMessageAsReadByIndex,
|
||||
markMessageAsReadByIdentity,
|
||||
markMessagesAsRead,
|
||||
markMessagesAsReadByPredicate,
|
||||
MAX_MAILBOX_MESSAGE_TEXT_BYTES,
|
||||
MAX_MAILBOX_FILE_BYTES,
|
||||
MAX_MAILBOX_MESSAGES,
|
||||
MAX_READ_MAILBOX_MESSAGES,
|
||||
MAX_UNREAD_PROTOCOL_MAILBOX_MESSAGES,
|
||||
readMailbox,
|
||||
type TeammateMessage,
|
||||
writeToMailbox,
|
||||
} from 'src/utils/teammateMailbox.js'
|
||||
|
||||
let tempHome = ''
|
||||
let previousConfigDir: string | undefined
|
||||
|
||||
function message(
|
||||
text: string,
|
||||
read: boolean,
|
||||
timestamp = new Date(0).toISOString(),
|
||||
): TeammateMessage {
|
||||
return {
|
||||
from: 'team-lead',
|
||||
text,
|
||||
timestamp,
|
||||
read,
|
||||
}
|
||||
}
|
||||
|
||||
async function seedMailbox(
|
||||
agentName: string,
|
||||
teamName: string,
|
||||
messages: TeammateMessage[],
|
||||
): Promise<void> {
|
||||
const inboxPath = getInboxPath(agentName, teamName)
|
||||
await mkdir(dirname(inboxPath), { recursive: true })
|
||||
await writeFile(inboxPath, JSON.stringify(messages, null, 2), 'utf-8')
|
||||
}
|
||||
|
||||
async function readRawMailbox(
|
||||
agentName: string,
|
||||
teamName: string,
|
||||
): Promise<TeammateMessage[]> {
|
||||
const content = await readFile(getInboxPath(agentName, teamName), 'utf-8')
|
||||
return JSON.parse(content) as TeammateMessage[]
|
||||
}
|
||||
|
||||
describe('compactMailboxMessages', () => {
|
||||
test('prioritizes unread messages and keeps only recent read history', () => {
|
||||
const compacted = compactMailboxMessages(
|
||||
[
|
||||
message('read-1', true),
|
||||
message('read-2', true),
|
||||
message('unread-1', false),
|
||||
message('read-3', true),
|
||||
message('unread-2', false),
|
||||
message('read-4', true),
|
||||
message('read-5', true),
|
||||
message('unread-3', false),
|
||||
],
|
||||
{ maxMessages: 5, maxReadMessages: 2 },
|
||||
)
|
||||
|
||||
expect(compacted.map(m => m.text)).toEqual([
|
||||
'unread-1',
|
||||
'unread-2',
|
||||
'read-4',
|
||||
'read-5',
|
||||
'unread-3',
|
||||
])
|
||||
})
|
||||
|
||||
test('retains unread protocol messages separately from regular cap', () => {
|
||||
const protocol = message(
|
||||
JSON.stringify({ type: 'permission_response', request_id: 'req-1' }),
|
||||
false,
|
||||
)
|
||||
const compacted = compactMailboxMessages(
|
||||
[
|
||||
protocol,
|
||||
...Array.from({ length: 5 }, (_value, index) =>
|
||||
message(`regular-${index}`, false),
|
||||
),
|
||||
],
|
||||
{
|
||||
maxMessages: 2,
|
||||
maxReadMessages: 0,
|
||||
maxUnreadProtocolMessages: 1,
|
||||
},
|
||||
)
|
||||
|
||||
expect(compacted.map(m => m.text)).toEqual([
|
||||
protocol.text,
|
||||
'regular-3',
|
||||
'regular-4',
|
||||
])
|
||||
})
|
||||
|
||||
test('does not prioritize malformed JSON-like unread messages as protocol', () => {
|
||||
const compacted = compactMailboxMessages(
|
||||
[
|
||||
message('{not-json', false),
|
||||
message('regular-1', false),
|
||||
message('regular-2', false),
|
||||
],
|
||||
{
|
||||
maxMessages: 1,
|
||||
maxReadMessages: 0,
|
||||
maxUnreadProtocolMessages: 10,
|
||||
},
|
||||
)
|
||||
|
||||
expect(compacted.map(m => m.text)).toEqual(['regular-2'])
|
||||
})
|
||||
|
||||
test('caps unread protocol messages with an independent bound', () => {
|
||||
const compacted = compactMailboxMessages(
|
||||
Array.from(
|
||||
{ length: MAX_UNREAD_PROTOCOL_MAILBOX_MESSAGES + 1 },
|
||||
(_value, index) =>
|
||||
message(
|
||||
JSON.stringify({
|
||||
type: 'permission_response',
|
||||
request_id: `req-${index}`,
|
||||
}),
|
||||
false,
|
||||
),
|
||||
),
|
||||
)
|
||||
|
||||
expect(compacted).toHaveLength(MAX_UNREAD_PROTOCOL_MAILBOX_MESSAGES)
|
||||
expect(compacted[0]?.text).toContain('req-1')
|
||||
})
|
||||
|
||||
test('keeps retained mailbox bytes under an explicit budget', () => {
|
||||
const compacted = compactMailboxMessages(
|
||||
Array.from({ length: 20 }, (_value, index) =>
|
||||
message(`msg-${index}-${'x'.repeat(200)}`, false),
|
||||
),
|
||||
{
|
||||
maxMessages: 20,
|
||||
maxReadMessages: 0,
|
||||
maxRetainedBytes: 1_000,
|
||||
},
|
||||
)
|
||||
|
||||
expect(
|
||||
Buffer.byteLength(JSON.stringify(compacted), 'utf8'),
|
||||
).toBeLessThanOrEqual(1_000)
|
||||
expect(compacted.length).toBeLessThan(20)
|
||||
expect(compacted.at(-1)?.text).toContain('msg-19')
|
||||
})
|
||||
|
||||
test('returns an empty mailbox when even one message exceeds retained budget', () => {
|
||||
const compacted = compactMailboxMessages([message('too-large', false)], {
|
||||
maxMessages: 10,
|
||||
maxReadMessages: 0,
|
||||
maxRetainedBytes: 1,
|
||||
})
|
||||
|
||||
expect(compacted).toEqual([])
|
||||
})
|
||||
})
|
||||
|
||||
describe('teammate mailbox retention', () => {
|
||||
beforeEach(() => {
|
||||
previousConfigDir = process.env.CLAUDE_CONFIG_DIR
|
||||
tempHome = mkdtempSync(join(tmpdir(), 'teammate-mailbox-'))
|
||||
process.env.CLAUDE_CONFIG_DIR = tempHome
|
||||
})
|
||||
|
||||
afterEach(async () => {
|
||||
if (previousConfigDir === undefined) {
|
||||
delete process.env.CLAUDE_CONFIG_DIR
|
||||
} else {
|
||||
process.env.CLAUDE_CONFIG_DIR = previousConfigDir
|
||||
}
|
||||
await rm(tempHome, { recursive: true, force: true })
|
||||
tempHome = ''
|
||||
})
|
||||
|
||||
test('writeToMailbox compacts oversized unread inbox files', async () => {
|
||||
const existing = Array.from(
|
||||
{ length: MAX_MAILBOX_MESSAGES + 20 },
|
||||
(_value, index) => message(`old-${index}`, false),
|
||||
)
|
||||
await seedMailbox('worker', 'alpha', existing)
|
||||
|
||||
await writeToMailbox(
|
||||
'worker',
|
||||
{
|
||||
from: 'team-lead',
|
||||
text: 'newest',
|
||||
timestamp: new Date(1).toISOString(),
|
||||
},
|
||||
'alpha',
|
||||
)
|
||||
|
||||
const after = await readMailbox('worker', 'alpha')
|
||||
expect(after).toHaveLength(MAX_MAILBOX_MESSAGES)
|
||||
expect(after[0]?.text).toBe('old-21')
|
||||
expect(after.at(-1)?.text).toBe('newest')
|
||||
})
|
||||
|
||||
test('markMessagesAsRead compacts read history after consumption', async () => {
|
||||
const existing = Array.from(
|
||||
{ length: MAX_MAILBOX_MESSAGES + 20 },
|
||||
(_value, index) => message(`msg-${index}`, false),
|
||||
)
|
||||
await seedMailbox('worker', 'alpha', existing)
|
||||
|
||||
await markMessagesAsRead('worker', 'alpha')
|
||||
|
||||
const after = await readRawMailbox('worker', 'alpha')
|
||||
expect(after).toHaveLength(MAX_READ_MAILBOX_MESSAGES)
|
||||
expect(after.every(m => m.read)).toBe(true)
|
||||
expect(after[0]?.text).toBe(
|
||||
`msg-${MAX_MAILBOX_MESSAGES + 20 - MAX_READ_MAILBOX_MESSAGES}`,
|
||||
)
|
||||
})
|
||||
|
||||
test('markMessagesAsReadByPredicate leaves structured messages unread', async () => {
|
||||
await seedMailbox('worker', 'alpha', [
|
||||
message('plain', false),
|
||||
message(JSON.stringify({ type: 'permission_request' }), false),
|
||||
])
|
||||
|
||||
await markMessagesAsReadByPredicate(
|
||||
'worker',
|
||||
m => !m.text.includes('permission_request'),
|
||||
'alpha',
|
||||
)
|
||||
|
||||
const after = await readRawMailbox('worker', 'alpha')
|
||||
expect(after.map(m => m.read)).toEqual([true, false])
|
||||
})
|
||||
|
||||
test('markMessageAsReadByIdentity survives compaction shifting indexes', async () => {
|
||||
const permissionResponse = message(
|
||||
JSON.stringify({ type: 'permission_response', request_id: 'req-1' }),
|
||||
false,
|
||||
)
|
||||
await seedMailbox('worker', 'alpha', [
|
||||
permissionResponse,
|
||||
...Array.from({ length: MAX_MAILBOX_MESSAGES + 20 }, (_value, index) =>
|
||||
message(`regular-${index}`, false),
|
||||
),
|
||||
])
|
||||
|
||||
await writeToMailbox(
|
||||
'worker',
|
||||
{
|
||||
from: 'team-lead',
|
||||
text: 'newest',
|
||||
timestamp: new Date(2).toISOString(),
|
||||
},
|
||||
'alpha',
|
||||
)
|
||||
const marked = await markMessageAsReadByIdentity(
|
||||
'worker',
|
||||
'alpha',
|
||||
permissionResponse,
|
||||
)
|
||||
|
||||
const after = await readRawMailbox('worker', 'alpha')
|
||||
expect(marked).toBe(true)
|
||||
expect(after.some(m => m.text === permissionResponse.text && !m.read)).toBe(
|
||||
false,
|
||||
)
|
||||
})
|
||||
|
||||
test('markMessageAsReadByIndex also compacts through the compatibility path', async () => {
|
||||
const existing = Array.from(
|
||||
{ length: MAX_MAILBOX_MESSAGES + 10 },
|
||||
(_value, index) => message(`msg-${index}`, false),
|
||||
)
|
||||
await seedMailbox('worker', 'alpha', existing)
|
||||
|
||||
await markMessageAsReadByIndex('worker', 'alpha', existing.length - 1)
|
||||
|
||||
const after = await readRawMailbox('worker', 'alpha')
|
||||
expect(after).toHaveLength(MAX_MAILBOX_MESSAGES)
|
||||
expect(after.some(m => m.text === `msg-${existing.length - 1}`)).toBe(false)
|
||||
expect(after.at(-1)?.text).toBe(`msg-${existing.length - 2}`)
|
||||
})
|
||||
|
||||
test('writeToMailbox rejects oversized message text instead of storing it', async () => {
|
||||
await expect(
|
||||
writeToMailbox(
|
||||
'worker',
|
||||
{
|
||||
from: 'team-lead',
|
||||
text: 'x'.repeat(MAX_MAILBOX_MESSAGE_TEXT_BYTES + 1),
|
||||
timestamp: new Date(3).toISOString(),
|
||||
},
|
||||
'alpha',
|
||||
),
|
||||
).rejects.toThrow('Mailbox message text exceeds')
|
||||
|
||||
expect(await readRawMailbox('worker', 'alpha')).toEqual([])
|
||||
})
|
||||
|
||||
test('writeToMailbox fails closed when an existing mailbox is corrupt', async () => {
|
||||
const inboxPath = getInboxPath('worker', 'alpha')
|
||||
await mkdir(dirname(inboxPath), { recursive: true })
|
||||
await writeFile(inboxPath, '{not-json', 'utf-8')
|
||||
|
||||
await expect(
|
||||
writeToMailbox(
|
||||
'worker',
|
||||
{
|
||||
from: 'team-lead',
|
||||
text: 'new',
|
||||
timestamp: new Date(4).toISOString(),
|
||||
},
|
||||
'alpha',
|
||||
),
|
||||
).rejects.toThrow()
|
||||
|
||||
expect(await readFile(inboxPath, 'utf-8')).toBe('{not-json')
|
||||
})
|
||||
|
||||
test('readMailbox fails closed on corrupt mailbox content', async () => {
|
||||
const inboxPath = getInboxPath('worker', 'alpha')
|
||||
await mkdir(dirname(inboxPath), { recursive: true })
|
||||
await writeFile(inboxPath, '{not-json', 'utf-8')
|
||||
|
||||
await expect(readMailbox('worker', 'alpha')).rejects.toThrow()
|
||||
})
|
||||
|
||||
test('readMailbox rejects non-array mailbox files', async () => {
|
||||
const inboxPath = getInboxPath('worker', 'alpha')
|
||||
await mkdir(dirname(inboxPath), { recursive: true })
|
||||
await writeFile(inboxPath, JSON.stringify({ text: 'not an array' }), 'utf-8')
|
||||
|
||||
await expect(readMailbox('worker', 'alpha')).rejects.toThrow(
|
||||
'expected message array',
|
||||
)
|
||||
})
|
||||
|
||||
test('readMailbox rejects malformed stored message shapes', async () => {
|
||||
const inboxPath = getInboxPath('worker', 'alpha')
|
||||
await mkdir(dirname(inboxPath), { recursive: true })
|
||||
await writeFile(
|
||||
inboxPath,
|
||||
JSON.stringify([{ from: 'lead', text: 'missing timestamp' }]),
|
||||
'utf-8',
|
||||
)
|
||||
|
||||
await expect(readMailbox('worker', 'alpha')).rejects.toThrow(
|
||||
'Invalid mailbox message shape',
|
||||
)
|
||||
})
|
||||
|
||||
test('readMailbox rejects non-object stored messages', async () => {
|
||||
const inboxPath = getInboxPath('worker', 'alpha')
|
||||
await mkdir(dirname(inboxPath), { recursive: true })
|
||||
await writeFile(inboxPath, JSON.stringify(['not an object']), 'utf-8')
|
||||
|
||||
await expect(readMailbox('worker', 'alpha')).rejects.toThrow(
|
||||
'expected object',
|
||||
)
|
||||
})
|
||||
|
||||
test('readMailbox rejects oversized mailbox files before parsing', async () => {
|
||||
const inboxPath = getInboxPath('worker', 'alpha')
|
||||
await mkdir(dirname(inboxPath), { recursive: true })
|
||||
await writeFile(inboxPath, `[${' '.repeat(MAX_MAILBOX_FILE_BYTES)}]`, 'utf-8')
|
||||
|
||||
await expect(readMailbox('worker', 'alpha')).rejects.toThrow(
|
||||
'Mailbox file exceeds',
|
||||
)
|
||||
})
|
||||
|
||||
test('markMessageAsReadByIdentity returns false for missing mailbox files', async () => {
|
||||
await expect(
|
||||
markMessageAsReadByIdentity('worker', 'alpha', message('absent', false)),
|
||||
).resolves.toBe(false)
|
||||
})
|
||||
|
||||
test('markMessageAsReadByIdentity returns false when the expected message moved out', async () => {
|
||||
await seedMailbox('worker', 'alpha', [message('other', false)])
|
||||
|
||||
await expect(
|
||||
markMessageAsReadByIdentity('worker', 'alpha', message('missing', false)),
|
||||
).resolves.toBe(false)
|
||||
|
||||
expect((await readRawMailbox('worker', 'alpha'))[0]?.read).toBe(false)
|
||||
})
|
||||
|
||||
test('markMessageAsReadByIdentity returns false on corrupt mailbox content', async () => {
|
||||
const inboxPath = getInboxPath('worker', 'alpha')
|
||||
await mkdir(dirname(inboxPath), { recursive: true })
|
||||
await writeFile(inboxPath, '{not-json', 'utf-8')
|
||||
|
||||
await expect(
|
||||
markMessageAsReadByIdentity('worker', 'alpha', message('missing', false)),
|
||||
).resolves.toBe(false)
|
||||
})
|
||||
})
|
||||
|
||||
describe('getLastPeerDmSummary', () => {
|
||||
test('extracts the final peer direct-message summary from assistant tool use', () => {
|
||||
const messages = [
|
||||
{ type: 'user', message: { content: 'wake up' } },
|
||||
{
|
||||
type: 'assistant',
|
||||
message: {
|
||||
content: [
|
||||
{
|
||||
type: 'tool_use',
|
||||
name: 'SendMessage',
|
||||
input: {
|
||||
to: 'worker-1',
|
||||
message: 'please check the UDS bounds',
|
||||
summary: 'Checking UDS bounds',
|
||||
},
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
] as unknown as Message[]
|
||||
|
||||
expect(getLastPeerDmSummary(messages)).toBe(
|
||||
'[to worker-1] Checking UDS bounds',
|
||||
)
|
||||
})
|
||||
|
||||
test('stops peer direct-message summary search at the wake-up boundary', () => {
|
||||
const messages = [
|
||||
{
|
||||
type: 'assistant',
|
||||
message: {
|
||||
content: [
|
||||
{
|
||||
type: 'tool_use',
|
||||
name: 'SendMessage',
|
||||
input: {
|
||||
to: 'worker-1',
|
||||
message: 'old message',
|
||||
},
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
{ type: 'user', message: { content: 'new prompt' } },
|
||||
] as unknown as Message[]
|
||||
|
||||
expect(getLastPeerDmSummary(messages)).toBeUndefined()
|
||||
})
|
||||
})
|
||||
Reference in New Issue
Block a user