Skip to content

fix: Security hardening and PESAgent result handling#40

Merged
hashangit merged 5 commits intomainfrom
release/0.4.7
Dec 26, 2025
Merged

fix: Security hardening and PESAgent result handling#40
hashangit merged 5 commits intomainfrom
release/0.4.7

Conversation

@hashangit
Copy link
Copy Markdown
Collaborator

@hashangit hashangit commented Dec 26, 2025

Fixes #39 and addresses security vulnerabilities.

Changes

  1. Security Hardening:
    • Implemented input sanitization for JSON markers to prevent prompt injection.
    • Added guardrails to the synthesis system prompt to prevent system prompt leakage.
  2. PESAgent Fixes (Issue Bug: PESAgent item.result is undefined when tool calls occur during execution #39):
    • Fixed being undefined when tool calls occur without final content.
    • Implemented fallback to use the last tool output as the result.
    • Improved context building to include tool results in the prompt for subsequent steps.
    • Enhanced state persistence to properly store and retrieve tool results.

@hashangit
docs: add Tool-Aware Execution and HITL details to PES Agent concepts
0009715
@hashangit
docs: add HITL pausing guide and update PES Agent concepts
ef97ee7
@hashangit
fix(pes-agent): Robust result capture, fallback, and HITL resumption
45b3c2f 
- Fixed critical issue where execution loops terminating without explicit content (e.g., max iterations) failed to populate `item.result`.
- Implemented smart fallback to the *last* tool result if LLM content is missing or empty.
- Updated `completedItemsContext` and synthesis prompts to use tool result fallbacks, preventing 'undefined' context.
- Fixed HITL resumption bug where state wasn't reset, causing the loop to skip the resumed item.
- Ensured A2A task results are captured in `allToolResults` for proper fallback handling.
- Added comprehensive regression test `test/pes-agent-result.test.ts` covering result population, max loop fallback, A2A integration, and full state resumption flow.
- Bumped version to 0.4.7.
@hashangit
chore: bump version to 0.4.7 and update documentation
729009b 
- Updated core version in src/index.ts and package files.
- Regenerated API and site documentation in docs/components.
- Fixed TypeScript comparison error in PES Agent execution loop.
- Updated marketing site release notes and hero section.
- Synchronized typedoc configurations to use consistent docs/ path.
@hashangit
fix(security): prevent prompt injection via marker sanitization and a…
490fd78 
…dd prompt leakage guardrails
@hashangit hashangit merged commit f54929a into main Dec 26, 2025
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist Bot commented Dec 26, 2025

Summary of Changes

Hello @hashangit, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the stability and security of the ART framework. It resolves critical issues related to how the PESAgent handles tool call results and state persistence, ensuring more reliable agent execution. Concurrently, it introduces significant security measures to safeguard against prompt injection and system prompt leakage, bolstering the overall robustness of the system.

Highlights

  • Security Hardening: Implemented input sanitization for JSON markers to prevent prompt injection and added guardrails to the synthesis system prompt to prevent system prompt leakage.
  • PESAgent Result Handling: Fixed issues where 'item.result' was undefined when tool calls occurred without final content. Introduced fallback logic to use the last tool output as the result, improved context building to include tool results in subsequent steps, and enhanced state persistence.
  • HITL Resumption Fixes: Addressed bugs where resuming from a suspended state failed to reset 'isPaused' and item status, preventing the execution loop from skipping resumed tasks. Ensured Agent-to-Agent (A2A) task results are correctly captured and used in the result fallback chain.
  • Regression Testing: Added a new regression test file, 'test/pes-agent-result.test.ts', with deep state verification to prevent future regressions in PESAgent's result population and resumption flows.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@hashangit hashangit deleted the release/0.4.7 branch December 26, 2025 21:08
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Dec 26, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces important security hardening measures and fixes for the PESAgent's result handling, as described. The provided changes focus on updating documentation, the changelog, and version numbers. My review of these files suggests adding the security enhancements to the changelog to ensure it is a complete record of the changes in this version.

Comment thread CHANGELOG.md
Comment on lines +5 to +7
## [0.4.7] - 2025-12-27

### 🛠️ Stability & Robustness (PES Agent)
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The changelog is missing the security hardening changes mentioned in the pull request description. It would be beneficial to add a "Security" section to this changelog entry to document the input sanitization and system prompt guardrail improvements. This ensures the changelog is a complete record of all significant changes in this version.

For example:

### 🔒 Security
- **Prompt Injection Prevention**: Implemented input sanitization for JSON markers to guard against prompt injection attacks.
- **System Prompt Protection**: Added guardrails to the synthesis system prompt to prevent leakage of sensitive instructions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: PESAgent item.result is undefined when tool calls occur during execution

1 participant

@hashangit