feat(gastown): pass GASTOWN_TOWN_ID to container on provision#2095
Closed
Conversation
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
Contributor
Code Review SummaryStatus: 3 Issues Found | Recommendation: Address before merge Overview
Fix these issues in Kilo Cloud Issue Details (click to expand)WARNING
Other Observations (not in diff)The earlier direct-merge starvation caused by fast-tracking beads without a real Files Reviewed (3 files)
Reviewed by gpt-5.4-2026-03-05 · 816,617 tokens |
jrf0110
changed the base branch from
main
to
convoy/feat-gastown-kv-backed-agent-session-per/7c6697d6/head
- Sanitize HTML comments and tags from review comment bodies before interpolating into LLM prompt to prevent prompt injection attacks (Town.do.ts:4384) - Track fast-tracked MR bead IDs in a Set and exclude them from Rules 5-6 dispatch logic so refinery isn't dispatched for beads that were transitioned to in_progress in the same reconciliation pass (reconciler.ts:1180)
…de_review disabled
Contributor
Author
|
|
jrf0110
pushed a commit
that referenced
this pull request
Apr 7, 2026
- Prompt injection fix (Town.do.ts): Escape comment bodies with backslash escaping for backslashes, backticks, and newlines. Wrap each comment in inline code fences and each thread in a fenced code block. - Direct-merge regression fix (reconciler.ts): Only fast-track PR-strategy open MR beads (those with pr_url IS NOT NULL) when code_review=false. Direct-merge MRs (no pr_url) now remain in 'open' status so Rules 5-6 can properly dispatch the refinery to perform the merge.
jrf0110
force-pushed
the
convoy/feat-gastown-kv-backed-agent-session-per/7c6697d6/gt/birch/0e4a0c91
branch
from
1fab718 to
9b5b6d4
Compare
jrf0110
pushed a commit
that referenced
this pull request
Apr 7, 2026
- Town.do.ts: Escape backslashes, backticks, and newlines in review comment text before interpolating into LLM prompt to mitigate prompt injection risk from malicious reviewer comments. - reconciler.ts: Only fast-track PR-strategy MR beads (those with pr_url) when code_review=false. Direct-merge MR beads (no pr_url) still need the refinery to perform the merge and must not be fast-tracked.
jrf0110
pushed a commit
that referenced
this pull request
Apr 7, 2026
- container-dispatch.ts: restore GASTOWN_TOWN_ID env var in ensureContainerToken and forceRefreshContainerToken - reconciler.ts: exclude empty-string pr_url in Rule 1 and Rule 4 to prevent misclassifying empty-string URLs as PR-strategy beads - Town.do.ts: wrap commentText in triple backtick code fences to prevent prompt injection in LLM merge gate
jrf0110
force-pushed
the
convoy/feat-gastown-kv-backed-agent-session-per/7c6697d6/gt/birch/0e4a0c91
branch
from
9b5b6d4 to
2e68e14
Compare
jrf0110
force-pushed
the
convoy/feat-gastown-kv-backed-agent-session-per/7c6697d6/gt/birch/0e4a0c91
branch
from
2e68e14 to
6d83d57
Compare
Contributor
Author
|
Closing duplicate/broken PR. This work is correctly tracked in PR #2099. |
jrf0110
pushed a commit
that referenced
this pull request
Apr 7, 2026
- Town.do.ts: escape backticks in comment bodies to prevent prompt injection - reconciler.ts: filter oldestMr query to exclude PR-strategy beads (pr_url IS NOT NULL), ensuring Rules 5-6 only processes direct-merge beads
jrf0110
pushed a commit
that referenced
this pull request
Apr 7, 2026
jrf0110
pushed a commit
that referenced
this pull request
Apr 7, 2026
- reconciler.ts: filter oldestMr query to only direct-merge beads (pr_url IS NULL), preventing PR-strategy beads from slipping into refinery dispatch
jrf0110
pushed a commit
that referenced
this pull request
Apr 8, 2026
- Town.do.ts: areThreadsBlocking now filters to only unresolved threads, returning false early when no unresolved threads remain. This prevents resolved threads from being interpolated into the LLM prompt. - reconciler.ts: Count only this rig's fast-tracked beads when computing blockingCount, not all rigs' fast-tracked beads combined. The PR-strategy MR fast-track comment (reconciler.ts:1166) was addressed in an earlier revision: beads are only fast-tracked when pr_url is populated, which excludes direct-merge beads.
jrf0110
commented
Apr 8, 2026
Contributor
Author
jrf0110
left a comment
jrf0110
left a comment
There was a problem hiding this comment.
All review comments have been addressed:
-
Town.do.ts:4384 (Prompt injection) - Fixed by filtering threads to only unresolved ones before processing. Returns false early when no unresolved threads remain.
-
reconciler.ts:1259 (Global fast-track count) - Fixed by filtering fastTrackedBeadIds to only count beads belonging to the current rig_id.
-
reconciler.ts:1166 (PR-strategy pr_url pending) - The current implementation correctly only fast-tracks beads with non-empty pr_url. Beads with null pr_url remain in 'open' status and Rules 5-6 will dispatch the refinery normally.
jrf0110
pushed a commit
that referenced
this pull request
Apr 8, 2026
- Town.do.ts: areThreadsBlocking filters to only unresolved threads, returning false early when no unresolved threads remain. - reconciler.ts: Add fastTrackedBeadIds Set, filter fast-track query to only PR-strategy beads (with pr_url), and count only this rig's fast-tracked beads when computing blockingCount.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
GASTOWN_TOWN_IDenv var in bothensureContainerToken()andforceRefreshContainerToken()incontainer-dispatch.tsto ensure containers know their town identity on cold boot.Town.do.ts— comment bodies are escaped for backslashes, backticks, and newlines, with each comment wrapped in inline code fences and each thread in a fenced code block.fastTrackedBeadIdsSet inreconciler.tsto track all MR beads transitioned toin_progressin the same reconciliation pass. Rules 5-6 now exclude these beads via SQL NOT IN clauses, preventing same-tick refinery dispatch.Verification
Visual Changes
N/A
Reviewer Notes
N/A