feat(idempotency): inject 'replayed: true' on cache hit (#714)#717
Merged
Conversation
…ity rule 4) Closes #714. ``IdempotencyStore.wrap`` now injects ``replayed: true`` at the envelope level on every cache hit, per AdCP L1/security idempotency rule 4. Buyer agents that key on the flag to suppress side effects (notifications, webhook dispatch, memory writes) get the signal natively instead of every seller subclassing the store to re-implement the wrap path just for this one boolean. The flag is applied to the cloned response (returned to the caller), not the cached entry — multiple replays of the same key all carry exactly one ``replayed: true`` without compounding through cache poisoning. The ``isinstance(dict)`` guard preserves the path under future widenings of ``CachedResponse.response`` (today typed as ``dict[str, Any]``, but adopters have been caught caching Pydantic envelopes; the guard keeps the contract safe). Also resolves contradictory docs: the store-level docstring already described this behavior (aspirationally); the ``CachedResponse`` docstring claimed sellers inject the flag (matching the prior implementation reality). Updated ``CachedResponse`` to point at the store as the owner. Migration: adopters who built ``replayed: true`` injection themselves (e.g. salesagent's ``_ReplayMarkingStore``) see the flag set twice in a row — idempotent — and can delete their custom wrap on the next bump. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Drop the ``isinstance(replay, dict)`` guard. ``CachedResponse.response`` is typed ``dict[str, Any]``; the guard was documenting an off-spec adopter pattern (caching Pydantic envelopes) rather than fixing or rejecting it. Per the project's no-fallbacks rule, trust the contract and let a type violation surface loudly via TypeError if it ever does occur in production. - Rewrite ``test_replay_flag_does_not_compound_across_retries`` → ``test_replay_flag_does_not_poison_cached_entry``. The original test passed for the wrong reason — ``_clone_response`` deep-copies on every read, so the mutation on ``r2`` was always a no-op regardless of where the injection landed. The new test peeks at the backend directly and asserts ``"replayed" not in cached.response`` both before and after a replay, which actually exercises "inject on the clone, not the cached entry." Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
bokelley
changed the title
… flag (#717) CI on PR #717 failed because two test sites outside the immediate ``tests/test_server_idempotency.py`` module assert ``r1 == r2`` on idempotent replay — both now need the same ``replayed: true``-tolerant comparison: - ``tests/test_server_caller_identity.py::TestEndToEndIdempotencyViaTransport::test_a2a_transport_identity_enables_middleware_dedup`` - ``tests/conformance/decisioning/test_pg_idempotency_backend.py::test_idempotency_store_replays_via_pg_backend`` Both now assert the replay envelope carries ``replayed: true`` and the rest of the response is identical to the first call. Caught locally in the full test sweep after the CI red surfaced these two. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #714.
Summary
IdempotencyStore.wrapnow injectsreplayed: trueat the envelope level on every cache hit per AdCP L1/security idempotency rule 4.replayed: trueand never compound.CachedResponsedocstring updated: the prior text said sellers were responsible for the flag, but the matching store-level docstring (already in place) described the library doing it. Library is now the authoritative owner; the two docstrings agree.Test plan
test_replay_flag_does_not_compound_across_retries— verifies the flag stays on the cloned response and a caller mutating the replay envelope can't bleed back into the cached entry.test_cache_hit_replays_without_handler_call— first call carries noreplayed, replay carriesreplayed: true, all other fields identical.tests/test_server_idempotency.pypass after migrating to_without_replay_flag()for content-equivalence assertions.test_idempotency.py,test_validate_idempotency_wiring.py,test_idempotency_storyboard.py) pass.ruff check+mypyclean.Migration
Adopters who built
replayed: trueinjection themselves (e.g. salesagent's_ReplayMarkingStore) see the flag set twice in a row — idempotent — and can delete their custom wrap on the next bump.🤖 Generated with Claude Code