Skip to content

Timeout then tool errors with Devstral-Medium #2865

@agileandy

Description

@agileandy

Keep getting an ongoing error using Devstral-Medium.

Here is the relevent snipper of the conversation.

Read src/phase3_vulnerability_assessment.py

"""
Phase 3: Vulnerability Assessment and PR Simulation
Analyzes scan results and generates simulated pull request remediation proposals
"""

import logging

Now I understand how the simulated PRs are generated. The issue is that the current implementation is using generic fixes that just add comments instead of actual code fixes. Let
me modify the generate_fix_for_vulnerability method to use the fix templates properly.

Let me check the current fix templates to understand what we have available:
Build devstral-medium-2507 (07:54 AM)

Read src/phase3_vulnerability_assessment.py (limit=100, offset=40)

        self.fix_templates = {
            "insecure_random_python": {
                "patterns": [r"random\.random\(\)", r"random\.randint\(", r"random\.choice\("],
                "fixes": {
                    r"random\.random\(\)": "secrets.token_hex(16)",
                    r"random\.randint\(([^)]+)\)": r"secrets.randbelow(\1)",

Now let me check the generate_fix_for_vulnerability method to understand how it's currently working:
Build devstral-medium-2507 (07:54 AM)

Read src/phase3_vulnerability_assessment.py (limit=240, offset=180)

            elif "command" in vulnerability_type:
                return "command_injection"
            else:
                return "generic_vulnerability"

    def generate_fix_for_vulnerability(self, scan_result: Dict, vuln_type: str) -> Optional[Tuple[str, List[str], str, str]]:

I can see the issue now. The problem is in the generate_fix_for_vulnerability method. It's trying to use the fix templates, but it's only applying the first matching pattern and
then breaking the loop. Also, the generic fixes are just adding comments instead of actual fixes.

Let me modify the code to properly apply all the fix patterns and ensure we're using the actual code fixes from the templates.
Build devstral-medium-2507 (07:55 AM)

Edit src/phase3_vulnerability_assessment.py

 209   fix_template = self.fix_templates[template_key]                                      209   fix_template = self.fix_templates[template_key]
 210                                                                                        210
 211   # Apply fix patterns                                                                 211   # Apply fix patterns
 212   fixed_code = code_snippet                                                            212   fixed_code = code_snippet
                                                                                            213 + pattern_matched = False
 213   for pattern, replacement in fix_template["fixes"].items():                           214   for pattern, replacement in fix_template["fixes"].items():
 214       if re.search(pattern, code_snippet):                                             215       if re.search(pattern, code_snippet):
 215           fixed_code = re.sub(pattern, replacement, code_snippet)                      216           fixed_code = re.sub(pattern, replacement, code_snippet)
 216 -         break                                                                        217 +         pattern_matched = True
                                                                                            218 +         break  # Apply only the first matching pattern
 217                                                                                        219
 218 - if fixed_code == code_snippet:                                                       220 + if not pattern_matched:
 219       # No pattern matched, try generic replacement                                    221       # No pattern matched, try generic replacement
 220       return self.generate_generic_fix(code_snippet, vuln_type)                        222       return self.generate_generic_fix(code_snippet, vuln_type)
 221                                                                                        223

edit
Build devstral-medium-2507 (07:59 AM)

TimeoutError: The operation timed out.

the change got a timeout - try again

AI_APICallError: Unexpected role 'user' after role 'tool'

This is occurring every time Opencode tries to make a code edit using Devstral.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions