Skip to content

fix(session): sanitize part IDs after plugin hooks#18788

Open
CybLow wants to merge 1 commit intoanomalyco:devfrom
CybLow:fix/sanitize-plugin-part-ids
Open

fix(session): sanitize part IDs after plugin hooks#18788
CybLow wants to merge 1 commit intoanomalyco:devfrom
CybLow:fix/sanitize-plugin-part-ids

Conversation

@CybLow
Copy link

@CybLow CybLow commented Mar 23, 2026
edited
Loading

Issue for this PR

Closes #18780

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

Since v1.2.25 (#16966), all part IDs must start with "prt" (enforced by PartID.zod = z.string().startsWith("prt")). The createUserMessage() function in prompt.ts correctly generates compliant IDs via the assign() function. However, it then calls Plugin.trigger("chat.message", ..., { message: info, parts }), passing the parts array by reference to plugin hooks.

Plugins like opencode-supermemory push new parts into this array with non-compliant IDs (e.g., supermemory-nudge-*, supermemory-context-*). When Session.updatePart() is called afterwards, fn(MessageV2.Part, ...) runs PartID.zod.parse() and throws a ZodError, crashing the session.

This fix adds a sanitization loop after Plugin.trigger("chat.message") returns: any part with a missing or non-"prt" prefixed ID gets reassigned a valid PartID.ascending(). This protects the core against misbehaving plugins without breaking any existing behavior — parts that already have valid IDs are left untouched.

How did you verify your code works?

  1. Identified the crash by tracing the stack from fn() in util/fn.ts through Session.updatePart() back to createUserMessage()
  2. Confirmed that opencode-supermemory plugin injects parts with supermemory-nudge-* and supermemory-context-* IDs at dist/index.js:14548,14582
  3. Verified locally that after patching, messages send without the ZodError when the plugin is active

Screenshots / recordings

Not a UI change.

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

@CybLow
fix(session): sanitize part IDs after plugin hooks to prevent schema …
bc69386 
…validation crash

Plugins that hook into chat.message can push new parts into the parts
array with non-compliant IDs (missing the required prt prefix). This
causes Session.updatePart() to throw a ZodError since v1.2.25 when
branded PartID validation was introduced (anomalyco#16966).

After Plugin.trigger(chat.message) returns, re-assign any invalid
part IDs with PartID.ascending() so misbehaving plugins cannot crash
the core.

Fixes anomalyco#18780
@github-actions github-actions bot added needs:issue needs:compliance This means the issue will auto-close after 2 hours. labels Mar 23, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 23, 2026

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

@github-actions github-actions bot removed the needs:compliance This means the issue will auto-close after 2 hours. label Mar 23, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 23, 2026

Thanks for updating your PR! It now meets our contributing guidelines. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs:issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Schema validation error

1 participant

@CybLow