fix(listen): trust backend mentions array instead of content regex#31
Merged
fix(listen): trust backend mentions array instead of content regex#31
Conversation
`_should_respond` previously matched mentions via `f"@{agent_name}" in
content`, which ignored the backend's authoritative `mentions` array
in the event payload. That was a latent bug with a real consequence:
when the backend filters disabled agents out of the mentions list
(kill switch enforcement in ax-backend messages_notifications.
broadcast_sse), `ax listen` would still match on the raw content text
and queue the mention — bypassing the server-side filter.
This patch flips the logic: trust the `mentions` array if the event
payload includes one, falling back to content regex only for legacy
or non-standard events that don't carry `mentions`. An empty
`mentions: []` is meaningful — it means "no active mentions for this
message" — and the function correctly returns False in that case
instead of falling through to the regex.
Enforcement still lives at the API (ax-backend
broadcast_sse → AgentControlService). This change simply stops
duplicating the decision client-side with a stale, content-based
check. The client becomes a pure consumer of the backend's
authoritative routing list.
Unit-tested against 8 cases:
1. Filtered empty mentions (backend removed us) → False ✓
2. Mentions list has us → True ✓
3. Mentions list has other agent → False ✓
4. Legacy event without mentions field → True (content regex) ✓
5. Self-mention → False (self-filter preserved) ✓
6. Mention-event payload shape → True ✓
7. Dict mentions entries → True ✓
8. @ prefix in mentions strings → True ✓
Context: pairs with ax-backend d6fb390 (kill switch filter at
broadcast boundary). The two together give universal enforcement with
no client-side kill switch re-implementation. Supersedes reverted PR
#29 architectural direction.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Removes a latent bug in `ax listen` where `_should_respond` matched @mentions via content regex instead of trusting the event payload's `mentions` array. That bug had no consequence until ax-backend started filtering disabled agents out of the mentions list at broadcast time (see ax-backend `d6fb390` "feat(notifications): enforce kill switch at mention broadcast boundary"). Now the regex path bypasses the server-side filter and lets `ax listen` respond to messages the backend has explicitly excluded.
This is not a kill switch implementation. It removes client-side re-inference in favor of trusting the backend's authoritative list. Enforcement still lives at the API (ax-backend `broadcast_sse` → `AgentControlService`). This change stops the client from disagreeing with it.
What changed
`_should_respond(data, agent_name, agent_id)`:
Test plan
Context
This is the second half of the kill-switch-enforcement-at-the-API fix. First half is ax-backend `d6fb390` which makes the backend filter disabled agents out of the mentions list universally. Second half (this PR) is the client trusting that list. Together: one enforcement point at the API, all clients that trust the mentions contract respect it automatically.
Reverted PR #29 added a client-side kill switch check to `ax listen`. That was the wrong shape. This PR is the correct shape: fix a client bug that was bypassing the server's authoritative routing.