Skip to content

fix(autonomous): refuse empty admin_ids instead of silent senderId=0 (AUDIT-H6)#271

Merged
xlabtg merged 4 commits intoxlabtg:mainfrom
konard:issue-270-80614f9801f3
Apr 22, 2026
Merged

fix(autonomous): refuse empty admin_ids instead of silent senderId=0 (AUDIT-H6)#271
xlabtg merged 4 commits intoxlabtg:mainfrom
konard:issue-270-80614f9801f3

Conversation

@konard
Copy link
Copy Markdown

@konard konard commented Apr 22, 2026

Summary

Fixes #270 / AUDIT-H6. Previously config.telegram.admin_ids[0] ?? 0 silently coerced the effective sender id to 0 in three places — the autonomous integration, heartbeat startup, and each heartbeat tick. That made admin-only tools fail the registry's scope check with a generic "Tool execution failed", attributed every autonomous action in the audit trail to Telegram user id 0, and made the feature look broken without a useful error.

This PR fails fast instead:

  • createAutonomousManager throws a clear error when admin_ids is empty.
  • buildIntegratedLoopDeps.callTool throws the same way if the list is empty at execution time (guards against config reloads).
  • startAgent skips wiring the autonomous manager and logs a warning rather than starting a broken autonomous layer.
  • Heartbeat startup and runHeartbeat log a warning on empty admin_ids instead of silently doing nothing.

Docs (docs/configuration.md, docs/AUTONOMOUS_MODE.md, config.example.yaml) now call out that admin_ids must be non-empty to enable autonomous mode and the heartbeat.

Changes

  • src/autonomous/integration.ts — throw when admin_ids is empty (createAutonomousManager + callTool).
  • src/index.ts — guard startAgent autonomous wiring and both heartbeat paths, log warnings instead of silent skips.
  • src/autonomous/__tests__/integration.test.ts — new unit tests for the empty / non-empty admin_ids cases and the updated callTool error.
  • docs/configuration.md, docs/AUTONOMOUS_MODE.md, config.example.yaml — note the new requirement.

Acceptance criteria

  • Autonomous manager refuses to start on empty admin_ids with a clear error.
  • startAgent() no longer crashes silently: it logs a warning and skips the autonomous layer instead.
  • Heartbeat logs a warning instead of silently skipping.
  • Unit test: createAutonomousManager throws on admin_ids = [].
  • Unit test: createAutonomousManager starts successfully on admin_ids = [123].
  • Docs updated with the requirement.

Test plan

  • npm run lint passes (eslint src packages/sdk/src --max-warnings 0).
  • npm run typecheck passes (after npm run build:sdk).
  • npm test — 2932 / 2932 tests pass, including 12 tests in src/autonomous/__tests__/integration.test.ts.

Reproduction

Before this PR, starting the agent with telegram.admin_ids: [] and WebUI/API enabled would wire up an autonomous task manager whose tools silently failed the admin-only scope check and attributed every action to Telegram user id 0. After this PR, the autonomous layer refuses to start with an empty list (or logs a warning and skips wiring) and the heartbeat logs a warning instead of running noop ticks.

konard added 2 commits April 22, 2026 20:05
Adding .gitkeep for PR creation (default mode).
This file will be removed when the task is complete.

Issue: xlabtg#270
…(AUDIT-H6, fixes xlabtg#270)

With an empty `telegram.admin_ids`, the autonomous task manager and
heartbeat both coerced the acting sender id to `0`. That made admin-only
tools fail the scope check with a generic "Tool execution failed" and
attributed audit-trail entries to Telegram user id 0 (the bot itself),
with no indication of the real cause.

Fail-fast instead:
- `createAutonomousManager` throws a clear error when `admin_ids` is empty.
- `buildIntegratedLoopDeps.callTool` throws the same way if the list has
  been emptied out after construction.
- `startAgent` skips wiring the autonomous manager and logs a warning
  rather than starting a broken autonomous layer.
- Heartbeat startup and `runHeartbeat` log warnings on empty `admin_ids`
  instead of silently doing nothing.

Docs (`docs/configuration.md`, `docs/AUTONOMOUS_MODE.md`,
`config.example.yaml`) now spell out that `admin_ids` must be non-empty
to enable these features.

Unit tests cover both `admin_ids = []` (throws) and `admin_ids = [123]`
(starts successfully), plus the regression on `buildIntegratedLoopDeps`.
@konard konard changed the title [WIP] audit-h6-admin-ids-fallback-zero fix(autonomous): refuse empty admin_ids instead of silent senderId=0 (AUDIT-H6) Apr 22, 2026
@konard konard marked this pull request as ready for review April 22, 2026 20:33
@konard
Copy link
Copy Markdown
Author

konard commented Apr 22, 2026

Solution summary

Done. PR #271 is ready for review: #271

What changed (AUDIT-H6 / #270): createAutonomousManager and the autonomous callTool now throw a clear error when telegram.admin_ids is empty instead of silently coercing the sender id to 0; startAgent skips the autonomous layer with a warning instead of instantiating a broken one; the heartbeat startup and runHeartbeat log a warning instead of silent-skipping; docs (docs/configuration.md, docs/AUTONOMOUS_MODE.md, config.example.yaml) spell out the non-empty admin_ids requirement.

Verification: npm run lint, npm run typecheck (after npm run build:sdk), and npm test (2932/2932) all pass; new unit tests cover both admin_ids = [] (throws) and admin_ids = [123] (succeeds).


This summary was automatically extracted from the AI working session output.

@konard
Copy link
Copy Markdown
Author

konard commented Apr 22, 2026

🤖 Solution Draft Log

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost: $4.352163

📊 Context and tokens usage:

  • 96.8K / 1M (10%) input tokens, 22.0K / 128K (17%) output tokens

Total: (97.9K + 6.4M cached) input tokens, 22.0K output tokens, $4.352163 cost

🤖 Models used:

  • Tool: Anthropic Claude Code
  • Requested: opus
  • Model: Claude Opus 4.7 (claude-opus-4-7)

📎 Log file uploaded as Gist (2432KB)


Now working session is ended, feel free to review and add any feedback on the solution draft.

@konard
Copy link
Copy Markdown
Author

konard commented Apr 22, 2026

🔄 Auto-restart triggered (iteration 1)

Reason: Merge conflicts detected

Starting new session to address the issues.


Auto-restart-until-mergeable mode is active. Will continue until PR becomes mergeable.

konard added 2 commits April 22, 2026 20:39
Resolves conflicts in:
- .gitkeep: union of timestamps
- src/index.ts: keep instance-field autonomousManager (AUDIT-C2) with admin_ids guard (AUDIT-H6)
- src/autonomous/__tests__/integration.test.ts: keep both AUDIT-H2 escalation tests and AUDIT-H6 admin_ids guard tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

audit-h6-admin-ids-fallback-zero

2 participants