fix(autonomous): refuse empty admin_ids instead of silent senderId=0 (AUDIT-H6)#271
Conversation
Adding .gitkeep for PR creation (default mode). This file will be removed when the task is complete. Issue: xlabtg#270
…(AUDIT-H6, fixes xlabtg#270) With an empty `telegram.admin_ids`, the autonomous task manager and heartbeat both coerced the acting sender id to `0`. That made admin-only tools fail the scope check with a generic "Tool execution failed" and attributed audit-trail entries to Telegram user id 0 (the bot itself), with no indication of the real cause. Fail-fast instead: - `createAutonomousManager` throws a clear error when `admin_ids` is empty. - `buildIntegratedLoopDeps.callTool` throws the same way if the list has been emptied out after construction. - `startAgent` skips wiring the autonomous manager and logs a warning rather than starting a broken autonomous layer. - Heartbeat startup and `runHeartbeat` log warnings on empty `admin_ids` instead of silently doing nothing. Docs (`docs/configuration.md`, `docs/AUTONOMOUS_MODE.md`, `config.example.yaml`) now spell out that `admin_ids` must be non-empty to enable these features. Unit tests cover both `admin_ids = []` (throws) and `admin_ids = [123]` (starts successfully), plus the regression on `buildIntegratedLoopDeps`.
konard
changed the title
Solution summaryDone. PR #271 is ready for review: #271 What changed (AUDIT-H6 / #270): Verification: This summary was automatically extracted from the AI working session output. |
🤖 Solution Draft LogThis log file contains the complete execution trace of the AI solution draft process. 💰 Cost: $4.352163📊 Context and tokens usage:
Total: (97.9K + 6.4M cached) input tokens, 22.0K output tokens, $4.352163 cost 🤖 Models used:
📎 Log file uploaded as Gist (2432KB)Now working session is ended, feel free to review and add any feedback on the solution draft. |
🔄 Auto-restart triggered (iteration 1)Reason: Merge conflicts detected Starting new session to address the issues. Auto-restart-until-mergeable mode is active. Will continue until PR becomes mergeable. |
Resolves conflicts in: - .gitkeep: union of timestamps - src/index.ts: keep instance-field autonomousManager (AUDIT-C2) with admin_ids guard (AUDIT-H6) - src/autonomous/__tests__/integration.test.ts: keep both AUDIT-H2 escalation tests and AUDIT-H6 admin_ids guard tests
# Conflicts: # .gitkeep
2 participants
Summary
Fixes #270 / AUDIT-H6. Previously
config.telegram.admin_ids[0] ?? 0silently coerced the effective sender id to0in three places — the autonomous integration, heartbeat startup, and each heartbeat tick. That made admin-only tools fail the registry's scope check with a generic"Tool execution failed", attributed every autonomous action in the audit trail to Telegram user id0, and made the feature look broken without a useful error.This PR fails fast instead:
createAutonomousManagerthrows a clear error whenadmin_idsis empty.buildIntegratedLoopDeps.callToolthrows the same way if the list is empty at execution time (guards against config reloads).startAgentskips wiring the autonomous manager and logs a warning rather than starting a broken autonomous layer.runHeartbeatlog a warning on emptyadmin_idsinstead of silently doing nothing.Docs (
docs/configuration.md,docs/AUTONOMOUS_MODE.md,config.example.yaml) now call out thatadmin_idsmust be non-empty to enable autonomous mode and the heartbeat.Changes
src/autonomous/integration.ts— throw whenadmin_idsis empty (createAutonomousManager+callTool).src/index.ts— guardstartAgentautonomous wiring and both heartbeat paths, log warnings instead of silent skips.src/autonomous/__tests__/integration.test.ts— new unit tests for the empty / non-emptyadmin_idscases and the updatedcallToolerror.docs/configuration.md,docs/AUTONOMOUS_MODE.md,config.example.yaml— note the new requirement.Acceptance criteria
admin_idswith a clear error.startAgent()no longer crashes silently: it logs a warning and skips the autonomous layer instead.createAutonomousManagerthrows onadmin_ids = [].createAutonomousManagerstarts successfully onadmin_ids = [123].Test plan
npm run lintpasses (eslint src packages/sdk/src --max-warnings 0).npm run typecheckpasses (afternpm run build:sdk).npm test— 2932 / 2932 tests pass, including 12 tests insrc/autonomous/__tests__/integration.test.ts.Reproduction
Before this PR, starting the agent with
telegram.admin_ids: []and WebUI/API enabled would wire up an autonomous task manager whose tools silently failed the admin-only scope check and attributed every action to Telegram user id0. After this PR, the autonomous layer refuses to start with an empty list (or logs a warning and skips wiring) and the heartbeat logs a warning instead of running noop ticks.