fix: agent_input_token_budget wrongly treated as a secret and unsettable from chat (#1294)
* fix: don't classify agent_input_token_budget as a secret (token must be a suffix) * test: agent_input_token_budget is settable from chat
This commit is contained in:
Afonso Coutinho
@@ -1527,7 +1527,14 @@ async def do_manage_settings(content: str, owner: Optional[str] = None) -> Dict:
|
|||||||
"tavily_api_key", "serper_api_key", "app_public_url",
|
"tavily_api_key", "serper_api_key", "app_public_url",
|
||||||
}
|
}
|
||||||
def _is_secret(k):
|
def _is_secret(k):
|
||||||
return k in _SECRET_KEYS or any(t in k for t in ("api_key", "_key", "token", "secret", "password"))
|
# `token` must be a suffix, not a substring: otherwise the int
|
||||||
|
# setting `agent_input_token_budget` (which even has a "token budget"
|
||||||
|
# alias to set it from chat) is wrongly classified as a credential.
|
||||||
|
return (
|
||||||
|
k in _SECRET_KEYS
|
||||||
|
or k.endswith("token")
|
||||||
|
or any(t in k for t in ("api_key", "_key", "secret", "password"))
|
||||||
|
)
|
||||||
|
|
||||||
# Friendly aliases → real keys, so natural phrasing resolves.
|
# Friendly aliases → real keys, so natural phrasing resolves.
|
||||||
_ALIASES_SET = {
|
_ALIASES_SET = {
|
||||||
|
|||||||
22
tests/test_manage_settings_token_budget.py
Normal file
22
tests/test_manage_settings_token_budget.py
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
"""Regression: agent_input_token_budget must be settable from chat (not flagged secret)."""
|
||||||
|
import asyncio
|
||||||
|
import json
|
||||||
|
|
||||||
|
import src.settings as settings_mod
|
||||||
|
from src.tool_implementations import do_manage_settings
|
||||||
|
|
||||||
|
|
||||||
|
def test_set_token_budget_is_not_refused_as_secret(monkeypatch):
|
||||||
|
store = {}
|
||||||
|
monkeypatch.setattr(settings_mod, "load_settings", lambda: dict(store))
|
||||||
|
monkeypatch.setattr(settings_mod, "save_settings", lambda s: store.update(s))
|
||||||
|
|
||||||
|
result = asyncio.run(do_manage_settings(json.dumps({
|
||||||
|
"action": "set", "key": "agent_input_token_budget", "value": 8000,
|
||||||
|
})))
|
||||||
|
|
||||||
|
# The "token" substring used to flag this int setting as a credential and
|
||||||
|
# refuse to set it (even though there's a deliberate "token budget" alias).
|
||||||
|
assert "credential" not in result.get("response", "").lower(), result
|
||||||
|
assert result.get("exit_code") == 0, result
|
||||||
|
assert store.get("agent_input_token_budget") == 8000
|
||||||
Reference in New Issue
Block a user