fix(stabilization): harden attachment lifecycle and agent guard signals (#5420)

* fix: harden stabilization attachment and agent guards

* fix(uploads): preserve durable references during cleanup

* fix(uploads): close cleanup and compaction races
This commit is contained in:
falabellamichael
2026-07-11 10:14:14 -04:00
committed by GitHub
parent 6b8f84553c
commit d16b849c3e
29 changed files with 2718 additions and 189 deletions
+16 -2
View File
@@ -13,8 +13,9 @@ from sqlalchemy import or_, and_
from dateutil.rrule import rrulestr
from core.database import SessionLocal, CalendarCal, CalendarDeletedEvent, CalendarEvent
from src.auth_helpers import require_user
from src.auth_helpers import effective_user, require_user
from src.upload_limits import read_upload_limited, ICS_MAX_BYTES
from src.upload_handler import reserve_upload_references
logger = logging.getLogger(__name__)
@@ -697,9 +698,18 @@ def _expand_rrule(
# ── Routes ──
def setup_calendar_routes() -> APIRouter:
def setup_calendar_routes(upload_handler=None) -> APIRouter:
router = APIRouter(prefix="/api/calendar", tags=["calendar"])
def _reserve_calendar_uploads(request: Request, *values) -> None:
missing_id = reserve_upload_references(
upload_handler,
effective_user(request),
*values,
)
if missing_id:
raise HTTPException(409, f"Referenced upload is no longer available: {missing_id}")
# ── CalDAV multi-account helpers ─────────────────────────────────────────
def _get_caldav_accounts(owner: str) -> list:
@@ -1087,6 +1097,7 @@ def setup_calendar_routes() -> APIRouter:
@router.post("/events")
async def create_event(request: Request, data: EventCreate):
owner = _require_user(request)
_reserve_calendar_uploads(request, data.color, data.description, data.location)
db = SessionLocal()
try:
cal = None
@@ -1148,6 +1159,7 @@ def setup_calendar_routes() -> APIRouter:
@router.put("/events/{uid}")
async def update_event(request: Request, uid: str, data: EventUpdate):
owner = _require_user(request)
_reserve_calendar_uploads(request, data.color, data.description, data.location)
try:
base_uid = _resolve_base_uid(uid)
except ValueError as e:
@@ -1241,6 +1253,7 @@ def setup_calendar_routes() -> APIRouter:
@router.post("/calendars")
async def create_calendar(request: Request, name: str = "Imported", color: str = "#5b8abf"):
owner = _require_user(request)
_reserve_calendar_uploads(request, color)
db = SessionLocal()
try:
cal = CalendarCal(
@@ -1263,6 +1276,7 @@ def setup_calendar_routes() -> APIRouter:
@router.put("/calendars/{cal_id}")
async def update_calendar(request: Request, cal_id: str, name: str = None, color: str = None):
owner = _require_user(request)
_reserve_calendar_uploads(request, color)
db = SessionLocal()
try:
cal = _get_or_404_calendar(db, cal_id, owner)
+9 -5
View File
@@ -17,6 +17,7 @@ from src.context_compactor import maybe_compact, trim_for_context
from src.model_context import estimate_tokens
from src.auth_helpers import effective_user
from src.prompt_security import untrusted_context_message
from src.attachment_refs import attachment_ref
from routes.prefs_routes import _load_for_user as load_prefs_for_user
from fastapi import HTTPException
@@ -418,13 +419,16 @@ def build_uploaded_file_manifest(att_ids: list, upload_handler, owner: Optional[
except Exception:
path = None
manifest.append({
"id": info.get("id") or str(att_id),
"name": info.get("name") or info.get("original_name") or str(att_id),
"mime": info.get("mime", ""),
"size": info.get("size", 0),
ref = attachment_ref({**info, "id": info.get("id") or str(att_id)})
ref.update({
"id": ref["attachment_id"],
"uri": f"odysseus://attachment/{ref['attachment_id']}",
"read_policy": "owner_checked_upload",
# Transitional compatibility: existing built-in tools can still use
# this path, but only after owner, upload-root, and tool-root checks.
"path": path,
})
manifest.append(ref)
return manifest
+3 -1
View File
@@ -1450,7 +1450,9 @@ def setup_chat_routes(
"tool_start", "tool_output", "agent_step",
"doc_stream_open", "doc_stream_delta",
"doc_update", "doc_suggestions", "ui_control",
"rounds_exhausted",
"rounds_exhausted", "budget_exceeded",
"loop_breaker_triggered",
"intent_nudge_exhausted",
"ask_user",
"plan_update",
):
+11
View File
@@ -12,6 +12,7 @@ from core.database import SessionLocal, Document, DocumentVersion
from core.database import Session as DbSession
from src.auth_helpers import get_current_user, _auth_disabled
from src.constants import MAIL_ATTACHMENTS_DIR
from src.upload_handler import reserve_upload_references
logger = logging.getLogger(__name__)
@@ -78,6 +79,14 @@ from routes.document_helpers import (
def setup_document_routes(session_manager, upload_handler=None) -> APIRouter:
router = APIRouter(tags=["documents"])
def _reserve_document_uploads(user: Optional[str], content: str) -> None:
missing_id = reserve_upload_references(upload_handler, user, content)
if missing_id:
raise HTTPException(
409,
f"Referenced upload is no longer available: {missing_id}",
)
def _locate_current_user_upload(request: Request, upload_id: str, user: Optional[str]):
if upload_handler is None:
return None
@@ -124,6 +133,7 @@ def setup_document_routes(session_manager, upload_handler=None) -> APIRouter:
if _looks_like_email_document(req.content, req.title):
language = "email"
_reserve_document_uploads(user, req.content)
_assert_pdf_marker_upload_owned(request, req.content, user, upload_handler)
# Reply drafts are keyed to the source email. If a UI/tool path tries
@@ -636,6 +646,7 @@ def setup_document_routes(session_manager, upload_handler=None) -> APIRouter:
if doc.current_content == incoming_content and not req.force_version:
return _doc_to_dict(doc)
_reserve_document_uploads(user, incoming_content)
_assert_pdf_marker_upload_owned(request, incoming_content, user, upload_handler)
# Check if we can coalesce with the latest version
+28 -2
View File
@@ -10,7 +10,9 @@ from fastapi import APIRouter, Request, HTTPException
from core.models import ChatMessage
from core.database import SessionLocal, ChatMessage as DbChatMessage, Session as DbSession
from src.auth_helpers import effective_user
from src.topic_analyzer import analyze_topics
from src.upload_handler import reserve_message_upload_references
from routes.session_routes import (
_message_role,
_message_text,
@@ -98,9 +100,29 @@ def _merge_continue_rows_to_delete(db_messages, db1, db2):
return to_delete
def setup_history_routes(session_manager) -> APIRouter:
def setup_history_routes(session_manager, upload_handler=None) -> APIRouter:
router = APIRouter(tags=["history"])
def _reserve_message_uploads(
request: Request,
content: Any,
metadata: Any = None,
) -> None:
try:
missing_id = reserve_message_upload_references(
upload_handler,
effective_user(request),
content,
metadata,
)
except (TypeError, ValueError) as exc:
raise HTTPException(400, "Invalid message attachment metadata") from exc
if missing_id:
raise HTTPException(
409,
f"Referenced upload is no longer available: {missing_id}",
)
def _db_history_entry(m: DbChatMessage) -> Dict[str, Any]:
entry = {"role": m.role, "content": _history_display_content(m.content)}
meta = {}
@@ -251,7 +273,9 @@ def setup_history_routes(session_manager) -> APIRouter:
content = body.get("content", "")
if not content:
raise HTTPException(400, "content is required")
msg = ChatMessage(role=role, content=content, metadata=body.get("metadata"))
metadata = body.get("metadata")
_reserve_message_uploads(request, content, metadata)
msg = ChatMessage(role=role, content=content, metadata=metadata)
session_manager.add_message(session_id, msg)
return {"status": "ok"}
except KeyError:
@@ -331,6 +355,8 @@ def setup_history_routes(session_manager) -> APIRouter:
if not msg_id or content is None:
raise HTTPException(400, "msg_id and content are required")
_reserve_message_uploads(request, content)
session = session_manager.get_session(session_id)
db = SessionLocal()
try:
+21 -1
View File
@@ -13,6 +13,7 @@ from core.database import SessionLocal, Note
from core.middleware import INTERNAL_TOOL_USER
from src.auth_helpers import require_user
from src.constants import DATA_DIR
from src.upload_handler import reserve_upload_references
from sqlalchemy.orm.attributes import flag_modified
logger = logging.getLogger(__name__)
@@ -574,7 +575,7 @@ async def dispatch_reminder(
# Router factory
# ---------------------------------------------------------------------------
def setup_note_routes(task_scheduler=None):
def setup_note_routes(task_scheduler=None, upload_handler=None):
# Expose the scheduler to module-level `dispatch_reminder` so reminders
# can also push to the in-app notification queue (the polling system
# turns each entry into a real browser Notification + the existing
@@ -596,6 +597,11 @@ def setup_note_routes(task_scheduler=None):
# did not.
return require_user(request) or None
def _reserve_note_uploads(owner: Optional[str], *values) -> None:
missing_id = reserve_upload_references(upload_handler, owner, *values)
if missing_id:
raise HTTPException(409, f"Referenced upload is no longer available: {missing_id}")
def _is_admin_or_single_user(request: Request, user: str | None) -> bool:
if user == INTERNAL_TOOL_USER:
return True
@@ -645,6 +651,13 @@ def setup_note_routes(task_scheduler=None):
@router.post("")
def create_note(request: Request, body: NoteCreate):
user = _owner(request)
_reserve_note_uploads(
user,
body.image_url,
body.color,
body.content,
json.dumps(body.items) if body.items is not None else None,
)
db = SessionLocal()
try:
note = Note(
@@ -702,6 +715,13 @@ def setup_note_routes(task_scheduler=None):
if user is not None and note.owner != user:
raise HTTPException(404, "Note not found")
_reserve_note_uploads(
user,
body.image_url,
body.color,
body.content,
json.dumps(body.items) if body.items is not None else None,
)
if body.title is not None:
note.title = body.title
if body.content is not None:
+23 -1
View File
@@ -13,6 +13,7 @@ from src.request_models import SessionResponse
from core.database import Session as DbSession, SessionLocal, Document, GalleryImage, utcnow_naive
from src.auth_helpers import effective_user, _auth_disabled, owner_filter
from src.session_actions import is_session_recently_active
from src.upload_handler import reserve_message_upload_references
def _sanitize_export_filename(name: str) -> str:
@@ -203,7 +204,12 @@ def _pick_endpoint_for_sort(owner=None):
return url, model, headers
return None, None, None
def setup_session_routes(session_manager: SessionManager, config: dict, webhook_manager=None):
def setup_session_routes(
session_manager: SessionManager,
config: dict,
webhook_manager=None,
upload_handler=None,
):
"""Setup session routes with the provided manager and config"""
REQUEST_TIMEOUT = config.get("REQUEST_TIMEOUT", 20)
@@ -537,6 +543,22 @@ def setup_session_routes(session_manager: SessionManager, config: dict, webhook_
body = await request.json()
messages = body.get("messages", [])
from core.models import ChatMessage
owner = effective_user(request)
try:
for message in messages:
missing_id = reserve_message_upload_references(
upload_handler,
owner,
message.get("content"),
message.get("metadata"),
)
if missing_id:
raise HTTPException(
409,
f"Referenced upload is no longer available: {missing_id}",
)
except (AttributeError, TypeError, ValueError) as exc:
raise HTTPException(400, "Invalid message attachment metadata") from exc
for m in messages:
sess.add_message(ChatMessage(m["role"], m["content"], metadata=m.get("metadata")))
session_manager.save_sessions()
+145 -3
View File
@@ -10,16 +10,140 @@ from fastapi import APIRouter, Request, File, UploadFile, HTTPException, Form
from typing import List, Optional
import logging
from core.middleware import require_admin
from core.database import SessionLocal, GalleryImage, Session as DbSession
from core.database import (
SessionLocal,
ChatMessage as DbChatMessage,
CalendarCal,
CalendarEvent,
Document,
DocumentVersion,
GalleryImage,
Note,
Session as DbSession,
)
from src.auth_helpers import effective_user
from src.attachment_refs import attachment_refs_from_metadata
from src.constants import GENERATED_IMAGES_DIR
from src.upload_handler import count_recent_uploads
from src.upload_handler import (
UploadCleanupSafetyError,
count_recent_uploads,
extract_upload_ids,
)
logger = logging.getLogger(__name__)
router = APIRouter(prefix="/api/upload", tags=["upload"])
UPLOAD_RESPONSE_HEADERS = {"X-Content-Type-Options": "nosniff"}
def _upload_ids_from_persisted_text(value: object) -> set[str]:
"""Return canonical upload IDs embedded in persisted text.
This covers attachment reference lines/URIs and the PDF source markers
stored by the document editor. False positives are intentionally
conservative: retaining an extra upload is safer than deleting referenced
bytes.
"""
return extract_upload_ids(value)
def _upload_ids_from_message_metadata(raw_metadata: object) -> set[str]:
"""Extract attachment IDs from a persisted chat metadata JSON value.
Malformed metadata raises instead of being treated as an empty reference
set. The admin cleanup route catches that failure and aborts cleanup.
"""
if raw_metadata in (None, ""):
return set()
if isinstance(raw_metadata, str):
metadata = json.loads(raw_metadata)
else:
metadata = raw_metadata
if not isinstance(metadata, dict):
raise ValueError("chat message metadata must be a JSON object")
attachments = metadata.get("attachments")
if attachments is not None:
if not isinstance(attachments, list) or any(
not isinstance(item, dict) for item in attachments
):
raise ValueError("chat message attachments metadata is malformed")
ids = {
str(ref["attachment_id"])
for ref in attachment_refs_from_metadata(metadata)
if ref.get("attachment_id")
}
# Preserve canonical IDs even in older metadata shapes not normalized by
# attachment_refs_from_metadata().
ids.update(_upload_ids_from_persisted_text(json.dumps(metadata)))
return ids
def _collect_persisted_upload_references() -> tuple[set[str], set[str]]:
"""Collect upload IDs/hashes still referenced by durable application data.
The caller must treat any exception as an incomplete scan and fail closed.
There is no distinct artifact table in the current schema; artifact-like
attachment references persisted in chat/document text are covered by the
canonical-ID scan.
"""
referenced_ids: set[str] = set()
referenced_hashes: set[str] = set()
db = SessionLocal()
try:
for content, raw_metadata in db.query(
DbChatMessage.content,
DbChatMessage.meta_data,
).yield_per(500):
referenced_ids.update(_upload_ids_from_persisted_text(content))
referenced_ids.update(_upload_ids_from_message_metadata(raw_metadata))
for (content,) in db.query(Document.current_content).yield_per(500):
referenced_ids.update(_upload_ids_from_persisted_text(content))
for (content,) in db.query(DocumentVersion.content).yield_per(500):
referenced_ids.update(_upload_ids_from_persisted_text(content))
for filename, file_hash in db.query(
GalleryImage.filename,
GalleryImage.file_hash,
).yield_per(500):
referenced_ids.update(_upload_ids_from_persisted_text(filename))
if file_hash:
referenced_hashes.add(str(file_hash))
for image_url, color, content, items in db.query(
Note.image_url,
Note.color,
Note.content,
Note.items,
).yield_per(500):
for value in (image_url, color, content, items):
referenced_ids.update(_upload_ids_from_persisted_text(value))
for (color,) in db.query(CalendarCal.color).yield_per(500):
referenced_ids.update(_upload_ids_from_persisted_text(color))
for color, description, location in db.query(
CalendarEvent.color,
CalendarEvent.description,
CalendarEvent.location,
).yield_per(500):
for value in (color, description, location):
referenced_ids.update(_upload_ids_from_persisted_text(value))
return referenced_ids, referenced_hashes
finally:
db.close()
def _run_reference_safe_cleanup(upload_handler) -> int:
referenced_ids, referenced_hashes = _collect_persisted_upload_references()
return upload_handler.cleanup_old_uploads(
referenced_upload_ids=referenced_ids,
referenced_upload_hashes=referenced_hashes,
)
def setup_upload_routes(upload_handler):
"""Setup upload routes with the provided handler"""
@@ -172,7 +296,9 @@ def setup_upload_routes(upload_handler):
"mime": meta["mime"],
"size": meta["size"],
"hash": meta["hash"],
"checksum_sha256": meta.get("checksum_sha256") or meta["hash"],
"uploaded_at": meta["uploaded_at"],
"created_at": meta.get("created_at") or meta["uploaded_at"],
"width": meta.get("width"),
"height": meta.get("height"),
"is_duplicate": meta.get("is_duplicate", False)
@@ -195,7 +321,23 @@ def setup_upload_routes(upload_handler):
async def manual_cleanup(request: Request):
"""Manually trigger cleanup of old uploads."""
require_admin(request)
cleaned_count = upload_handler.cleanup_old_uploads()
try:
cleaned_count = await asyncio.to_thread(
_run_reference_safe_cleanup,
upload_handler,
)
except UploadCleanupSafetyError:
logger.exception("Upload cleanup aborted because index safety checks failed")
raise HTTPException(
503,
"Upload cleanup aborted because upload index integrity could not be verified",
)
except Exception:
logger.exception("Upload cleanup skipped because reference discovery failed")
raise HTTPException(
503,
"Upload cleanup skipped because persisted references could not be verified",
)
return {"status": "success", "files_cleaned": cleaned_count}
@router.get("/stats")