Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-16 17:55:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(tool-parsing): don't ship unconvertible <invoke> fence content to the code executor (#2926)

Browse Source
This commit is contained in:
nubs
2026-06-05 19:08:54 +00:00
committed by GitHub
parent 47a47bf71d
commit 08e543d1ff
2 changed files with 41 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/tool_parsing.py
+5 -4
View File
@@ -354,14 +354,15 @@ def parse_tool_blocks(text: str) -> List[ToolBlock]:
# If a code block's content is an <invoke> XML call (some models wrap # If a code block's content is an <invoke> XML call (some models wrap
# tool calls in ```python or ```xml fences), parse the invoke instead. # tool calls in ```python or ```xml fences), parse the invoke instead.
if '<invoke' in content: if '<invoke' in content:
invoked = False
for inv in _XML_INVOKE_RE.finditer(content): for inv in _XML_INVOKE_RE.finditer(content):
block = _parse_xml_invoke(inv) block = _parse_xml_invoke(inv)
if block: if block:
blocks.append(block) blocks.append(block)
invoked = True # This fenced block is <invoke> markup, not literal code. Whether or
if invoked: # not any call converted, never fall through to append the raw XML as
continue # a python/bash block — e.g. a hyphenated/namespaced tool name that
# _XML_INVOKE_RE's \w+ can't match would otherwise be executed as code.
continue
blocks.append(ToolBlock(tag, content)) blocks.append(ToolBlock(tag, content))
# Pattern 2: [TOOL_CALL] blocks (only if no fenced blocks found) # Pattern 2: [TOOL_CALL] blocks (only if no fenced blocks found)
tests/test_fenced_invoke_no_raw_xml.py
+36
View File
@@ -0,0 +1,36 @@
"""Issue #2925 — a fenced ```python/```bash block wrapping an <invoke> call that
can't be converted (e.g. a hyphenated/namespaced tool name that _XML_INVOKE_RE's
\\w+ won't match, or an unknown tool) must NOT fall through and ship the raw XML
to the code executor as if it were python/bash.
"""
import sys
from unittest.mock import MagicMock
for mod in ['src.agent_tools', 'src.tool_parsing', 'src.tool_schemas', 'src.tool_execution']:
sys.modules.pop(mod, None)
for mod in [
'sqlalchemy', 'sqlalchemy.orm', 'sqlalchemy.ext', 'sqlalchemy.ext.declarative',
'sqlalchemy.ext.hybrid', 'sqlalchemy.sql', 'sqlalchemy.sql.expression',
'src.database', 'core.models', 'core.database', 'core.auth'
]:
if mod not in sys.modules:
sys.modules[mod] = MagicMock()
import src.agent_tools # noqa: E402, F401
from src.tool_parsing import parse_tool_blocks # noqa: E402
def test_unconvertible_invoke_in_fence_is_not_executed_as_code():
text = '```python\n<invoke name="foo-bar">\n<parameter name="x">1</parameter>\n</invoke>\n```'
blocks = parse_tool_blocks(text)
# the hyphenated name can't match _XML_INVOKE_RE, so nothing converts —
# the raw XML must not be appended as a python/bash code block.
assert not any(
b.tool_type in ("python", "bash") and "<invoke" in b.content for b in blocks
), blocks
def test_plain_fenced_python_block_still_parses_as_code():
# No regression: an ordinary fenced python block (no <invoke>) still works.
blocks = parse_tool_blocks('```python\nprint("hi")\n```')
assert any(b.tool_type == "python" and 'print("hi")' in b.content for b in blocks), blocks