mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-15 01:01:09 +02:00
eb8fac23ec
Two loose ends from M3/M4:
1. Tool_use_id-based error attribution in the persona-runner
-----------------------------------------------------------
The previous collectActionsFromMessage() flipped the *most recent*
ActionRow to 'error' when a tool_result carried is_error:true. That was
fine as long as Claude invoked tools strictly in sequence, but when
the planner pipelines multiple tools in one turn, a later tool_result
carries an earlier tool_use_id — the last-action fallback mis-
attributes the error.
runMainTurn() now keeps a tool_use_id → action-index Map for the
duration of the tick. On tool_use we stash block.id, on tool_result we
look up the exact ActionRow via tool_use_id and flip that one. The
"flip last" path survives as a pure fallback if a future SDK ever
ships a block without an id.
2. New audit:encrypted-tools script
-----------------------------------
scripts/audit-encrypted-tools.ts — loads registerAllModules() and
apps/mana/…/crypto/registry.ts, diffs every ToolSpec.encryptedFields
against the authoritative web-app ENCRYPTION_REGISTRY.
Catches three classes of drift:
- missing-table : tool declares a table the web-app doesn't encrypt
- field-drift : both agree a table is encrypted but the field lists
differ (half-encryption in the wire is silent death)
- disabled : web-app has enabled:false while the tool still
encrypts — advisory warning, not a fail
Negative-tested by injecting a deliberate drift on todo.create +
todo.list (shortened ENCRYPTED_FIELDS to ['title']); the auditor
flagged both tools with full field diffs, restore returned to green.
Wired into `pnpm run validate:all` so the contract survives future
edits on either side. Fills the M4 audit gap noted in
project_mana_mcp_personas.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| dev | ||
| mac-mini | ||
| personas | ||
| test-data | ||
| test-reporting | ||
| audit-bundle.mjs | ||
| audit-complexity.mjs | ||
| audit-crypto-registry.mjs | ||
| audit-encrypted-tools.ts | ||
| audit-i18n-coverage.mjs | ||
| audit-icon-usage.mjs | ||
| audit-module-coupling.mjs | ||
| audit-modules.mjs | ||
| audit-port-drift.mjs | ||
| audit-test-coverage.mjs | ||
| audit-workspace-deps.mjs | ||
| backup-monitoring.sh | ||
| build-complexity-map.mjs | ||
| check-status.sh | ||
| create-gift-codes.mjs | ||
| deploy-metrics.sh | ||
| ecosystem-audit.mjs | ||
| fix-mixed-imports.mjs | ||
| generate-dockerfiles.mjs | ||
| generate-env.mjs | ||
| generate-status-page.sh | ||
| lighthouse-audit.sh | ||
| migrate-theme-tokens.mjs | ||
| migrate-transition-all.mjs | ||
| run-integration-tests.sh | ||
| run-tests-with-coverage.sh | ||
| setup-databases.sh | ||
| setup-secrets.mjs | ||
| test-chat-auth.sh | ||
| validate-cloudflared-config.mjs | ||
| validate-dockerfiles.mjs | ||
| validate-monorepo.mjs | ||
| validate-no-recursive-turbo.mjs | ||
| validate-pg-schema-isolation.mjs | ||
| validate-theme-parity.mjs | ||
| validate-theme-utilities.mjs | ||
| validate-theme-variables.mjs | ||