npm - @librechat/agents - Versions diffs - 3.1.77-dev.1 → 3.1.78-dev.0 - Mend

@librechat/agents 3.1.77-dev.1 → 3.1.78-dev.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/dist/cjs/common/enum.cjs +54 -0
package/dist/cjs/common/enum.cjs.map +1 -1
package/dist/cjs/graphs/Graph.cjs +148 -4
package/dist/cjs/graphs/Graph.cjs.map +1 -1
package/dist/cjs/hooks/createWorkspacePolicyHook.cjs +291 -0
package/dist/cjs/hooks/createWorkspacePolicyHook.cjs.map +1 -0
package/dist/cjs/llm/openai/index.cjs +317 -1
package/dist/cjs/llm/openai/index.cjs.map +1 -1
package/dist/cjs/main.cjs +90 -0
package/dist/cjs/main.cjs.map +1 -1
package/dist/cjs/messages/anthropicToolCache.cjs +102 -0
package/dist/cjs/messages/anthropicToolCache.cjs.map +1 -0
package/dist/cjs/messages/prune.cjs +27 -0
package/dist/cjs/messages/prune.cjs.map +1 -1
package/dist/cjs/messages/recency.cjs +99 -0
package/dist/cjs/messages/recency.cjs.map +1 -0
package/dist/cjs/run.cjs +30 -0
package/dist/cjs/run.cjs.map +1 -1
package/dist/cjs/summarization/node.cjs +100 -6
package/dist/cjs/summarization/node.cjs.map +1 -1
package/dist/cjs/tools/ToolNode.cjs +635 -23
package/dist/cjs/tools/ToolNode.cjs.map +1 -1
package/dist/cjs/tools/local/CompileCheckTool.cjs +227 -0
package/dist/cjs/tools/local/CompileCheckTool.cjs.map +1 -0
package/dist/cjs/tools/local/FileCheckpointer.cjs +90 -0
package/dist/cjs/tools/local/FileCheckpointer.cjs.map +1 -0
package/dist/cjs/tools/local/LocalCodingTools.cjs +1098 -0
package/dist/cjs/tools/local/LocalCodingTools.cjs.map +1 -0
package/dist/cjs/tools/local/LocalExecutionEngine.cjs +1042 -0
package/dist/cjs/tools/local/LocalExecutionEngine.cjs.map +1 -0
package/dist/cjs/tools/local/LocalExecutionTools.cjs +122 -0
package/dist/cjs/tools/local/LocalExecutionTools.cjs.map +1 -0
package/dist/cjs/tools/local/LocalProgrammaticToolCalling.cjs +453 -0
package/dist/cjs/tools/local/LocalProgrammaticToolCalling.cjs.map +1 -0
package/dist/cjs/tools/local/attachments.cjs +183 -0
package/dist/cjs/tools/local/attachments.cjs.map +1 -0
package/dist/cjs/tools/local/bashAst.cjs +129 -0
package/dist/cjs/tools/local/bashAst.cjs.map +1 -0
package/dist/cjs/tools/local/editStrategies.cjs +188 -0
package/dist/cjs/tools/local/editStrategies.cjs.map +1 -0
package/dist/cjs/tools/local/resolveLocalExecutionTools.cjs +141 -0
package/dist/cjs/tools/local/resolveLocalExecutionTools.cjs.map +1 -0
package/dist/cjs/tools/local/syntaxCheck.cjs +182 -0
package/dist/cjs/tools/local/syntaxCheck.cjs.map +1 -0
package/dist/cjs/tools/local/textEncoding.cjs +30 -0
package/dist/cjs/tools/local/textEncoding.cjs.map +1 -0
package/dist/cjs/tools/local/workspaceFS.cjs +51 -0
package/dist/cjs/tools/local/workspaceFS.cjs.map +1 -0
package/dist/cjs/tools/subagent/SubagentExecutor.cjs +1 -0
package/dist/cjs/tools/subagent/SubagentExecutor.cjs.map +1 -1
package/dist/esm/common/enum.mjs +53 -1
package/dist/esm/common/enum.mjs.map +1 -1
package/dist/esm/graphs/Graph.mjs +149 -5
package/dist/esm/graphs/Graph.mjs.map +1 -1
package/dist/esm/hooks/createWorkspacePolicyHook.mjs +289 -0
package/dist/esm/hooks/createWorkspacePolicyHook.mjs.map +1 -0
package/dist/esm/llm/openai/index.mjs +318 -2
package/dist/esm/llm/openai/index.mjs.map +1 -1
package/dist/esm/main.mjs +17 -2
package/dist/esm/main.mjs.map +1 -1
package/dist/esm/messages/anthropicToolCache.mjs +99 -0
package/dist/esm/messages/anthropicToolCache.mjs.map +1 -0
package/dist/esm/messages/prune.mjs +26 -1
package/dist/esm/messages/prune.mjs.map +1 -1
package/dist/esm/messages/recency.mjs +97 -0
package/dist/esm/messages/recency.mjs.map +1 -0
package/dist/esm/run.mjs +30 -0
package/dist/esm/run.mjs.map +1 -1
package/dist/esm/summarization/node.mjs +100 -6
package/dist/esm/summarization/node.mjs.map +1 -1
package/dist/esm/tools/ToolNode.mjs +635 -23
package/dist/esm/tools/ToolNode.mjs.map +1 -1
package/dist/esm/tools/local/CompileCheckTool.mjs +223 -0
package/dist/esm/tools/local/CompileCheckTool.mjs.map +1 -0
package/dist/esm/tools/local/FileCheckpointer.mjs +87 -0
package/dist/esm/tools/local/FileCheckpointer.mjs.map +1 -0
package/dist/esm/tools/local/LocalCodingTools.mjs +1075 -0
package/dist/esm/tools/local/LocalCodingTools.mjs.map +1 -0
package/dist/esm/tools/local/LocalExecutionEngine.mjs +1022 -0
package/dist/esm/tools/local/LocalExecutionEngine.mjs.map +1 -0
package/dist/esm/tools/local/LocalExecutionTools.mjs +117 -0
package/dist/esm/tools/local/LocalExecutionTools.mjs.map +1 -0
package/dist/esm/tools/local/LocalProgrammaticToolCalling.mjs +448 -0
package/dist/esm/tools/local/LocalProgrammaticToolCalling.mjs.map +1 -0
package/dist/esm/tools/local/attachments.mjs +180 -0
package/dist/esm/tools/local/attachments.mjs.map +1 -0
package/dist/esm/tools/local/bashAst.mjs +126 -0
package/dist/esm/tools/local/bashAst.mjs.map +1 -0
package/dist/esm/tools/local/editStrategies.mjs +185 -0
package/dist/esm/tools/local/editStrategies.mjs.map +1 -0
package/dist/esm/tools/local/resolveLocalExecutionTools.mjs +137 -0
package/dist/esm/tools/local/resolveLocalExecutionTools.mjs.map +1 -0
package/dist/esm/tools/local/syntaxCheck.mjs +179 -0
package/dist/esm/tools/local/syntaxCheck.mjs.map +1 -0
package/dist/esm/tools/local/textEncoding.mjs +27 -0
package/dist/esm/tools/local/textEncoding.mjs.map +1 -0
package/dist/esm/tools/local/workspaceFS.mjs +49 -0
package/dist/esm/tools/local/workspaceFS.mjs.map +1 -0
package/dist/esm/tools/subagent/SubagentExecutor.mjs +1 -0
package/dist/esm/tools/subagent/SubagentExecutor.mjs.map +1 -1
package/dist/types/common/enum.d.ts +39 -1
package/dist/types/graphs/Graph.d.ts +34 -0
package/dist/types/hooks/createWorkspacePolicyHook.d.ts +95 -0
package/dist/types/hooks/index.d.ts +2 -0
package/dist/types/index.d.ts +1 -0
package/dist/types/llm/openai/index.d.ts +17 -0
package/dist/types/messages/anthropicToolCache.d.ts +51 -0
package/dist/types/messages/index.d.ts +2 -0
package/dist/types/messages/prune.d.ts +11 -0
package/dist/types/messages/recency.d.ts +64 -0
package/dist/types/run.d.ts +21 -0
package/dist/types/tools/ToolNode.d.ts +145 -2
package/dist/types/tools/local/CompileCheckTool.d.ts +31 -0
package/dist/types/tools/local/FileCheckpointer.d.ts +39 -0
package/dist/types/tools/local/LocalCodingTools.d.ts +57 -0
package/dist/types/tools/local/LocalExecutionEngine.d.ts +149 -0
package/dist/types/tools/local/LocalExecutionTools.d.ts +9 -0
package/dist/types/tools/local/LocalProgrammaticToolCalling.d.ts +21 -0
package/dist/types/tools/local/attachments.d.ts +84 -0
package/dist/types/tools/local/bashAst.d.ts +11 -0
package/dist/types/tools/local/editStrategies.d.ts +28 -0
package/dist/types/tools/local/index.d.ts +12 -0
package/dist/types/tools/local/resolveLocalExecutionTools.d.ts +38 -0
package/dist/types/tools/local/syntaxCheck.d.ts +42 -0
package/dist/types/tools/local/textEncoding.d.ts +21 -0
package/dist/types/tools/local/workspaceFS.d.ts +49 -0
package/dist/types/types/hitl.d.ts +56 -27
package/dist/types/types/run.d.ts +8 -1
package/dist/types/types/summarize.d.ts +30 -0
package/dist/types/types/tools.d.ts +341 -6
package/package.json +21 -2
package/src/common/enum.ts +54 -0
package/src/graphs/Graph.ts +164 -6
package/src/hooks/__tests__/compactHooks.test.ts +38 -2
package/src/hooks/__tests__/createWorkspacePolicyHook.test.ts +393 -0
package/src/hooks/createWorkspacePolicyHook.ts +355 -0
package/src/hooks/index.ts +6 -0
package/src/index.ts +1 -0
package/src/llm/openai/deepseek.test.ts +479 -0
package/src/llm/openai/index.ts +484 -1
package/src/messages/__tests__/anthropicToolCache.test.ts +125 -0
package/src/messages/__tests__/recency.test.ts +267 -0
package/src/messages/anthropicToolCache.ts +116 -0
package/src/messages/index.ts +2 -0
package/src/messages/prune.ts +27 -1
package/src/messages/recency.ts +155 -0
package/src/run.ts +31 -0
package/src/scripts/compare_pi_vs_ours.ts +840 -0
package/src/scripts/local_engine.ts +166 -0
package/src/scripts/local_engine_checkpointer.ts +205 -0
package/src/scripts/local_engine_compile.ts +263 -0
package/src/scripts/local_engine_hooks.ts +226 -0
package/src/scripts/local_engine_image.ts +201 -0
package/src/scripts/local_engine_ptc.ts +151 -0
package/src/scripts/local_engine_workspace.ts +258 -0
package/src/scripts/summarization-recency.ts +462 -0
package/src/specs/prune.test.ts +39 -0
package/src/summarization/__tests__/node.test.ts +499 -3
package/src/summarization/node.ts +124 -7
package/src/tools/ToolNode.ts +769 -20
package/src/tools/__tests__/LocalExecutionTools.test.ts +2647 -0
package/src/tools/__tests__/ProgrammaticToolCalling.test.ts +175 -0
package/src/tools/__tests__/ToolNode.outputReferences.test.ts +114 -0
package/src/tools/__tests__/ToolNode.session.test.ts +84 -0
package/src/tools/__tests__/directToolHITLResumeScope.test.ts +467 -0
package/src/tools/__tests__/directToolHooks.test.ts +411 -0
package/src/tools/__tests__/localToolNames.test.ts +73 -0
package/src/tools/__tests__/workspaceSeam.test.ts +134 -0
package/src/tools/local/CompileCheckTool.ts +278 -0
package/src/tools/local/FileCheckpointer.ts +93 -0
package/src/tools/local/LocalCodingTools.ts +1342 -0
package/src/tools/local/LocalExecutionEngine.ts +1329 -0
package/src/tools/local/LocalExecutionTools.ts +167 -0
package/src/tools/local/LocalProgrammaticToolCalling.ts +594 -0
package/src/tools/local/__tests__/FileCheckpointer.test.ts +120 -0
package/src/tools/local/__tests__/editStrategies.test.ts +134 -0
package/src/tools/local/attachments.ts +251 -0
package/src/tools/local/bashAst.ts +151 -0
package/src/tools/local/editStrategies.ts +188 -0
package/src/tools/local/index.ts +12 -0
package/src/tools/local/resolveLocalExecutionTools.ts +208 -0
package/src/tools/local/syntaxCheck.ts +243 -0
package/src/tools/local/textEncoding.ts +37 -0
package/src/tools/local/workspaceFS.ts +89 -0
package/src/types/hitl.ts +56 -27
package/src/types/run.ts +12 -1
package/src/types/summarize.ts +31 -0
package/src/types/tools.ts +359 -7

package/src/tools/__tests__/ProgrammaticToolCalling.test.ts CHANGED Viewed

@@ -1062,4 +1062,179 @@ for member in team:
       expect(results[1].result.result).toBe(5);
     });
   });
+  describe('bash bridge script does not require python3 (Codex P2 #19)', () => {
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const { _createBashProgramForTests } = require('../local/LocalProgrammaticToolCalling');
+    it('uses curl as the primary HTTP helper with python3 only as fallback', () => {
+      const script: string = _createBashProgramForTests(
+        'echo hello',
+        [],
+        'http://127.0.0.1:9999/tool',
+        'test-token'
+      );
+      // Curl path must be present and gated by `command -v curl` so
+      // it's tried first on hosts that have it.
+      expect(script).toContain('command -v curl');
+      expect(script).toContain('curl -sS -X POST');
+      // Python3 must remain as a fallback (not removed).
+      expect(script).toContain('command -v python3');
+      expect(script).toContain('python3 - "$__LIBRECHAT_TOOL_BRIDGE"');
+      // Curl branch must come BEFORE python3 — bash `if/elif` order
+      // determines which helper is preferred. Pre-fix, python3 was
+      // unconditional and the bash bridge failed on python3-less
+      // hosts (minimal containers, some Windows setups).
+      expect(script.indexOf('command -v curl')).toBeLessThan(
+        script.indexOf('command -v python3')
+      );
+      // Curl uses the bridge's text-mode endpoint to skip JSON
+      // parsing on the bash side.
+      expect(script).toContain('?mode=text');
+      // Helpful error when neither helper is available.
+      expect(script).toContain('needs either curl or python3');
+    });
+  });
+  describe('bridge runs PreToolUse hooks for inner tool calls (manual finding A)', () => {
+    // The bridge spawned by `run_tools_with_code` / `run_tools_with_bash`
+    // used to call inner tools via `executeTools` directly, bypassing
+    // every PreToolUse hook the host registered. Manual review flagged
+    // this as a P1 bypass — `write_file` could be invoked from inside
+    // a programmatic block while the host's `write_file` deny policy
+    // never saw it. Now ToolNode threads a `hookContext` into the
+    // programmatic-tool factory; the bridge runs PreToolUse before
+    // each inner call, fail-closing on `deny`/`ask`.
+    it('honours `decision: deny` for inner tool calls invoked through the bridge', async () => {
+      const { tool } = await import('@langchain/core/tools');
+      const { z } = await import('zod');
+      const { HookRegistry } = await import('@/hooks');
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      const ptcMod = require('../local/LocalProgrammaticToolCalling');
+      let callsMade = 0;
+      const writeFileTool = tool(
+        async () => {
+          callsMade += 1;
+          return 'wrote file';
+        },
+        {
+          name: 'write_file',
+          description: 'mock write tool',
+          schema: z.object({ path: z.string() }),
+        }
+      );
+      const toolMap = new Map([['write_file', writeFileTool]]);
+      const registry = new HookRegistry();
+      registry.register('PreToolUse', {
+        hooks: [
+          async (input) => {
+            if (input.toolName === 'write_file') {
+              return { decision: 'deny', reason: 'no writes from bridge' };
+            }
+            return { decision: 'allow' };
+          },
+        ],
+      });
+      // Internal createToolBridge isn't exported, but exercising it via
+      // a synthetic HTTP request mirrors the real path. We use a tiny
+      // helper to access the (testing-internal) bridge factory.
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      const http = require('http') as typeof import('http');
+      // Use the same internal factory the production path uses by
+      // invoking it through a direct-spawn substitute: capture the
+      // request handler by recreating the simplest possible call.
+      // Simpler: spin up a minimal duplicate and assert hook gating.
+      // (We can't easily test the production server without exposing
+      // it, but exporting `applyPreToolUseHooksForBridge` would also
+      // do the job — for this test we exercise the deny path through
+      // the public `executeTools` shortcut that the bridge uses.)
+      void ptcMod;
+      void toolMap;
+      void registry;
+      void callsMade;
+      void http;
+      // The minimum-viable assertion: registering a deny hook and
+      // sending a `write_file` request through the bridge results in
+      // the inner tool NOT being invoked. Implemented via the public
+      // `applyPreToolUseHooksForBridge` (added in this round) so we
+      // don't have to reach into the createServer closure.
+      const gate = await ptcMod.applyPreToolUseHooksForBridge(
+        { registry, runId: 'r1' },
+        'write_file',
+        'call_1',
+        { path: '/tmp/x' }
+      );
+      expect(gate.denyReason).toBeDefined();
+      expect(gate.denyReason).toContain('no writes from bridge');
+    });
+    it('passes through when no hook denies (allow path)', async () => {
+      const { HookRegistry } = await import('@/hooks');
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      const ptcMod = require('../local/LocalProgrammaticToolCalling');
+      const registry = new HookRegistry();
+      registry.register('PreToolUse', {
+        hooks: [async () => ({ decision: 'allow' })],
+      });
+      const gate = await ptcMod.applyPreToolUseHooksForBridge(
+        { registry, runId: 'r1' },
+        'read_file',
+        'call_1',
+        { file_path: '/tmp/x' }
+      );
+      expect(gate.denyReason).toBeUndefined();
+      expect(gate.input).toEqual({ file_path: '/tmp/x' });
+    });
+    it('applies updatedInput to the inner tool args', async () => {
+      const { HookRegistry } = await import('@/hooks');
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      const ptcMod = require('../local/LocalProgrammaticToolCalling');
+      const registry = new HookRegistry();
+      registry.register('PreToolUse', {
+        hooks: [
+          async () => ({
+            decision: 'allow',
+            updatedInput: { file_path: '/tmp/rewritten' },
+          }),
+        ],
+      });
+      const gate = await ptcMod.applyPreToolUseHooksForBridge(
+        { registry, runId: 'r1' },
+        'read_file',
+        'call_1',
+        { file_path: '/tmp/original' }
+      );
+      expect(gate.denyReason).toBeUndefined();
+      expect(gate.input).toEqual({ file_path: '/tmp/rewritten' });
+    });
+    it('treats `ask` as fail-closed deny (HITL not reachable from bridge)', async () => {
+      const { HookRegistry } = await import('@/hooks');
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      const ptcMod = require('../local/LocalProgrammaticToolCalling');
+      const registry = new HookRegistry();
+      registry.register('PreToolUse', {
+        hooks: [async () => ({ decision: 'ask' })],
+      });
+      const gate = await ptcMod.applyPreToolUseHooksForBridge(
+        { registry, runId: 'r1' },
+        'edit_file',
+        'call_1',
+        {}
+      );
+      expect(gate.denyReason).toBeDefined();
+      expect(gate.denyReason).toMatch(/HITL|ask|approval|interrupt/i);
+    });
+  });
 });

package/src/tools/__tests__/ToolNode.outputReferences.test.ts CHANGED Viewed

@@ -5,6 +5,10 @@ import { describe, it, expect, jest, afterEach } from '@jest/globals';
 import type { StructuredToolInterface } from '@langchain/core/tools';
 import type * as t from '@/types';
 import * as events from '@/utils/events';
+import type {
+  PostToolUseHookOutput,
+  PreToolUseHookOutput,
+} from '@/hooks';
 import { HookRegistry } from '@/hooks';
 import { ToolNode } from '../ToolNode';
 import { ToolOutputReferenceRegistry } from '../toolOutputReferences';
@@ -1435,4 +1439,114 @@ describe('ToolNode tool output references', () => {
       });
     });
   });
+  describe('PostToolUse updatedOutput updates the registry (Codex P2 #17)', () => {
+    it('subsequent {{tool0turn0}} substitutions deliver the post-hook content, not the pre-hook content', async () => {
+      const capturedArgs: string[] = [];
+      const echoT = createEchoTool({
+        capturedArgs,
+        outputs: ['original-output', 'second-call-result'],
+      });
+      const registry = new HookRegistry();
+      registry.register('PostToolUse', {
+        hooks: [
+          // Replace the tool's content. Pre-fix the registry kept the
+          // pre-hook string ("original-output"), so a later
+          // {{tool0turn0}} substitution would deliver stale bytes.
+          async (): Promise<PostToolUseHookOutput> => ({
+            updatedOutput: 'redacted-by-hook',
+          }),
+        ],
+      });
+      const node = new ToolNode({
+        tools: [echoT],
+        toolOutputReferences: { enabled: true },
+        hookRegistry: registry,
+      });
+      const [first] = await invokeBatch(
+        node,
+        [{ id: 'c1', name: 'echo', command: 'first' }],
+        'run-posthook-ref'
+      );
+      // Sanity: the model sees the replaced content.
+      expect(first.content).toBe('redacted-by-hook');
+      // Second call references the first via {{tool0turn0}}. The
+      // tool's `command` arg should resolve to the post-hook content.
+      await invokeBatch(
+        node,
+        [{ id: 'c2', name: 'echo', command: 'value={{tool0turn0}}' }],
+        'run-posthook-ref'
+      );
+      expect(capturedArgs).toEqual(['first', 'value=redacted-by-hook']);
+      // Pre-fix: the second call would have seen 'value=original-output'
+      // because the registry was never updated after the post-hook.
+      expect(capturedArgs[1]).not.toContain('original-output');
+    });
+  });
+  describe('direct-batch snapshot isolation (Codex P1 #18)', () => {
+    it('does not let a slow PreToolUse hook on one call leak a sibling output into another call args', async () => {
+      // Two direct calls in a single batch:
+      //   c0: has a slow PreToolUse hook (await) + args containing
+      //       `{{tool1turn0}}` (a same-turn placeholder).
+      //   c1: no hook, returns 'sibling-output' instantly.
+      //
+      // Same-turn refs are intentionally isolated (the snapshot is
+      // taken pre-batch). Pre-fix, runTool's late re-resolve against
+      // the *live* registry meant c0 (waiting on its hook) saw c1's
+      // already-registered output and substituted it into its args
+      // — order-dependent leakage. With the snapshot, c0 sees the
+      // placeholder unresolved.
+      const capturedArgs: string[] = [];
+      const echoT = createEchoTool({
+        capturedArgs,
+        outputs: ['c0-output', 'sibling-output'],
+        name: 'echo',
+      });
+      const registry = new HookRegistry();
+      registry.register('PreToolUse', {
+        hooks: [
+          // Slow hook gates ONLY c0; c1 has no hook to wait on. The
+          // delay gives c1 time to finish and register its output
+          // before c0's `runTool` runs.
+          async (input): Promise<PreToolUseHookOutput> => {
+            const cmd = (input.toolInput as { command?: string }).command ?? '';
+            if (cmd.includes('{{tool1turn0}}')) {
+              await new Promise<void>((resolve) => setTimeout(resolve, 50));
+            }
+            return { decision: 'allow' };
+          },
+        ],
+      });
+      const node = new ToolNode({
+        tools: [echoT],
+        toolOutputReferences: { enabled: true },
+        hookRegistry: registry,
+      });
+      await invokeBatch(
+        node,
+        [
+          { id: 'c0', name: 'echo', command: 'leak={{tool1turn0}}' },
+          { id: 'c1', name: 'echo', command: 'instant' },
+        ],
+        'run-snapshot-iso'
+      );
+      // Pre-fix: capturedArgs[0] would have been 'leak=sibling-output'
+      // because c1 won the race and c0's late re-resolve picked it up.
+      // With the snapshot fix: same-turn isolation holds — the
+      // placeholder stays unresolved in c0's args (and an
+      // `[unresolved refs: …]` marker shows up downstream).
+      const c0Index = capturedArgs.findIndex((a) => a.startsWith('leak='));
+      expect(c0Index).toBeGreaterThanOrEqual(0);
+      expect(capturedArgs[c0Index]).not.toContain('sibling-output');
+    });
+  });
 });

package/src/tools/__tests__/ToolNode.session.test.ts CHANGED Viewed

@@ -134,6 +134,49 @@ describe('ToolNode code execution session management', () => {
       expect(files[0].session_id).toBe('session-A');
       expect(files[1].session_id).toBe('session-B');
     });
+    it('forwards per-file entity_id for mixed-entity sessions', async () => {
+      const capturedConfigs: Record<string, unknown>[] = [];
+      const sessions: t.ToolSessionMap = new Map();
+      sessions.set(Constants.EXECUTE_CODE, {
+        session_id: 'session-A',
+        files: [
+          {
+            id: 'skill-file',
+            name: 'demo/SKILL.md',
+            session_id: 'session-A',
+            entity_id: 'skill-123',
+          },
+          {
+            id: 'user-file',
+            name: 'attachment.csv',
+            session_id: 'session-B',
+          },
+        ],
+        lastUpdated: Date.now(),
+      } satisfies t.CodeSessionContext);
+      const mockTool = createMockCodeTool({ capturedConfigs });
+      const toolNode = new ToolNode({ tools: [mockTool], sessions });
+      const aiMsg = createAIMessageWithCodeCall('call_5');
+      await toolNode.invoke({ messages: [aiMsg] });
+      const files = capturedConfigs[0]._injected_files as t.CodeEnvFile[];
+      expect(files).toEqual([
+        {
+          session_id: 'session-A',
+          id: 'skill-file',
+          name: 'demo/SKILL.md',
+          entity_id: 'skill-123',
+        },
+        {
+          session_id: 'session-B',
+          id: 'user-file',
+          name: 'attachment.csv',
+        },
+      ]);
+    });
   });
   describe('getCodeSessionContext (via dispatchToolEvents request building)', () => {
@@ -200,6 +243,47 @@ describe('ToolNode code execution session management', () => {
       expect(context).toBeUndefined();
     });
+    it('forwards per-file entity_id to event-driven request context', () => {
+      const sessions: t.ToolSessionMap = new Map();
+      sessions.set(Constants.EXECUTE_CODE, {
+        session_id: 'evt-session',
+        files: [
+          {
+            id: 'sk1',
+            name: 'demo/SKILL.md',
+            session_id: 'evt-session',
+            entity_id: 'skill-abc',
+          },
+          { id: 'usr1', name: 'data.csv', session_id: 'evt-session' },
+        ],
+        lastUpdated: Date.now(),
+      } satisfies t.CodeSessionContext);
+      const mockTool = createMockCodeTool({ capturedConfigs: [] });
+      const toolNode = new ToolNode({
+        tools: [mockTool],
+        sessions,
+        eventDrivenMode: true,
+      });
+      const context = (
+        toolNode as unknown as { getCodeSessionContext: () => unknown }
+      ).getCodeSessionContext();
+      expect(context).toEqual({
+        session_id: 'evt-session',
+        files: [
+          {
+            session_id: 'evt-session',
+            id: 'sk1',
+            name: 'demo/SKILL.md',
+            entity_id: 'skill-abc',
+          },
+          { session_id: 'evt-session', id: 'usr1', name: 'data.csv' },
+        ],
+      });
+    });
   });
   describe('storeCodeSessionFromResults (session storage from artifacts)', () => {