sycommon-python-lib 0.2.5a34__py3-none-any.whl → 0.2.5a35__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -201,34 +201,27 @@ def _patch_agent_streaming(agent):
201
201
  model_, effective_response_format = _get_bound_model(request)
202
202
  messages = request.messages
203
203
 
204
- # 🔑 根治摘要泄漏:将 lc_source="summarization" 的 HumanMessage 转为 SystemMessage
205
- # 根因:SummarizationMiddleware 将摘要注入为 HumanMessage,模型有时会将摘要
206
- # 当作用户输入来回复(复述摘要内容),导致 "SESSION INTENT" 等泄漏到前端。
207
- # 修复:在模型调用前,把摘要 HumanMessage 转换为 SystemMessage,
208
- # 这样模型会将其视为系统上下文而非需要回复的用户消息。
209
- _summary_parts = []
204
+ # 🔑 根治摘要泄漏:将 lc_source="summarization" 的 HumanMessage 从模型输入中移除
205
+ # 根因分析(2026-06-06 端到端测试确认):
206
+ # 1. SummarizationMiddleware 将摘要(可达 40K+ 字符)注入为 HumanMessage
207
+ # 2. 即使转为 SystemMessage + <system_directive> 指令,模型仍会将其作为
208
+ # AIMessageChunk 直接回显(Round 20 泄漏了 40K 字符摘要原文)
209
+ # 3. LangGraph StreamMessagesHandler._find_and_emit_messages 会递归遍历
210
+ # Command.update 中的 _summarization_event,将 summary_message HumanMessage
211
+ # 发射到 stream_mode="messages" 流中(deep_agent.py:624 的 lc_source 过滤
212
+ # 能捕获 HumanMessage,但模型自己输出的 AIMessageChunk 无法过滤)
213
+ # 修复策略:从模型输入中完全移除摘要 HumanMessage,不注入任何形式的摘要内容
214
+ # 摘要仍保留在 LangGraph _summarization_event 状态中,供后续压缩轮次使用
210
215
  _filtered_messages = []
211
216
  for _msg in messages:
212
217
  if (isinstance(_msg, HumanMessage)
213
218
  and getattr(_msg, "additional_kwargs", {}).get("lc_source") == "summarization"):
214
- _summary_parts.append(_msg.content)
215
- SYLogger.debug("[DeepAgent] 摘要 HumanMessage → SystemMessage 转换")
219
+ SYLogger.debug("[DeepAgent] 摘要 HumanMessage 已从模型输入中移除(防止回显泄漏)")
216
220
  else:
217
221
  _filtered_messages.append(_msg)
218
222
  messages = _filtered_messages
219
223
 
220
- if _summary_parts:
221
- from langchain_core.messages import SystemMessage as _SysMsg
222
- _summary_system = _SysMsg(
223
- content="[系统注入的对话上下文摘要,仅供你理解历史,不要复述或提及给用户]\n\n"
224
- + "\n\n".join(_summary_parts)
225
- )
226
- if request.system_message:
227
- messages = [_summary_system, request.system_message, *messages]
228
- else:
229
- messages = [_summary_system, *messages]
230
- SYLogger.debug(f"[DeepAgent] 已将 {len(_summary_parts)} 条摘要转为 SystemMessage")
231
- elif request.system_message:
224
+ if request.system_message:
232
225
  messages = [request.system_message, *messages]
233
226
 
234
227
  # 动态调整 max_tokens,防止 input + max_output 超过上下文窗口
@@ -27,6 +27,27 @@ def sanitize_name(name: str) -> str:
27
27
  return sanitized
28
28
 
29
29
 
30
+ def _contains_auth_error(err_msg: str) -> bool:
31
+ """检查错误信息中是否包含认证相关关键词"""
32
+ auth_keywords = [
33
+ "401", "unauthorized", "token expired", "authentication failed",
34
+ "440", "login timeout", "403", "forbidden",
35
+ "认证失败", "登录过期", "token无效", "token过期",
36
+ "syt_token", "SYT_TOKEN",
37
+ ]
38
+ msg_lower = err_msg.lower()
39
+ return any(kw.lower() in msg_lower for kw in auth_keywords)
40
+
41
+
42
+ def _auth_error_hint() -> str:
43
+ """返回认证错误时的 authorize 工具调用提示"""
44
+ return (
45
+ "\n\n⚠️ **检测到认证错误**:这可能是 SYT_TOKEN 过期或未设置导致的。"
46
+ "请立即调用 `authorize` 工具(传入失败原因和待重试的命令),"
47
+ "让用户重新授权后再自动重试。不要只是告知用户有问题。"
48
+ )
49
+
50
+
30
51
  def wrap_tool_with_error_handler(
31
52
  tool: BaseTool,
32
53
  server_config_id: str,
@@ -97,6 +118,10 @@ def wrap_tool_with_error_handler(
97
118
  f"可能原因: MCP 服务器未启动、网络不可达或连接超时。\n"
98
119
  f"请尝试不使用该工具继续完成任务,或联系管理员检查 MCP 服务 '{server_name}'。"
99
120
  )
121
+
122
+ # 检测认证错误,追加 authorize 工具提示
123
+ if _contains_auth_error(err_msg):
124
+ friendly_msg += _auth_error_hint()
100
125
  if is_content_and_artifact:
101
126
  return friendly_msg, None
102
127
  return [friendly_msg]
@@ -408,6 +408,10 @@ class MultiAgentTeam:
408
408
  parent_agent_map.pop(tool_call_id, None)
409
409
 
410
410
  elif msg_type == "HumanMessage":
411
+ # 🔑 跳过上下文压缩产生的摘要消息,不发送给前端
412
+ if getattr(msg, "additional_kwargs", {}).get("lc_source") == "summarization":
413
+ SYLogger.debug("[MultiAgentTeam] 跳过摘要消息 (lc_source=summarization)")
414
+ continue
411
415
  if ai_chunk_buffer:
412
416
  SYLogger.debug(f"[ai_message] {repr(ai_chunk_buffer[:100])}...")
413
417
  ai_chunk_buffer = ""
@@ -421,13 +421,13 @@ class FileOperationsMixin:
421
421
 
422
422
  # ============== 搜索 ==============
423
423
 
424
- def glob(self: "HTTPSandboxBackend", pattern: str, path: str = "/") -> GlobResult:
424
+ def glob(self: "HTTPSandboxBackend", pattern: str, path: str | None = None) -> GlobResult:
425
425
  """glob 搜索文件"""
426
426
  try:
427
427
  self._ensure_synced_sync()
428
428
  result = self._post_sync(f"{SANDBOX_API_PREFIX}/glob", {
429
429
  "pattern": pattern,
430
- "path": path,
430
+ "path": path or "/",
431
431
  "user_id": self.user_id
432
432
  })
433
433
  matches = [FileInfo(**item) for item in result]
@@ -436,13 +436,13 @@ class FileOperationsMixin:
436
436
  SYLogger.error(f"[Sandbox] glob 搜索失败: {e}")
437
437
  return GlobResult(error=str(e))
438
438
 
439
- async def aglob(self: "HTTPSandboxBackend", pattern: str, path: str = "/", *, timeout: int = None) -> GlobResult:
439
+ async def aglob(self: "HTTPSandboxBackend", pattern: str, path: str | None = None, *, timeout: int = None) -> GlobResult:
440
440
  """异步 glob 搜索文件"""
441
441
  try:
442
442
  await self._ensure_synced_async()
443
443
  result = await self._post_async_with_failover(f"{SANDBOX_API_PREFIX}/glob", {
444
444
  "pattern": pattern,
445
- "path": path,
445
+ "path": path or "/",
446
446
  "user_id": self.user_id
447
447
  }, timeout=timeout)
448
448
  matches = [FileInfo(**item) for item in result]
@@ -26,7 +26,7 @@ if TYPE_CHECKING:
26
26
  logger = logging.getLogger(__name__)
27
27
 
28
28
  # 中文摘要提示词,替代 langchain DEFAULT_SUMMARY_PROMPT
29
- # 使用自然段落格式,避免 SESSION INTENT / ARTIFACTS / NEXT STEPS 等英文标题泄漏到用户输出
29
+ # 使用纯自然段落格式(无标题/小标题/列表标记),避免结构化标题被模型回显到用户输出
30
30
  CUSTOM_SUMMARY_PROMPT = """<role>
31
31
  上下文提取助手
32
32
  </role>
@@ -44,19 +44,15 @@ CUSTOM_SUMMARY_PROMPT = """<role>
44
44
  下面的对话历史将被你在此步骤中提取的上下文替换。
45
45
  你需要确保不会重复任何已完成的操作,因此你从对话历史中提取的上下文应集中于对整体目标最重要的信息。
46
46
 
47
- 请用以下结构提取上下文,每个部分用中文自然段落描述:
47
+ 请用纯自然段落格式提取上下文。不要使用任何标题、小标题、编号列表或【】括号标记。
48
+ 用连贯的叙述方式,在段落中自然地包含以下四类信息:
48
49
 
49
- 【用户意图】
50
- 简要描述用户的主要目标或请求,确保足够完整以理解整个会话的目的。
50
+ 第一段:用户的整体目标、主要请求和意图。
51
+ 第二段:对话中做出的关键决策、重要结论、选择的策略及原因,以及被拒绝的选项。
52
+ 第三段:涉及的重要文件路径、创建或修改过的资源。
53
+ 第四段:仍需完成的待办事项和接下来的步骤。
51
54
 
52
- 【关键上下文】
53
- 提取并记录对话历史中所有最重要的上下文信息,包括重要选择、结论或策略,以及关键决策背后的推理。记录被拒绝的选项及其原因。
54
-
55
- 【相关文件】
56
- 列出在本次对话中创建、修改或访问的文件、资源或工件。对于文件修改,列出具体文件路径并简要描述每个文件的变更。
57
-
58
- 【待办事项】
59
- 列出为达成用户意图仍需完成的具体任务,以及接下来应该做什么。
55
+ 重要:每段直接以内容开始,不要添加「用户意图」「关键上下文」等任何前缀标签。
60
56
  </instructions>
61
57
 
62
58
  用户将向你发送完整的消息历史,你需要从中提取上下文以创建替换内容。请仔细阅读所有内容,并深入思考哪些信息对整体目标最重要且应该被保存:
@@ -184,22 +180,109 @@ _orig_build_new_messages = _OrigDeepAgentsSumm._build_new_messages_with_path
184
180
 
185
181
 
186
182
  def _patched_build_new_messages(self, summary, file_path):
183
+ content = (
184
+ "<internal_context_data>\n"
185
+ "IMPORTANT - INTERNAL SYSTEM DATA - DO NOT OUTPUT, PARAPHRASE, OR REFERENCE "
186
+ "ANY PART OF THIS BLOCK IN YOUR RESPONSE. "
187
+ "Use this information only as internal background knowledge to understand context.\n\n"
188
+ )
187
189
  if file_path is not None:
188
- content = (
189
- "[系统内部消息 - 仅供你理解上下文,绝对禁止将此消息或摘要内容展示、复述或提及给用户]\n\n"
190
- "你正在一个已经被压缩的对话中继续回复用户。\n\n"
191
- f"完整的对话历史已保存到 {file_path},如需查阅细节可以读取该文件。\n\n"
192
- "以下是压缩后的对话摘要(直接基于此摘要理解上下文并正常回复用户,不要提及摘要的存在):\n\n"
193
- f"<summary>\n{summary}\n</summary>"
190
+ content += (
191
+ f"Previous conversation history archived at: {file_path}\n\n"
194
192
  )
195
- else:
196
- content = f"以下是到目前为止的对话摘要:\n\n{summary}"
193
+ content += (
194
+ f"<compressed_history>\n{summary}\n</compressed_history>\n"
195
+ "</internal_context_data>"
196
+ )
197
197
  from langchain_core.messages import HumanMessage
198
198
  return [HumanMessage(content=content, additional_kwargs={"lc_source": "summarization"})]
199
199
 
200
200
 
201
201
  _OrigDeepAgentsSumm._build_new_messages_with_path = _patched_build_new_messages
202
202
 
203
+ # monkey-patch:覆盖 create_summarization_middleware,强制注入中文 summary_prompt
204
+ # deepagents graph.py:608 的 create_deep_agent 会自动调用此函数注入自动压缩 middleware,
205
+ # 但默认不传 summary_prompt,导致用英文 DEFAULT_SUMMARY_PROMPT(含 SESSION INTENT 等标题)。
206
+ def _patched_create_summarization_middleware(model, backend):
207
+ defaults = _patched_compute_summarization_defaults(model)
208
+ return _summ_mod.SummarizationMiddleware(
209
+ model=model,
210
+ backend=backend,
211
+ trigger=defaults["trigger"],
212
+ keep=defaults["keep"],
213
+ trim_tokens_to_summarize=None,
214
+ truncate_args_settings=defaults["truncate_args_settings"],
215
+ summary_prompt=CUSTOM_SUMMARY_PROMPT,
216
+ )
217
+
218
+
219
+ _summ_mod.create_summarization_middleware = _patched_create_summarization_middleware
220
+ # graph.py 在模块加载时 from import 了旧引用,需要同步 patch
221
+ try:
222
+ import deepagents.graph as _graph_mod
223
+ _graph_mod.create_summarization_middleware = _patched_create_summarization_middleware
224
+ except ImportError:
225
+ pass
226
+
227
+ # ==================== 防御性补丁 ====================
228
+ # 以下补丁确保即使某些代码路径绕过了 _patched_create_summarization_middleware,
229
+ # DEFAULT_SUMMARY_PROMPT 的英文标题(SESSION INTENT/SUMMARY/ARTIFACTS/NEXT STEPS)
230
+ # 也不会出现在模型生成的摘要中。
231
+
232
+ # 防御 1: 替换模块级 DEFAULT_SUMMARY_PROMPT 常量
233
+ # 虽然不能改变 __init__ 的默认参数(Python 在定义时求值),
234
+ # 但可以防止任何运行时读取 DEFAULT_SUMMARY_PROMPT 的代码拿到英文版。
235
+ _summ_mod.DEFAULT_SUMMARY_PROMPT = CUSTOM_SUMMARY_PROMPT
236
+ try:
237
+ import langchain.agents.middleware.summarization as _lc_summ_mod
238
+ _lc_summ_mod.DEFAULT_SUMMARY_PROMPT = CUSTOM_SUMMARY_PROMPT
239
+ except ImportError:
240
+ pass
241
+
242
+ # 防御 2: 包装 __init__,强制 summary_prompt 默认值为 CUSTOM_SUMMARY_PROMPT
243
+ # 即使调用方不传 summary_prompt,也会使用中文版。
244
+ _orig_da_init = _OrigDeepAgentsSumm.__init__
245
+
246
+
247
+ def _patched_da_init(self, model, *, backend, trigger=None,
248
+ keep=("messages", 20),
249
+ token_counter=count_tokens_approximately,
250
+ summary_prompt=CUSTOM_SUMMARY_PROMPT, # ← 关键:改为中文默认值
251
+ trim_tokens_to_summarize=4000,
252
+ truncate_args_settings=None, **kwargs):
253
+ _orig_da_init(self, model, backend=backend, trigger=trigger, keep=keep,
254
+ token_counter=token_counter, summary_prompt=summary_prompt,
255
+ trim_tokens_to_summarize=trim_tokens_to_summarize,
256
+ truncate_args_settings=truncate_args_settings, **kwargs)
257
+
258
+
259
+ _OrigDeepAgentsSumm.__init__ = _patched_da_init
260
+
261
+ # 防御 3: patch create_summarization_tool_middleware(deepagents 同模块本地调用绕过)
262
+ # deepagents summarization.py 中 create_summarization_tool_middleware 内部调用
263
+ # create_summarization_middleware 用的是同模块本地名称绑定,
264
+ # 不会走 _summ_mod.create_summarization_middleware 的模块属性替换。
265
+ if hasattr(_summ_mod, 'create_summarization_tool_middleware'):
266
+ _orig_create_tool_mw = _summ_mod.create_summarization_tool_middleware
267
+
268
+ def _patched_create_summarization_tool_middleware(model, backend, *, system_prompt=None):
269
+ """强制使用 CUSTOM_SUMMARY_PROMPT 创建 SummarizationToolMiddleware。"""
270
+ defaults = _patched_compute_summarization_defaults(model)
271
+ summ = _summ_mod.SummarizationMiddleware(
272
+ model=model,
273
+ backend=backend,
274
+ trigger=defaults["trigger"],
275
+ keep=defaults["keep"],
276
+ summary_prompt=CUSTOM_SUMMARY_PROMPT,
277
+ trim_tokens_to_summarize=None,
278
+ truncate_args_settings=defaults["truncate_args_settings"],
279
+ )
280
+ return _summ_mod.SummarizationToolMiddleware(summ, system_prompt=system_prompt)
281
+
282
+ _summ_mod.create_summarization_tool_middleware = _patched_create_summarization_tool_middleware
283
+
284
+ logger.info("[SummarizationUtils] 防御性补丁已应用: DEFAULT_SUMMARY_PROMPT 替换 + __init__ 默认值覆盖 + create_summarization_tool_middleware 覆盖")
285
+
203
286
 
204
287
  def build_summarization_middleware(
205
288
  model: BaseChatModel,
@@ -40,6 +40,21 @@ DEFAULT_PASSTHROUGH_TOOLS: FrozenSet[str] = frozenset({
40
40
  "web_search", # web_search 已在工具内部自行截断
41
41
  })
42
42
 
43
+ # 认证错误关键词(用于检测工具结果中的 SYT_TOKEN 相关错误)
44
+ _AUTH_ERROR_KEYWORDS = [
45
+ "401", "unauthorized", "token expired", "authentication failed",
46
+ "440", "login timeout", "403", "forbidden",
47
+ "认证失败", "登录过期", "token无效", "token过期",
48
+ "syt_token", "SYT_TOKEN",
49
+ ]
50
+
51
+ # 认证错误追加提示
52
+ _AUTH_ERROR_HINT = (
53
+ "\n\n⚠️ **检测到认证错误**:这可能是 SYT_TOKEN 过期或未设置导致的。"
54
+ "请立即调用 `authorize` 工具(传入失败原因和待重试的命令),"
55
+ "让用户重新授权后再自动重试。不要只是告知用户有问题。"
56
+ )
57
+
43
58
  # head+tail 预览截断模板(对齐 deepagents 0.6.3 TOO_LARGE_TOOL_MSG 风格)
44
59
  HEAD_TAIL_TRUNCATION_TEMPLATE = (
45
60
  "[输出已截断,原始长度 {original} 字符 / {original_lines} 行。]"
@@ -216,6 +231,28 @@ class ToolResultTruncationMiddleware(AgentMiddleware):
216
231
  )
217
232
  return truncated
218
233
 
234
+ def _inject_auth_hint(self, content: str, tool_name: str) -> str:
235
+ """检测工具结果中的认证错误,追加 authorize 工具调用提示。
236
+
237
+ 仅对 execute 工具和 MCP 工具生效(这些是可能触发认证问题的工具),
238
+ 跳过 authorize 工具本身避免循环。
239
+ """
240
+ if tool_name == "authorize":
241
+ return content
242
+ # 仅对可能触发认证错误的工具检测(execute、mcp__、read_file 等)
243
+ is_relevant_tool = (
244
+ tool_name == "execute"
245
+ or tool_name.startswith("mcp__")
246
+ or tool_name in ("read_file", "write_file", "edit_file")
247
+ )
248
+ if not is_relevant_tool:
249
+ return content
250
+
251
+ content_lower = content.lower()
252
+ if any(kw.lower() in content_lower for kw in _AUTH_ERROR_KEYWORDS):
253
+ return content + _AUTH_ERROR_HINT
254
+ return content
255
+
219
256
  def _process_result(
220
257
  self,
221
258
  result: Any,
@@ -254,6 +291,9 @@ class ToolResultTruncationMiddleware(AgentMiddleware):
254
291
  if not isinstance(content, str):
255
292
  return result
256
293
 
294
+ # 注入认证错误提示(在截断之前检测,避免被截断丢失)
295
+ content = self._inject_auth_hint(content, tool_name)
296
+
257
297
  new_content = self._truncate(content, tool_name)
258
298
  if new_content is content:
259
299
  return result
@@ -0,0 +1,872 @@
1
+ """摘要泄漏 E2E 真实测试 — 必须触发压缩才能验证修复。
2
+
3
+ 核心策略:用极小 maxTokens (3000) 确保压缩触发,然后:
4
+ 1. 直接对比:绕过 agent graph,构造压缩后的消息发给真实模型
5
+ 2. 完整 E2E:通过 DeepAgent 多轮对话,触发压缩后收集回复
6
+ 3. 转换验证:hook 模型层确认 HumanMessage→SystemMessage 生效
7
+
8
+ 运行方式:
9
+ cd sycommon-python-lib
10
+ python src/sycommon/tests/test_summary_leak_e2e.py
11
+ """
12
+ import asyncio
13
+ import functools
14
+ import os
15
+ import sys
16
+ import tempfile
17
+ import time
18
+
19
+ sys.path.insert(0, os.path.join(os.path.dirname(__file__), ".."))
20
+
21
+ from unittest.mock import AsyncMock, MagicMock, patch
22
+ from pathlib import Path
23
+
24
+ # ---------- 配置 ----------
25
+ MODEL = "glm-5.1"
26
+ BASE_URL = "http://10.10.6.132:3000/v1"
27
+ API_KEY = "sk-3hXhO7uCG5CRi7t3THE2cWTKVJqesXJ38cKstHZhDVXHQOIn"
28
+
29
+ # 泄漏标记词 — 绝不应出现在用户可见回复中
30
+ LEAK_MARKERS = [
31
+ # 英文 DEFAULT_SUMMARY_PROMPT 的标题
32
+ "SESSION INTENT",
33
+ "ARTIFACTS",
34
+ "NEXT STEPS",
35
+ "Context Extraction",
36
+ # langchain _build_new_messages 原始英文模板
37
+ "You are in the middle of a conversation",
38
+ "condensed summary follows",
39
+ "Here is a summary of the conversation",
40
+ # 新版 internal_context_data 标签(如果模型复述了就说明泄漏)
41
+ "<internal_context_data>",
42
+ "</internal_context_data>",
43
+ "<compressed_history>",
44
+ "</compressed_history>",
45
+ "INTERNAL SYSTEM DATA",
46
+ "DO NOT OUTPUT",
47
+ "DO NOT OUTPUT, PARAPHRASE, OR REFERENCE",
48
+ ]
49
+
50
+ # 摘要原文片段 — 这些是压缩后模型回复中绝不应原样出现的上下文内容
51
+ # (注意:这些是从实际压缩输出中提取的典型片段)
52
+ LEAK_CONTENT_PATTERNS = [
53
+ # 英文提示词残留
54
+ r"SESSION\s+INTENT",
55
+ r"ARTIFACTS",
56
+ r"NEXT\s+STEPS",
57
+ r"condensed\s+summary",
58
+ r"conversation\s+history\s+has\s+been\s+saved",
59
+ r"summarization",
60
+ # XML 标签泄漏
61
+ r"<internal_context_data>",
62
+ r"</internal_context_data>",
63
+ r"<compressed_history>",
64
+ r"</compressed_history>",
65
+ # 防护指令泄漏
66
+ r"INTERNAL\s+SYSTEM\s+DATA",
67
+ r"DO\s+NOT\s+OUTPUT",
68
+ r"PARAPHRASE",
69
+ ]
70
+
71
+
72
+ def _make_model(streaming=False):
73
+ from langchain.chat_models import init_chat_model
74
+ return init_chat_model(
75
+ model=MODEL, model_provider="openai", streaming=streaming,
76
+ base_url=BASE_URL, api_key=API_KEY,
77
+ temperature=0.7, max_retries=2, timeout=180,
78
+ )
79
+
80
+
81
+ import re
82
+
83
+ def _check_leak(text: str) -> list[str]:
84
+ """检查回复是否包含泄漏标记词(精确匹配)。"""
85
+ return [m for m in LEAK_MARKERS if m in text]
86
+
87
+ def _check_leak_patterns(text: str) -> list[str]:
88
+ """检查回复是否匹配泄漏正则模式(更灵活的匹配)。"""
89
+ results = []
90
+ for pat in LEAK_CONTENT_PATTERNS:
91
+ if re.search(pat, text, re.IGNORECASE):
92
+ results.append(pat)
93
+ return results
94
+
95
+ def _check_english_leak(text: str) -> list[str]:
96
+ """检查回复中是否出现大段英文(可能是泄漏了摘要模板的英文内容)。
97
+
98
+ 策略:提取连续英文片段(>=40字符),如果出现则可能是泄漏。
99
+ """
100
+ leaks = []
101
+ # 找连续英文片段(含空格和标点)
102
+ english_chunks = re.findall(r'[A-Za-z][A-Za-z ,.;:!?\'"\-]{39,}', text)
103
+ for chunk in english_chunks:
104
+ # 排除常见的合法英文片段(代码、变量名等)
105
+ # 如果包含典型的摘要模板词汇,判定为泄漏
106
+ leak_words = ["summary", "summarization", "context", "history",
107
+ "conversation", "SESSION", "ARTIFACTS", "STEPS",
108
+ "INTERNAL", "compressed", "archived"]
109
+ if any(w.lower() in chunk.lower() for w in leak_words):
110
+ leaks.append(chunk[:80])
111
+ return leaks
112
+
113
+
114
+ # ============================================================
115
+ # 测试 1: 直接构造压缩后的消息场景 — 最可靠的复现方式
116
+ # 模拟 SummarizationMiddleware 刚执行完压缩后的消息列表
117
+ # ============================================================
118
+
119
+ async def test_1_direct_injected_summary_no_leak():
120
+ """核心测试:构造压缩后的消息发给真实模型,检查回复是否泄漏。
121
+
122
+ 这直接模拟了压缩触发后的场景:
123
+ - 摘要作为 HumanMessage(lc_source="summarization")
124
+ - 然后有正常用户提问
125
+ 模型回复不应包含任何摘要标记。
126
+ """
127
+ print("\n" + "=" * 60)
128
+ print("测试 1: 直接注入压缩摘要 — 检查回复泄漏")
129
+ print("=" * 60)
130
+
131
+ from langchain_core.messages import HumanMessage, SystemMessage
132
+
133
+ model = _make_model(streaming=False)
134
+
135
+ # 模拟 CUSTOM_SUMMARY_PROMPT 生成的中文摘要(纯自然段落格式)
136
+ summary_text = (
137
+ "用户的主要目标是测试上下文压缩功能。"
138
+ "之前讨论了Python asyncio异步编程的事件循环、协程概念,"
139
+ "以及Docker容器化技术的镜像和网络配置。"
140
+ "涉及的重要文件包括 test_summary_leak_e2e.py。"
141
+ "仍需完成对压缩后回复的泄漏检查。"
142
+ )
143
+
144
+ # 用当前 _patched_build_new_messages 生成的包装格式
145
+ summary_human = HumanMessage(
146
+ content=(
147
+ "<internal_context_data>\n"
148
+ "IMPORTANT - INTERNAL SYSTEM DATA - DO NOT OUTPUT, PARAPHRASE, OR REFERENCE "
149
+ "ANY PART OF THIS BLOCK IN YOUR RESPONSE. "
150
+ "Use this information only as internal background knowledge to understand context.\n\n"
151
+ "<compressed_history>\n"
152
+ + summary_text +
153
+ "\n</compressed_history>\n"
154
+ "</internal_context_data>"
155
+ ),
156
+ additional_kwargs={"lc_source": "summarization"},
157
+ )
158
+
159
+ user_question = HumanMessage(content="你好,请帮我写一个简单的 Python Hello World 程序。")
160
+
161
+ # --- 路径 A: 摘要作为 HumanMessage(压缩后原始状态,经过 Layer 2 之前)---
162
+ print("\n 路径 A: 摘要作为 HumanMessage(未转换)...")
163
+ try:
164
+ resp_a = await model.ainvoke([summary_human, user_question])
165
+ text_a = resp_a.content
166
+ except Exception as e:
167
+ text_a = f"[错误: {e}]"
168
+
169
+ leaks_a = _check_leak(text_a)
170
+ english_a = _check_english_leak(text_a)
171
+ print(f" A 回复 ({len(text_a)} 字): {text_a[:150]}...")
172
+ print(f" A 标记泄漏: {leaks_a if leaks_a else '无'}")
173
+ print(f" A 英文片段: {english_a if english_a else '无'}")
174
+
175
+ # --- 路径 B: 摘要转换为 SystemMessage(Layer 2 修复后)---
176
+ print("\n 路径 B: 摘要转换为 SystemMessage(Layer 2 修复)...")
177
+ summary_system = SystemMessage(
178
+ content="[系统注入的对话上下文摘要,仅供你理解历史,不要复述或提及给用户]\n\n"
179
+ + summary_human.content
180
+ )
181
+ try:
182
+ resp_b = await model.ainvoke([summary_system, user_question])
183
+ text_b = resp_b.content
184
+ except Exception as e:
185
+ text_b = f"[错误: {e}]"
186
+
187
+ leaks_b = _check_leak(text_b)
188
+ english_b = _check_english_leak(text_b)
189
+ print(f" B 回复 ({len(text_b)} 字): {text_b[:150]}...")
190
+ print(f" B 标记泄漏: {leaks_b if leaks_b else '无'}")
191
+ print(f" B 英文片段: {english_b if english_b else '无'}")
192
+
193
+ # --- 结论 ---
194
+ print("\n 结论:")
195
+ any_leak_a = leaks_a or english_a
196
+ any_leak_b = leaks_b or english_b
197
+ if any_leak_a and not any_leak_b:
198
+ print(" ✓ 证实: HumanMessage 路径泄漏,SystemMessage 修复有效!")
199
+ return True
200
+ elif not any_leak_a and not any_leak_b:
201
+ print(" ✓ 两种路径均无泄漏(标记+英文片段检查通过)")
202
+ print(" 注: Layer 2 转换仍作为结构性保障")
203
+ return True
204
+ else:
205
+ print(f" ✗ 存在泄漏!")
206
+ if any_leak_a:
207
+ print(f" HumanMessage 路径: 标记={leaks_a}, 英文={english_a}")
208
+ if any_leak_b:
209
+ print(f" SystemMessage 路径: 标记={leaks_b}, 英文={english_b}")
210
+ return False
211
+
212
+
213
+ # ============================================================
214
+ # 测试 2: 完整 DeepAgent E2E — 压缩必须触发
215
+ # ============================================================
216
+
217
+ async def test_2_deepagent_compress_must_trigger():
218
+ """极小 maxTokens (3000) DeepAgent,多轮长对话,压缩必须触发。
219
+
220
+ 收集触发压缩后的模型回复,验证无泄漏。
221
+ """
222
+ print("\n" + "=" * 60)
223
+ print("测试 2: DeepAgent 完整 E2E(maxTokens=3000)— 压缩必须触发")
224
+ print("=" * 60)
225
+
226
+ from sycommon.agent.deep_agent import AgentConfig, create_deep_agent
227
+ from deepagents.middleware.summarization import ExtendedModelResponse
228
+ from langgraph.checkpoint.memory import MemorySaver
229
+ import deepagents.middleware.summarization as summ_mod
230
+
231
+ model = _make_model(streaming=True)
232
+ sandbox = AsyncMock()
233
+ sandbox.async_sync = AsyncMock(return_value={})
234
+ sandbox.akill_all_processes = AsyncMock()
235
+ sandbox.atree = AsyncMock(return_value=None)
236
+ sandbox.async_sync_dirs = AsyncMock()
237
+
238
+ nacos_max_tokens = 3000
239
+ mock_llm_cfg = {
240
+ "model": MODEL, "provider": "openai",
241
+ "baseUrl": BASE_URL, "maxTokens": nacos_max_tokens,
242
+ "vision": False, "callFunction": True, "default": True,
243
+ "apiKey": API_KEY,
244
+ }
245
+
246
+ _orig_awrap = summ_mod._DeepAgentsSummarizationMiddleware.awrap_model_call
247
+ compress_events = []
248
+
249
+ async def _tracking_awrap(self, request, handler):
250
+ result = await _orig_awrap(self, request, handler)
251
+ if isinstance(result, ExtendedModelResponse):
252
+ event = result.command.update.get("_summarization_event")
253
+ compress_events.append(event)
254
+ summary_preview = event["summary_message"].content[:100] if event else "?"
255
+ print(f" >>> 压缩触发 #{len(compress_events)}! cutoff={event['cutoff_index']}")
256
+ print(f" summary 预览: {summary_preview}...")
257
+ return result
258
+
259
+ summ_mod._DeepAgentsSummarizationMiddleware.awrap_model_call = _tracking_awrap
260
+
261
+ try:
262
+ with patch("sycommon.config.Config.Config") as mock_config_cls, \
263
+ patch("sycommon.agent.deep_agent.get_llm", return_value=model):
264
+ config_instance = MagicMock()
265
+ config_instance.get_llm_config = MagicMock(return_value=mock_llm_cfg)
266
+ config_instance.get_default_llm_model_name = MagicMock(return_value=MODEL)
267
+ mock_config_cls.return_value = config_instance
268
+
269
+ deep_agent = await create_deep_agent(
270
+ user_id=f"e2e_test_{int(time.time())}",
271
+ config=AgentConfig(
272
+ model_name=MODEL,
273
+ system_prompt="你是测试助手。用中文回答,每次写300字以上。",
274
+ tools=[],
275
+ debug=False,
276
+ ),
277
+ sandbox_backend=sandbox,
278
+ checkpointer=MemorySaver(),
279
+ project_root=Path(tempfile.mkdtemp()),
280
+ )
281
+ finally:
282
+ summ_mod._DeepAgentsSummarizationMiddleware.awrap_model_call = _orig_awrap
283
+
284
+ questions = [
285
+ "请详细介绍Python的asyncio异步编程,包括事件循环、协程、Task和Future的概念。",
286
+ "请详细介绍中国古代四大发明,每个发明至少写200字。",
287
+ "请详细介绍Docker容器化技术,包括镜像、容器、网络和卷。",
288
+ ]
289
+
290
+ all_responses = []
291
+ for i, q in enumerate(questions):
292
+ print(f"\n --- 第 {i+1} 轮 ---")
293
+ print(f" Q: {q[:50]}...")
294
+ full_response = ""
295
+ try:
296
+ async for event in deep_agent.chat(q):
297
+ if event.type == "ai_chunk":
298
+ content = event.data.get("content", "")
299
+ full_response += content
300
+ except Exception as e:
301
+ print(f" chat 出错: {e}")
302
+ import traceback
303
+ traceback.print_exc()
304
+
305
+ all_responses.append(full_response)
306
+ print(f" A ({len(full_response)} 字): {full_response[:120]}...")
307
+
308
+ # 压缩必须触发
309
+ print(f"\n 压缩触发次数: {len(compress_events)}")
310
+ if not compress_events:
311
+ print(" ✗ 压缩未触发! 测试无效。")
312
+ return False
313
+ print(f" ✓ 压缩已触发 {len(compress_events)} 次")
314
+
315
+ # 检查压缩后的回复(第2轮及之后)
316
+ post_compress_responses = all_responses[1:] # 第2轮开始
317
+ all_leaks = []
318
+ all_pattern_leaks = []
319
+ all_english_leaks = []
320
+ for i, resp in enumerate(post_compress_responses):
321
+ if not resp:
322
+ print(f" ⚠ 第 {i+2} 轮回复为空!")
323
+ continue
324
+ # 1) 精确标记检查
325
+ leaks = _check_leak(resp)
326
+ if leaks:
327
+ all_leaks.append((i + 2, leaks))
328
+ # 2) 正则模式检查
329
+ pattern_leaks = _check_leak_patterns(resp)
330
+ if pattern_leaks:
331
+ all_pattern_leaks.append((i + 2, pattern_leaks))
332
+ # 3) 英文长片段泄漏检查
333
+ english_leaks = _check_english_leak(resp)
334
+ if english_leaks:
335
+ all_english_leaks.append((i + 2, english_leaks))
336
+
337
+ passed = True
338
+ if all_leaks:
339
+ print(f" ✗ 压缩后回复存在标记泄漏:")
340
+ for round_num, markers in all_leaks:
341
+ print(f" 第 {round_num} 轮: {markers}")
342
+ passed = False
343
+ if all_pattern_leaks:
344
+ print(f" ✗ 压缩后回复存在模式泄漏:")
345
+ for round_num, patterns in all_pattern_leaks:
346
+ print(f" 第 {round_num} 轮: {patterns}")
347
+ passed = False
348
+ if all_english_leaks:
349
+ print(f" ✗ 压缩后回复存在英文片段泄漏(可能是摘要模板泄漏):")
350
+ for round_num, chunks in all_english_leaks:
351
+ for chunk in chunks:
352
+ print(f" 第 {round_num} 轮: {chunk}...")
353
+ passed = False
354
+
355
+ if passed:
356
+ print(" ✓ 压缩后所有回复无泄漏(标记/模式/英文片段均通过)")
357
+ return passed
358
+
359
+
360
+ # ============================================================
361
+ # 测试 3: Hook 验证 HumanMessage→SystemMessage 转换
362
+ # ============================================================
363
+
364
+ async def test_3_conversion_hook():
365
+ """Hook 模型底层,验证压缩触发时摘要消息确实从 HumanMessage 变为 SystemMessage。"""
366
+ print("\n" + "=" * 60)
367
+ print("测试 3: HumanMessage→SystemMessage 转换 Hook 验证")
368
+ print("=" * 60)
369
+
370
+ from sycommon.agent.deep_agent import AgentConfig, create_deep_agent
371
+ from langgraph.checkpoint.memory import MemorySaver
372
+ from langchain_core.messages import SystemMessage, HumanMessage
373
+
374
+ model = _make_model(streaming=True)
375
+ sandbox = AsyncMock()
376
+ sandbox.async_sync = AsyncMock(return_value={})
377
+ sandbox.akill_all_processes = AsyncMock()
378
+ sandbox.atree = AsyncMock(return_value=None)
379
+ sandbox.async_sync_dirs = AsyncMock()
380
+
381
+ nacos_max_tokens = 3000
382
+ mock_llm_cfg = {
383
+ "model": MODEL, "provider": "openai",
384
+ "baseUrl": BASE_URL, "maxTokens": nacos_max_tokens,
385
+ "vision": False, "callFunction": True, "default": True,
386
+ "apiKey": API_KEY,
387
+ }
388
+
389
+ # 先创建 agent
390
+ with patch("sycommon.config.Config.Config") as mock_config_cls, \
391
+ patch("sycommon.agent.deep_agent.get_llm", return_value=model):
392
+ config_instance = MagicMock()
393
+ config_instance.get_llm_config = MagicMock(return_value=mock_llm_cfg)
394
+ config_instance.get_default_llm_model_name = MagicMock(return_value=MODEL)
395
+ mock_config_cls.return_value = config_instance
396
+
397
+ deep_agent = await create_deep_agent(
398
+ user_id=f"hook_test_{int(time.time())}",
399
+ config=AgentConfig(
400
+ model_name=MODEL,
401
+ system_prompt="你是测试助手。用中文回答,写300字以上。",
402
+ tools=[],
403
+ debug=False,
404
+ ),
405
+ sandbox_backend=sandbox,
406
+ checkpointer=MemorySaver(),
407
+ project_root=Path(tempfile.mkdtemp()),
408
+ )
409
+
410
+ # Hook raw model 底层 _astream
411
+ conversion_log = []
412
+ raw_model = getattr(model, 'llm', model)
413
+ _has_method = hasattr(raw_model, '_astream')
414
+ _orig_method = None
415
+ if _has_method:
416
+ _orig_method = raw_model._astream
417
+
418
+ async def _tracking(messages, *args, **kwargs):
419
+ msg_types = [type(m).__name__ for m in messages]
420
+ has_summary_human = any(
421
+ isinstance(m, HumanMessage)
422
+ and getattr(m, "additional_kwargs", {}).get("lc_source") == "summarization"
423
+ for m in messages
424
+ )
425
+ has_summary_system = any(
426
+ isinstance(m, SystemMessage)
427
+ and "不要复述" in (m.content or "")
428
+ for m in messages
429
+ )
430
+ conversion_log.append({
431
+ "types": msg_types,
432
+ "human_leak": has_summary_human,
433
+ "system_ok": has_summary_system,
434
+ })
435
+ async for chunk in _orig_method(messages, *args, **kwargs):
436
+ yield chunk
437
+
438
+ raw_model._astream = _tracking
439
+
440
+ questions = [
441
+ "请详细介绍Python的asyncio异步编程。",
442
+ "请详细介绍中国古代四大发明。",
443
+ "请详细介绍Docker容器化技术。",
444
+ ]
445
+
446
+ for i, q in enumerate(questions):
447
+ print(f"\n --- 第 {i+1} 轮 ---")
448
+ try:
449
+ async for event in deep_agent.chat(q):
450
+ pass
451
+ except Exception as e:
452
+ print(f" chat 出错: {e}")
453
+
454
+ if _has_method and _orig_method:
455
+ raw_model._astream = _orig_method
456
+
457
+ # 分析结果
458
+ print(f"\n 模型调用次数: {len(conversion_log)}")
459
+ for i, log in enumerate(conversion_log):
460
+ flag = "⚠ HUMAN_LEAK" if log["human_leak"] else ("✓ SYSTEM" if log["system_ok"] else "")
461
+ print(f" 调用 {i+1}: types={log['types']} {flag}")
462
+
463
+ human_leaked = any(log["human_leak"] for log in conversion_log)
464
+ system_ok = any(log["system_ok"] for log in conversion_log)
465
+
466
+ if human_leaked:
467
+ print(" ✗ 存在摘要 HumanMessage 未转换!")
468
+ return False
469
+
470
+ if system_ok:
471
+ print(" ✓ 摘要已从 HumanMessage 转换为 SystemMessage")
472
+ else:
473
+ print(" ⚠ 压缩可能未触发")
474
+
475
+ print(" ✓ 转换验证通过")
476
+ return True
477
+
478
+
479
+ # ============================================================
480
+ # 测试 4: 用英文原始 DEFAULT_SUMMARY_PROMPT 触发压缩 — 复现 bug
481
+ # 证明如果不 monkey-patch,SESSION INTENT 等确实会泄漏
482
+ # ============================================================
483
+
484
+ async def test_4_original_english_prompt_reproduces_bug():
485
+ """使用 langchain 原始英文 DEFAULT_SUMMARY_PROMPT 触发压缩,
486
+ 证明 bug 确实可以复现。"""
487
+ print("\n" + "=" * 60)
488
+ print("测试 4: 用原始英文 prompt 复现 bug(对照组)")
489
+ print("=" * 60)
490
+
491
+ from langchain_core.messages import HumanMessage, AIMessage
492
+
493
+ model = _make_model(streaming=False)
494
+
495
+ # 原始英文 DEFAULT_SUMMARY_PROMPT 会生成这种格式的摘要
496
+ english_summary = """## SESSION INTENT
497
+ The user wants to test summarization leak.
498
+
499
+ ## SUMMARY
500
+ Discussed Python asyncio, Docker containers, and Chinese inventions.
501
+
502
+ ## ARTIFACTS
503
+ - test_summary_leak_e2e.py was created.
504
+
505
+ ## NEXT STEPS
506
+ Verify the summary doesn't leak into model response."""
507
+
508
+ # 用 langchain _build_new_messages 原始格式
509
+ original_format_msg = HumanMessage(
510
+ content=f"You are in the middle of a conversation that has been summarized.\n\n"
511
+ f"The full conversation history has been saved to /conversation_history/test.md "
512
+ f"should you need to refer back to it for details.\n\n"
513
+ f"A condensed summary follows:\n\n"
514
+ f"<summary>\n{english_summary}\n</summary>",
515
+ additional_kwargs={"lc_source": "summarization"},
516
+ )
517
+
518
+ user_msg = HumanMessage(content="请帮我写一个Python Hello World程序。")
519
+
520
+ print(" 发送原始英文摘要格式给模型...")
521
+ try:
522
+ resp = await model.ainvoke([original_format_msg, user_msg])
523
+ text = resp.content
524
+ except Exception as e:
525
+ text = f"[错误: {e}]"
526
+
527
+ print(f" 回复 ({len(text)} 字): {text[:200]}...")
528
+
529
+ # 检查英文标记
530
+ en_markers = ["SESSION INTENT", "ARTIFACTS", "NEXT STEPS", "condensed summary"]
531
+ leaks = [m for m in en_markers if m in text]
532
+ # 同时检查英文长片段
533
+ english_leaks = _check_english_leak(text)
534
+ if leaks:
535
+ print(f" ✓ Bug 可复现! 回复包含英文标记: {leaks}")
536
+ else:
537
+ print(f" 当前模型未泄漏英文标记(模型自身抑制了)")
538
+ if english_leaks:
539
+ print(f" ✓ 英文片段泄漏: {english_leaks[:3]}")
540
+
541
+ return True # 观察性测试
542
+
543
+
544
+ # ============================================================
545
+ # 测试 6: 防御性补丁验证 — 不传 summary_prompt 时应使用中文版
546
+ # ============================================================
547
+
548
+ async def test_6_defense_in_depth_no_default_prompt_leak():
549
+ """验证防御性补丁: 直接实例化 SummarizationMiddleware 不传 summary_prompt 时
550
+ 应使用 CUSTOM_SUMMARY_PROMPT(中文),而非 DEFAULT_SUMMARY_PROMPT(英文)。
551
+
552
+ 这测试了 workflow 发现的根因:
553
+ - __init__ 的 summary_prompt 默认值在类定义时烘焙了 DEFAULT_SUMMARY_PROMPT
554
+ - 防御补丁覆盖了 __init__ 默认值为 CUSTOM_SUMMARY_PROMPT
555
+ """
556
+ print("\n" + "=" * 60)
557
+ print("测试 6: 防御性补丁 — 不传 summary_prompt 时用中文版")
558
+ print("=" * 60)
559
+
560
+ import deepagents.middleware.summarization as summ_mod
561
+ from deepagents.backends import StateBackend
562
+ from langchain.chat_models import init_chat_model
563
+
564
+ model = init_chat_model(
565
+ model=MODEL, model_provider="openai", streaming=False,
566
+ base_url=BASE_URL, api_key=API_KEY,
567
+ temperature=0.7, max_retries=2, timeout=180,
568
+ )
569
+
570
+ # 路径 A: 不传 summary_prompt — 应使用中文版
571
+ print("\n 路径 A: SummarizationMiddleware(model, backend) — 不传 summary_prompt")
572
+ mw_a = summ_mod.SummarizationMiddleware(model=model, backend=StateBackend())
573
+ prompt_a = mw_a._lc_helper.summary_prompt
574
+ has_english_headers = "SESSION INTENT" in prompt_a
575
+ has_chinese = "上下文提取助手" in prompt_a
576
+ print(f" SESSION INTENT 在 prompt 中: {has_english_headers}")
577
+ print(f" 上下文提取助手 在 prompt 中: {has_chinese}")
578
+
579
+ if has_english_headers:
580
+ print(" ✗ 路径 A 仍有英文标题! 防御补丁未生效!")
581
+ return False
582
+
583
+ # 路径 B: 通过 create_summarization_middleware
584
+ print("\n 路径 B: create_summarization_middleware(model, backend)")
585
+ mw_b = summ_mod.create_summarization_middleware(model, StateBackend())
586
+ prompt_b = mw_b._lc_helper.summary_prompt
587
+ has_english_headers_b = "SESSION INTENT" in prompt_b
588
+ has_chinese_b = "上下文提取助手" in prompt_b
589
+ print(f" SESSION INTENT 在 prompt 中: {has_english_headers_b}")
590
+ print(f" 上下文提取助手 在 prompt 中: {has_chinese_b}")
591
+
592
+ if has_english_headers_b:
593
+ print(" ✗ 路径 B 仍有英文标题!")
594
+ return False
595
+
596
+ # 路径 C: DEFAULT_SUMMARY_PROMPT 模块常量
597
+ print("\n 路径 C: DEFAULT_SUMMARY_PROMPT 模块常量")
598
+ has_en_const = "SESSION INTENT" in summ_mod.DEFAULT_SUMMARY_PROMPT
599
+ print(f" SESSION INTENT 在模块常量中: {has_en_const}")
600
+ if has_en_const:
601
+ print(" ⚠ 模块常量仍有英文标题(不影响运行时但需注意)")
602
+
603
+ # 路径 D: create_summarization_tool_middleware
604
+ print("\n 路径 D: create_summarization_tool_middleware(model, backend)")
605
+ if hasattr(summ_mod, 'create_summarization_tool_middleware'):
606
+ tool_mw = summ_mod.create_summarization_tool_middleware(model, StateBackend())
607
+ prompt_d = tool_mw._summmary_middleware._lc_helper.summary_prompt if hasattr(tool_mw, '_summmary_middleware') else "?"
608
+ # 尝试从内部获取
609
+ inner = getattr(tool_mw, '_middleware', None) or getattr(tool_mw, '_summmary_middleware', None)
610
+ if inner:
611
+ prompt_d = inner._lc_helper.summary_prompt
612
+ else:
613
+ # 遍历属性找 _lc_helper
614
+ for attr_name in dir(tool_mw):
615
+ attr = getattr(tool_mw, attr_name, None)
616
+ if hasattr(attr, '_lc_helper'):
617
+ prompt_d = attr._lc_helper.summary_prompt
618
+ break
619
+ has_en_d = "SESSION INTENT" in prompt_d
620
+ print(f" SESSION INTENT 在 prompt 中: {has_en_d}")
621
+ if has_en_d:
622
+ print(" ⚠ 路径 D 有英文标题(create_summarization_tool_middleware 可能需单独检查)")
623
+ else:
624
+ print(" (create_summarization_tool_middleware 不存在,跳过)")
625
+
626
+ print("\n ✓ 防御补丁验证通过: 所有路径使用中文摘要提示词")
627
+ return True
628
+
629
+
630
+ # ============================================================
631
+ # 测试 7: 压缩摘要内容检查 — 确认摘要不包含英文标题
632
+ # ============================================================
633
+
634
+ async def test_7_summary_content_no_english_headers():
635
+ """触发压缩,获取实际生成的摘要文本,检查是否包含英文标题。
636
+
637
+ 之前的测试只检查模型回复是否泄漏,这个测试直接检查摘要内容本身。
638
+ """
639
+ print("\n" + "=" * 60)
640
+ print("测试 7: 压缩摘要内容检查 — 确认无英文标题")
641
+ print("=" * 60)
642
+
643
+ from sycommon.agent.deep_agent import AgentConfig, create_deep_agent
644
+ from deepagents.middleware.summarization import ExtendedModelResponse
645
+ from langgraph.checkpoint.memory import MemorySaver
646
+ import deepagents.middleware.summarization as summ_mod
647
+
648
+ model = _make_model(streaming=True)
649
+ sandbox = AsyncMock()
650
+ sandbox.async_sync = AsyncMock(return_value={})
651
+ sandbox.akill_all_processes = AsyncMock()
652
+ sandbox.atree = AsyncMock(return_value=None)
653
+ sandbox.async_sync_dirs = AsyncMock()
654
+
655
+ nacos_max_tokens = 3000
656
+ mock_llm_cfg = {
657
+ "model": MODEL, "provider": "openai",
658
+ "baseUrl": BASE_URL, "maxTokens": nacos_max_tokens,
659
+ "vision": False, "callFunction": True, "default": True,
660
+ "apiKey": API_KEY,
661
+ }
662
+
663
+ _orig_awrap = summ_mod._DeepAgentsSummarizationMiddleware.awrap_model_call
664
+ summary_texts = []
665
+
666
+ async def _capturing_awrap(self, request, handler):
667
+ result = await _orig_awrap(self, request, handler)
668
+ if isinstance(result, ExtendedModelResponse):
669
+ event = result.command.update.get("_summarization_event")
670
+ if event and "summary_message" in event:
671
+ summary_content = event["summary_message"].content
672
+ summary_texts.append(summary_content)
673
+ print(f" >>> 捕获摘要 #{len(summary_texts)} ({len(summary_content)} 字)")
674
+ return result
675
+
676
+ summ_mod._DeepAgentsSummarizationMiddleware.awrap_model_call = _capturing_awrap
677
+
678
+ try:
679
+ with patch("sycommon.config.Config.Config") as mock_config_cls, \
680
+ patch("sycommon.agent.deep_agent.get_llm", return_value=model):
681
+ config_instance = MagicMock()
682
+ config_instance.get_llm_config = MagicMock(return_value=mock_llm_cfg)
683
+ config_instance.get_default_llm_model_name = MagicMock(return_value=MODEL)
684
+ mock_config_cls.return_value = config_instance
685
+
686
+ deep_agent = await create_deep_agent(
687
+ user_id=f"summary_test_{int(time.time())}",
688
+ config=AgentConfig(
689
+ model_name=MODEL,
690
+ system_prompt="你是测试助手。用中文回答,每次写300字以上。",
691
+ tools=[],
692
+ debug=False,
693
+ ),
694
+ sandbox_backend=sandbox,
695
+ checkpointer=MemorySaver(),
696
+ project_root=Path(tempfile.mkdtemp()),
697
+ )
698
+ finally:
699
+ summ_mod._DeepAgentsSummarizationMiddleware.awrap_model_call = _orig_awrap
700
+
701
+ questions = [
702
+ "请详细介绍Python的asyncio异步编程,包括事件循环、协程、Task和Future的概念。",
703
+ "请详细介绍中国古代四大发明,每个发明至少写200字。",
704
+ "请详细介绍Docker容器化技术,包括镜像、容器、网络和卷。",
705
+ ]
706
+
707
+ for i, q in enumerate(questions):
708
+ print(f"\n --- 第 {i+1} 轮 ---")
709
+ try:
710
+ async for event in deep_agent.chat(q):
711
+ pass
712
+ except Exception as e:
713
+ print(f" chat 出错: {e}")
714
+
715
+ # 检查摘要内容
716
+ if not summary_texts:
717
+ print(" ✗ 未捕获到任何摘要! 压缩未触发。")
718
+ return False
719
+
720
+ print(f"\n 捕获到 {len(summary_texts)} 个摘要")
721
+ all_passed = True
722
+ for i, summary in enumerate(summary_texts):
723
+ print(f"\n --- 摘要 {i+1} ({len(summary)} 字) ---")
724
+ print(f" 前 200 字: {summary[:200]}...")
725
+
726
+ # 检查英文标题
727
+ en_headers = ["SESSION INTENT", "ARTIFACTS", "NEXT STEPS",
728
+ "## SUMMARY", "## ARTIFACTS", "## NEXT STEPS",
729
+ "## SESSION INTENT"]
730
+ found_headers = [h for h in en_headers if h in summary]
731
+ if found_headers:
732
+ print(f" ✗ 摘要包含英文标题: {found_headers}")
733
+ all_passed = False
734
+ else:
735
+ print(f" ✓ 摘要无英文标题")
736
+
737
+ # 检查英文模板特征词
738
+ en_features = ["Context Extraction", "condensed summary",
739
+ "You are in the middle of a conversation"]
740
+ found_features = [f for f in en_features if f in summary]
741
+ if found_features:
742
+ print(f" ✗ 摘要包含英文模板特征: {found_features}")
743
+ all_passed = False
744
+
745
+ if all_passed:
746
+ print("\n ✓ 所有摘要均无英文标题和模板特征")
747
+ return all_passed
748
+
749
+
750
+ # ============================================================
751
+ # 测试 5: 200k/128k 默认配置 — 确保不误触发
752
+ # ============================================================
753
+
754
+ async def test_5_normal_config_no_false_trigger():
755
+ """200k maxTokens + 128k maxOutputTokens,单轮短对话不应触发压缩。"""
756
+ print("\n" + "=" * 60)
757
+ print("测试 5: 200k/128k 默认配置 — 不误触发压缩")
758
+ print("=" * 60)
759
+
760
+ from sycommon.agent.deep_agent import AgentConfig, create_deep_agent
761
+ from deepagents.middleware.summarization import ExtendedModelResponse
762
+ from langgraph.checkpoint.memory import MemorySaver
763
+ import deepagents.middleware.summarization as summ_mod
764
+
765
+ model = _make_model(streaming=True)
766
+ sandbox = AsyncMock()
767
+ sandbox.async_sync = AsyncMock(return_value={})
768
+ sandbox.akill_all_processes = AsyncMock()
769
+ sandbox.atree = AsyncMock(return_value=None)
770
+ sandbox.async_sync_dirs = AsyncMock()
771
+
772
+ mock_llm_cfg = {
773
+ "model": MODEL, "provider": "openai",
774
+ "baseUrl": BASE_URL, "maxTokens": 200000,
775
+ "maxOutputTokens": 128000,
776
+ "vision": False, "callFunction": True, "default": True,
777
+ "apiKey": API_KEY,
778
+ }
779
+
780
+ _orig_awrap = summ_mod._DeepAgentsSummarizationMiddleware.awrap_model_call
781
+ compress_count = [0]
782
+
783
+ async def _tracking(self, request, handler):
784
+ result = await _orig_awrap(self, request, handler)
785
+ if isinstance(result, ExtendedModelResponse):
786
+ compress_count[0] += 1
787
+ return result
788
+
789
+ summ_mod._DeepAgentsSummarizationMiddleware.awrap_model_call = _tracking
790
+
791
+ try:
792
+ with patch("sycommon.config.Config.Config") as mock_config_cls, \
793
+ patch("sycommon.agent.deep_agent.get_llm", return_value=model):
794
+ config_instance = MagicMock()
795
+ config_instance.get_llm_config = MagicMock(return_value=mock_llm_cfg)
796
+ config_instance.get_default_llm_model_name = MagicMock(return_value=MODEL)
797
+ mock_config_cls.return_value = config_instance
798
+
799
+ deep_agent = await create_deep_agent(
800
+ user_id=f"normal_{int(time.time())}",
801
+ config=AgentConfig(
802
+ model_name=MODEL,
803
+ system_prompt="你是测试助手。简短回答。",
804
+ tools=[],
805
+ debug=False,
806
+ ),
807
+ sandbox_backend=sandbox,
808
+ checkpointer=MemorySaver(),
809
+ project_root=Path(tempfile.mkdtemp()),
810
+ )
811
+ finally:
812
+ summ_mod._DeepAgentsSummarizationMiddleware.awrap_model_call = _orig_awrap
813
+
814
+ full_response = ""
815
+ async for event in deep_agent.chat("你好,请用一句话介绍你自己。"):
816
+ if event.type == "ai_chunk":
817
+ content = event.data.get("content", "")
818
+ full_response += content
819
+
820
+ print(f" A: {full_response[:150]}")
821
+ print(f" 压缩触发: {compress_count[0]} 次")
822
+
823
+ if compress_count[0] > 0:
824
+ print(" ✗ 不应触发压缩!")
825
+ return False
826
+ print(" ✓ 200k/128k 配置正常,无误触发")
827
+ return True
828
+
829
+
830
+ # ============================================================
831
+ # 主入口
832
+ # ============================================================
833
+
834
+ async def main():
835
+ print(f"摘要泄漏 E2E 真实测试 - {time.strftime('%H:%M:%S')}")
836
+ print(f"模型: {MODEL} @ {BASE_URL}")
837
+ print()
838
+
839
+ results = {}
840
+
841
+ tests = [
842
+ ("1. 直接注入摘要-无泄漏", test_1_direct_injected_summary_no_leak),
843
+ ("2. DeepAgent压缩必须触发", test_2_deepagent_compress_must_trigger),
844
+ ("3. HumanMsg→SystemMsg转换", test_3_conversion_hook),
845
+ ("4. 原始英文prompt复现bug", test_4_original_english_prompt_reproduces_bug),
846
+ ("5. 200k默认不误触", test_5_normal_config_no_false_trigger),
847
+ ("6. 防御补丁-默认值覆盖", test_6_defense_in_depth_no_default_prompt_leak),
848
+ ("7. 压缩摘要无英文标题", test_7_summary_content_no_english_headers),
849
+ ]
850
+
851
+ for name, fn in tests:
852
+ try:
853
+ passed = await fn()
854
+ results[name] = passed
855
+ except Exception as e:
856
+ import traceback
857
+ print(f" FAILED: {e}")
858
+ traceback.print_exc()
859
+ results[name] = False
860
+
861
+ print(f"\n{'='*60}")
862
+ print(f" 测试结果汇总:")
863
+ for name, passed in results.items():
864
+ print(f" {name}: {'✓ PASSED' if passed else '✗ FAILED'}")
865
+ total = len(results)
866
+ passed = sum(1 for v in results.values() if v)
867
+ print(f" 总计: {passed}/{total} 通过")
868
+ print(f"{'='*60}")
869
+
870
+
871
+ if __name__ == "__main__":
872
+ asyncio.run(main())
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: sycommon-python-lib
3
- Version: 0.2.5a34
3
+ Version: 0.2.5a35
4
4
  Summary: Add your description here
5
5
  Requires-Python: >=3.11
6
6
  Description-Content-Type: text/markdown
@@ -9,16 +9,16 @@ Requires-Dist: aiohttp==3.13.5
9
9
  Requires-Dist: aiomysql==0.3.2
10
10
  Requires-Dist: anyio==4.13.0
11
11
  Requires-Dist: decorator==5.3.1
12
- Requires-Dist: deepagents==0.6.7
12
+ Requires-Dist: deepagents==0.6.8
13
13
  Requires-Dist: elasticsearch==9.4.1
14
14
  Requires-Dist: fastapi==0.136.3
15
15
  Requires-Dist: jinja2==3.1.6
16
16
  Requires-Dist: kafka-python==2.3.1
17
- Requires-Dist: langchain==1.3.2
17
+ Requires-Dist: langchain==1.3.4
18
18
  Requires-Dist: langchain-core==1.4.0
19
19
  Requires-Dist: langchain-openai==1.2.2
20
20
  Requires-Dist: langfuse==4.7.1
21
- Requires-Dist: langgraph==1.2.2
21
+ Requires-Dist: langgraph==1.2.4
22
22
  Requires-Dist: langgraph-checkpoint-postgres==3.1.0
23
23
  Requires-Dist: langgraph-checkpoint-redis==0.4.1
24
24
  Requires-Dist: ldap3==2.9.1
@@ -129,14 +129,14 @@ sycommon/services.py,sha256=pUcV0xFrn1hrArD9YwE8m6CMrrWPwNBAqUIWhgsVkzY,24943
129
129
  sycommon/agent/__init__.py,sha256=mxceAeUifQ-DKvWp7ZEJIFlmOCb5wpYHPGQw3rwEN8I,4378
130
130
  sycommon/agent/agent_manager.py,sha256=UhhaekEumT7g4v_Z1UB4jTp13X0n8M8erYaQdkGGWkA,13620
131
131
  sycommon/agent/chat_events.py,sha256=t7qWa6OrIWLfqtd1AnqaVP67QWkn1JxpCBTZYQpoLuM,14226
132
- sycommon/agent/deep_agent.py,sha256=ZAsfyfaa_ZpDQceNYZgmyaqk4LrsLSJvJwo73NBq-FE,59459
133
- sycommon/agent/multi_agent_team.py,sha256=W5gP6sWIYhhXf6iBLHfyTIs9eAhUdkWrn_PF6W2cESs,26059
134
- sycommon/agent/summarization_utils.py,sha256=5eiLtxRZKTzO0tnr8sVaL-H3a0eUtvXpCa28Jw_j2eE,10889
132
+ sycommon/agent/deep_agent.py,sha256=IcBM507zQY2L5lR23ysMUslL1uzr99oJggcQ8HcW4s4,59283
133
+ sycommon/agent/multi_agent_team.py,sha256=UjtJCjq-bHFLvdN6n__Bhb_w-hV8EKBKyTTb7T1n8l8,26385
134
+ sycommon/agent/summarization_utils.py,sha256=aA1IJG2jaY_Gdx9ZP34bfyMt-DaVJnno_3glu97dJUg,14894
135
135
  sycommon/agent/mcp/__init__.py,sha256=iKrdDhIrFsNIkqG_kgcwNe-nOiM6uVfolKv44LfQ-FQ,636
136
136
  sycommon/agent/mcp/models.py,sha256=zda4ho-UTYOJ5oPAZPZ-vxhfDRLghUCsMroHnA2A2QQ,1490
137
- sycommon/agent/mcp/tool_loader.py,sha256=iJkKSBClm348xeQ0CmK4lOUbLEQ-CRr-GvJdPmSHg9o,9916
137
+ sycommon/agent/mcp/tool_loader.py,sha256=OQa-lE7RL2s3Lqh-kNOKaUrb130hvorB_HjyFBqZBZs,10960
138
138
  sycommon/agent/sandbox/__init__.py,sha256=jR7LlkD4J4Y6QYyRXQClkwmqDBCCPmycV_hQV9p9YHw,4621
139
- sycommon/agent/sandbox/file_ops.py,sha256=C1_gfarr2aHstaB9VzV_APJYgQtRfUVvkc3b7QIgmc0,24690
139
+ sycommon/agent/sandbox/file_ops.py,sha256=JwxGwZzcjUEZ8bvomVe-pjVqneODG4_zl5142g71Qdc,24720
140
140
  sycommon/agent/sandbox/http_sandbox_backend.py,sha256=_l7guM-sv4XduE9NTNVLPyRTjZZIGR4qefJUTc8e5q4,59199
141
141
  sycommon/agent/sandbox/minio_sync.py,sha256=d1kuWllvyAvAMsFZCP0OdHEQtXN9BEIgHbupC31BjSk,20000
142
142
  sycommon/agent/sandbox/sandbox_pool.py,sha256=eMn8sLakCWf90l6ni2-333QM8oBdX1CflV-WzneFp_k,9133
@@ -213,7 +213,7 @@ sycommon/middleware/mq.py,sha256=9X6KKtadFjBXKS5L3kEKujYio9wwGfWgXwWOAHO-HDg,254
213
213
  sycommon/middleware/sandbox.py,sha256=er0zeHLQtHJqSr27fGcKbAtRo1ZOQ-Lqif8ALWNFSak,47858
214
214
  sycommon/middleware/timeout.py,sha256=KlxOPa8xl2dg6yuRi_EzkVJG8bX4stb5ueYxctzzGM8,1433
215
215
  sycommon/middleware/token_tracking.py,sha256=rEbgV1bgWMdzAERx4aq5XAvOIT6jTY_tK1P0xHJnL3o,6609
216
- sycommon/middleware/tool_result_truncation.py,sha256=307qUekFbhrh5x8rLYgoOOSH1Ph7doTicrpTiyiZo_A,10715
216
+ sycommon/middleware/tool_result_truncation.py,sha256=SREo6tb_RDHxqiQdO0N82pio-Cpo0YSrHNa1sASUafM,12429
217
217
  sycommon/middleware/traceid.py,sha256=MrcHj-2hzwl5sOMbf6-34tezYv4COnh3R8vaCN9zRuA,14025
218
218
  sycommon/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
219
219
  sycommon/models/base_http.py,sha256=EICAAibx3xhjBsLqm35Mi3DCqxp0FME4rD_3iQVjT_E,3051
@@ -269,6 +269,7 @@ sycommon/tests/test_oa_login.py,sha256=5psNnmUst20x-LdjPa_liunhMLGky2uTDVpQzefBn
269
269
  sycommon/tests/test_real_summarization.py,sha256=7B89es7-UwULk-kq9xUiWH1ylXUO3QDJm4oZWzJNPk0,6193
270
270
  sycommon/tests/test_summarization_config.py,sha256=Ztb-eJXt2NrpBXNp7xST4Cwq4x8DK9pFuC7-bXUUOaE,16860
271
271
  sycommon/tests/test_summarization_real.py,sha256=iTwwA_xQd5Zgkn849lu2M0zIHPnMp-3szsIGrg6G9J4,12406
272
+ sycommon/tests/test_summary_leak_e2e.py,sha256=vE5r9QCcZRmUy3YQASwdwCBsVrRcl8vU95sLUyB6u9s,34739
272
273
  sycommon/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
273
274
  sycommon/tools/async_utils.py,sha256=e2Bp8v0LDrnViBIZ3zcCWtm_01w67vG34VhnAyGu9ZM,1015
274
275
  sycommon/tools/docs.py,sha256=OPj2ETheuWjXLyaXtaZPbwmJKfJaYXV5s4XMVAUNrms,1607
@@ -279,8 +280,8 @@ sycommon/tools/syemail.py,sha256=BDFhgf7WDOQeTcjxJEQdu0dQhnHFPO_p3eI0-Ni3LhQ,561
279
280
  sycommon/tools/timing.py,sha256=OiiE7P07lRoMzX9kzb8sZU9cDb0zNnqIlY5pWqHcnkY,2064
280
281
  sycommon/xxljob/__init__.py,sha256=7eoBlQxv-B39IfRSCY2bkqdGYs1QRe1umAWd88VMEEM,86
281
282
  sycommon/xxljob/xxljob_service.py,sha256=JIEJaGXhqrTLcyxlyynSrsHg9bBnDNzX-D4qIWLRPUE,6815
282
- sycommon_python_lib-0.2.5a34.dist-info/METADATA,sha256=nawJm7F20hnsLGU7iflCjrngeeSYIERqA2scgDTxxyA,7914
283
- sycommon_python_lib-0.2.5a34.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
284
- sycommon_python_lib-0.2.5a34.dist-info/entry_points.txt,sha256=gsR4SssKxDWjRU8ggidzNcdMXDPRSKRS7UaGyNP84Qg,92
285
- sycommon_python_lib-0.2.5a34.dist-info/top_level.txt,sha256=RgphKrg7nJyZ7irJqbxFr-5H2LUYTvI7ivoWZH2hcD0,29
286
- sycommon_python_lib-0.2.5a34.dist-info/RECORD,,
283
+ sycommon_python_lib-0.2.5a35.dist-info/METADATA,sha256=5HlLiqV7AMmkykedMJlsF42TpvpPpKOoPIUcdowWlH0,7914
284
+ sycommon_python_lib-0.2.5a35.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
285
+ sycommon_python_lib-0.2.5a35.dist-info/entry_points.txt,sha256=gsR4SssKxDWjRU8ggidzNcdMXDPRSKRS7UaGyNP84Qg,92
286
+ sycommon_python_lib-0.2.5a35.dist-info/top_level.txt,sha256=RgphKrg7nJyZ7irJqbxFr-5H2LUYTvI7ivoWZH2hcD0,29
287
+ sycommon_python_lib-0.2.5a35.dist-info/RECORD,,