fix: escape literal braces in all user-supplied prompt fields#1728
Merged
Conversation
User-supplied text (missions, custom instructions, capacity notes) may contain literal braces (e.g. JSON examples). These crash str.format() with KeyError when the braces are interpreted as format placeholders. Extracts a shared escape_for_prompt() helper and applies it to all three affected prompt builders: - consolidation/prompts.py (observations_mission, capacity_note) - reflect/prompts.py (bank mission in final synthesis prompt) - retain/fact_extraction.py (retain_mission, custom_instructions) Includes 17 tests covering the shared helper and all three modules.
r0gig0r
added a commit
to r0gig0r/hindsight
that referenced
this pull request
May 26, 2026
Notable upstream additions pulled in: - feat(api): clear endpoint for mental model content (vectorize-io#1706) - feat(api): per-operation LLM concurrency caps (vectorize-io#1738) - feat(typescript-client): concrete generated types (replace Promise<any>) - feat(reranker): Alibaba Qwen3-Rerank support (vectorize-io#1501) - feat: opencode-go LLM provider (vectorize-io#1652) - feat(extensions): OperationValidator.precheck pre-body-parse hook (vectorize-io#1548) - feat(right-agent): new Right Agent integration (vectorize-io#1599) - fix(ollama): ollama-cloud provider + native API auth (vectorize-io#1734) - fix(reflect): hide disabled tools from agent system prompt (vectorize-io#1740) - fix(retain): split oversized single items in batch retain (vectorize-io#1736) - fix: escape literal braces in user-supplied prompt fields (vectorize-io#1728) - fix(mental-models): full refresh pending delta baselines (vectorize-io#1684) - fix(api): lazy load reflect tiktoken encoding (vectorize-io#1654) - fix(api): reject blank retain content (vectorize-io#1685) - fix(api): auto-refresh openai-codex OAuth access_token (vectorize-io#1637) - fix(api): gzip middleware for graph payloads (vectorize-io#1731) - fix(reranker): detect pre-normalized scores; rank-based fallback (vectorize-io#1512) Conflicts: only package-lock.json files (took upstream, npm install verified) Fork customizations verified intact (all 14 checks): - duplicate_checker_fn streaming Phase 1.5 in orchestrator - FallbackLLMProvider + CircuitBreaker (fallback_llm.py) - Single-fact consolidation mode (is_fallback_active routing) - recallExp + Jaccard dedup + compact memory formatter (plugin) - Codex 5.1-codex-mini reasoning guard - Infinity reranker /models fallback in cross_encoder.py - diversity.py + deduplication.py fork-only modules retained Tests: - openclaw vitest: 267/267 pass - ruff: clean - tsc --noEmit: clean - pytest: pre-existing env-config flakes (need HINDSIGHT_API_LLM_API_KEY); upstream commit 90cb145 acknowledged as pre-existing CI flakes Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extends the fix from #1676 to all prompt builders where user-supplied text flows through
str.format():reflect/prompts.py—build_final_system_prompt()injects bankmissioninto_FINAL_SYSTEM_PROMPT_BASEvia.format(role_section=...). A mission containing{"role": "admin"}would crash withKeyError.retain/fact_extraction.py—_build_extraction_prompt_and_schema()formats templates withretain_missionandretain_custom_instructions, both user-configurable per bank.consolidation/prompts.py— same fix as fix(consolidation): escape literal braces in caller-supplied mission text #1676 (observations_mission,capacity_note), now using the shared helper.Extracts a shared
escape_for_prompt()helper inengine/prompt_utils.py(idempotent: doubles lone{/}while leaving already-escaped{{/}}untouched).Test plan
tests/test_prompt_brace_escape.pycovering the shared helper and all three modulesruff checkclean