Morph MORPH
SIGN IN SIGN UP
dhruvhead / WindsurfAPI UNCLAIMED
0 0 49 JavaScript

feat: 2.0.25 — Cascade conversation reuse 全面加固(codex 审计 7 条整改)

实施 v2.0.24 codex 深度审计的全部 fix(报告 tmp/codex-cascade-reuse-audit-2026-04-29.md):

🔴 HIGH-1 reuse key 升成 server-state semantic key
- conversation-pool.js 大改:assistant text/tool_calls/system/media digest/tool schema 全部进 key
- canonicalContentBlock 给 image_url/base64/file_id 单独算稳定 hash;无法 hash 的 disable reuse
- stableStringify 递归排序 object key,消除序列化顺序差异
- 新 KEY_VERSION=2 防 silent 跨版本碰撞
- chat.js 用 appendAssistantTurn(messages, allText, toolCalls) 拼上下文给 fpAfter

🔴 HIGH-2 expired cascade fresh fallback + 不 restore 坏 entry
- client.js: isExpiredCascade 正则联合 isPanelMissing 触发同样的 rebuild+warmup+freshStart 路径
- chunks.reuseEntryInvalidated / err.reuseEntryInvalid 信号给 handler
- handler 6 处 restore 路径全部 gate by reuseEntryDead 标志(rate_limit / preflight / all-internal /
  temp_unavail / all-rate-limited / final cleanup),stream + non-stream 同等覆盖

🔴 HIGH-3 caller isolation 扩展到 chat/responses
- caller-key.js 新增 extractBodyCallerSubKey 提取 body.user / conversation /
  previous_response_id / metadata.{conversation_id,session_id}
- callerKeyFromRequest(req, apiKey, body) 自动追加 :user:<digest>
- chat.js 新 hasPerUserScope 检查;CASCADE_REUSE_ALLOW_SHARED_API_KEY=1 才允许
  bare API key 复用(默认禁,反向旧默认)

🟡 MED-1 tool emulation reuse key 含 tool schema/tool_choice/preamble hash(HIGH-1 已含)
🟡 MED-2 cache_control TTL policy: ttlHintMs=0 显式清 inherited 1h hint,chat.js 默认显式清
🟡 MED-3 pool checkout(fp, callerKey, expected={apiKey,lsPort,lsGeneration}) 原子校验

🟢 LOW-1 dashboard restart sync clean: LS entry 加 generation UUID;stopLanguageServer +
  restartLsForProxy 同步 invalidateFor({lsPort, lsGeneration});chunks.lsGeneration
  透到 chat.js poolCheckin
🟢 LOW-2 history coverage record: cascadeChat 追踪 firstIncludedTurnIndex/droppedTurnCount,
  写进 pool entry 给将来 truncation-aware fresh fallback 用

测试: 311/311 passing (v2.0.24 295/295 → +16 新测试)
- test/conversation-pool.test.js +12 (assistant/tool_calls/system/media/schema/key-order/round-trip/expected-owner/generation-aware/TTL)
- test/client-panel-retry.test.js +1 (HIGH-2 fake LS expired-cascade)
- test/caller-key.test.js 新文件 +14

兼容性: 后端 API 不变;HIT RATE 会下降(命中率换正确性);共享 API key 默认禁
reuse — 私部恢复 CASCADE_REUSE_ALLOW_SHARED_API_KEY=1
D
dwgx committed
76ab653eb3f4c2c101cb316d223c65c3ab94238f
Parent: 1a937de