marfrit/aish
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

review followups: pcall shield, :resume guard, shell quoting, nits

Browse Source 
CONCERNs from the Phase 1 review pass:

ffi/curl.lua:
  - SSE write_cb body is now pcall-wrapped. A Lua error in on_event (or
    in the parse loop itself) is captured into cb_error and surfaced
    after curl_easy_perform rather than propagating across the FFI
    callback boundary (which LuaJIT documents as process-fatal). The
    EOS flush path gets the same shield. Errors return
    (nil, "callback: <msg>") from post_sse.

history.lua:
  - sh_singlequote() escapes shell metacharacters; the mkdir -p and
    ls -1 shell-outs no longer double-quote (where $(...) and $VAR
    still expand) — single-quote with embedded-' escaping is the
    safe form.
  - M.load now returns (turns, meta) instead of (meta, turns). turns
    is ALWAYS a table on success, never nil-when-no-header; failure
    path is the unambiguous (nil, err). Callers can `if not turns
    then` without the previous ambiguity. repl.lua :resume updated
    to the new shape.

repl.lua :resume:
  - Refuse to resume into a non-empty ctx — silent overwrite was the
    Q15 default, but the review surfaced the no-undo / no-warning
    failure mode. User must :reset (or :save then re-launch) to
    express intent. The current session's on-disk log is unaffected
    either way.

NITs:
  - ffi/libc.lua READ_BUF: comment noting it's module-shared and
    Phase 1 has no reentrant readers; revisit when that changes.
  - PHASE1.md §7: \C-x\C-c reservation pinned to Phase 3 ("deferred
    from Phase 1 — no consumer here") rather than the previous
    dangling "(or here)".

Regression suite verifies:
  - history.load new signature on success + failure paths
  - shell-quoted history.dir with $ doesn't trip
  - aish scripted run: ctx with 2 turns refuses :resume anchor with
    a clear status; user must :reset first

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Markus Fritsche
2026-05-10 20:05:23 +00:00
parent 1f1065157e
commit 7d62eb5659
5 changed files with 73 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ffi/curl.lua
+40 -34
View File
@@ -133,38 +133,40 @@ function M.post_sse(url, body, headers, on_event, timeout_ms)
-- SSE parse state: buffer holds incomplete tail between callback deliveries.
local buffer = ""
local cb_error = nil
local write_cb = ffi.cast(
"size_t(*)(char*, size_t, size_t, void*)",
function(ptr, size, nmemb, _)
local n = tonumber(size) * tonumber(nmemb)
buffer = buffer .. ffi.string(ptr, n)
-- pcall-wrap so a Lua error in on_event (or in the parse loop)
-- doesn't propagate across the FFI callback boundary — LuaJIT
-- documents that as process-fatal. Surface via cb_error and let
-- curl keep draining (return n) so we can report after perform.
local ok, err = pcall(function()
buffer = buffer .. ffi.string(ptr, n)
while true do
local b = buffer:find("\n\n", 1, true)
if not b then break end
local event = buffer:sub(1, b - 1)
buffer = buffer:sub(b + 2)
-- Drain complete events (terminated by \n\n).
while true do
local b = buffer:find("\n\n", 1, true)
if not b then break end
local event = buffer:sub(1, b - 1)
buffer = buffer:sub(b + 2)
-- A single event can have multiple field lines; we only need
-- `data: ...` (joining multi-line data per the SSE spec).
local data_parts = {}
for line in (event .. "\n"):gmatch("([^\n]*)\n") do
if line:sub(1, 1) == ":" then
-- SSE keepalive comment; ignore.
elseif line:sub(1, 6) == "data: " then
data_parts[#data_parts + 1] = line:sub(7)
elseif line:sub(1, 5) == "data:" then
-- spec allows `data:` with no space
data_parts[#data_parts + 1] = line:sub(6)
local data_parts = {}
for line in (event .. "\n"):gmatch("([^\n]*)\n") do
if line:sub(1, 1) == ":" then
-- SSE keepalive comment; ignore.
elseif line:sub(1, 6) == "data: " then
data_parts[#data_parts + 1] = line:sub(7)
elseif line:sub(1, 5) == "data:" then
data_parts[#data_parts + 1] = line:sub(6)
end
end
if #data_parts > 0 then
on_event(table.concat(data_parts, "\n"))
end
end
if #data_parts > 0 then
on_event(table.concat(data_parts, "\n"))
end
end
end)
if not ok and not cb_error then cb_error = err end
return n
end)
@@ -192,24 +194,28 @@ function M.post_sse(url, body, headers, on_event, timeout_ms)
-- End-of-stream flush: the final event may lack a trailing \n\n if the
-- server closed the connection right after writing the last data: line
-- (some llama.cpp builds, and any plain HTTP/1.0 close-on-EOF feed).
-- Parse any remaining buffer content as one last event.
-- Parse any remaining buffer content as one last event. Same pcall shield.
if rc == 0 and #buffer > 0 then
local data_parts = {}
for line in (buffer .. "\n"):gmatch("([^\n]*)\n") do
if line:sub(1, 6) == "data: " then
data_parts[#data_parts + 1] = line:sub(7)
elseif line:sub(1, 5) == "data:" then
data_parts[#data_parts + 1] = line:sub(6)
local ok, perr = pcall(function()
local data_parts = {}
for line in (buffer .. "\n"):gmatch("([^\n]*)\n") do
if line:sub(1, 6) == "data: " then
data_parts[#data_parts + 1] = line:sub(7)
elseif line:sub(1, 5) == "data:" then
data_parts[#data_parts + 1] = line:sub(6)
end
end
end
if #data_parts > 0 then on_event(table.concat(data_parts, "\n")) end
if #data_parts > 0 then on_event(table.concat(data_parts, "\n")) end
end)
if not ok and not cb_error then cb_error = perr end
end
C.curl_easy_cleanup(handle)
if slist ~= nil then C.curl_slist_free_all(slist) end
write_cb:free()
if rc == 0 then return true end
if cb_error then return nil, "callback: " .. tostring(cb_error) end
if rc == 0 then return true end
return nil, err
end