fix(coder): harden edit-apply pipeline against block duplication

Root cause: two proven corruption mechanisms — (M1) non-idempotent apply stamped the same block N times when a quantized model re-emitted the same edit_file call or a turn was retried; (M2) Levenshtein tier 4 was fail-open with no uniqueness guard, silently splicing into the wrong location. Fixes applied at every layer of the pipeline: Matcher (fuzzy-match.ts): raise SIMILARITY_THRESHOLD 0.66 → 0.85; add AMBIGUITY_EPSILON uniqueness guard — two windows within 0.05 of the top score → ambiguous, not a guess; add block-anchor gate (≥3-line needles require first+last line exact match before a window is scored). Edit planner (pending_changes.ts): extract planEdit() as a pure function; idempotency guards detect already-applied states (anchored insert re-stamp, old-gone-but-new-present); findPendingDuplicate() collapses identical pending rows at queue time so M1 never reaches applyOne. Atomic writes (pending_changes.ts): temp-file + rename on the same filesystem so a crash can't leave a half-written source file; realpath() first so symlinks survive the rename. Per-file mutex (pending_changes.ts): withFileLock() serializes concurrent read-modify-write on the same path via a chained-Promise Map. EOL preservation (pending_changes.ts): normalize CRLF → LF for matching, restore native line ending on write so Windows-style files stay clean. Context isolation (inference_context.ts): replace module-level singleton with AsyncLocalStorage so concurrent inference runs (arena parallel dispatch, dispatcher poll racing a user message) each get their own scoped context with no clobbering. Tests: plan-edit.test.ts (pure planEdit unit tests), extended fuzzy-match and pending_changes_integration suites, ALS isolation test that proves overlapping runs get correct session IDs.
2026-06-07 01:44:37 +00:00
parent 4502bcd7a8
commit f0becef24e
16 changed files with 644 additions and 157 deletions
--- a/apps/coder/src/routes/messages.ts
+++ b/apps/coder/src/routes/messages.ts
@@ -4,7 +4,7 @@ import type { Sql } from '../db.js';
 import type { Broker } from '@boocode/server/broker';
 import type { WsFrame } from '@boocode/contracts/ws-frames';
 import { resolveChatId } from './chat-resolve.js';
-import { applyAll } from '../services/pending_changes.js';
+import { asPermissionMode } from '../services/tools/types.js';

 const AnswerUserInputBody = z.object({
  tool_call_id: z.string().min(1),
@@ -44,7 +44,13 @@ const SendBody = z.object({
 });

 interface InferenceApi {
-  enqueue: (sessionId: string, chatId: string, assistantId: string, user: string) => void;
+  enqueue: (
+    sessionId: string,
+    chatId: string,
+    assistantId: string,
+    user: string,
+    permissionMode?: 'plan' | 'ask' | 'bypass',
+  ) => void;
  cancel: (sessionId: string, chatId: string) => Promise<boolean>;
  hasActive: (chatId: string) => boolean;
 }
@@ -246,36 +252,16 @@ export function registerMessageRoutes(
        RETURNING id
      `;

-      inference.enqueue(sessionId, chatId, assistantMsg!.id, 'default');
-
-      // Bypass permission mode (native BooCode): auto-apply staged edits to disk
-      // once the turn settles. `enqueue` registers synchronously, so hasActive is
-      // true immediately; poll until it clears, apply, then re-publish
-      // message_complete so the DiffPanel reflects the now-applied (non-pending)
-      // state. Best-effort — failures stay in the pending queue for manual apply.
-      if (mode_id === 'bypass') {
-        const projectId = sessionRows[0]!.project_id;
-        const assistantId = assistantMsg!.id;
-        void (async () => {
-          try {
-            const [proj] = await sql<{ path: string }[]>`SELECT path FROM projects WHERE id = ${projectId}`;
-            if (!proj?.path) return;
-            for (let i = 0; i < 1200 && inference.hasActive(chatId); i++) {
-              await new Promise((r) => setTimeout(r, 1000));
-            }
-            const applied = await applyAll(sql, sessionId, proj.path);
-            if (applied.length > 0) {
-              broker.publishFrame(sessionId, {
-                type: 'message_complete',
-                message_id: assistantId,
-                chat_id: chatId,
-              } as unknown as WsFrame);
-            }
-          } catch {
-            /* best-effort auto-apply — leave staged changes for manual apply */
-          }
-        })();
-      }
+      // Native BooCode permission gate (plan/ask/bypass) — threaded into the
+      // write-tool context so create/edit/delete and apply_pending honor it.
+      // Plan = read-only, Ask = stage to the queue (agent can't self-apply),
+      // Bypass = apply each write immediately. Other mode ids (e.g. an external
+      // fallback's native mode) leave the gate undefined = legacy behavior.
+      req.log.info(
+        { provider, mode_id, permissionMode: asPermissionMode(mode_id), chatId },
+        'native enqueue — permission gate',
+      );
+      inference.enqueue(sessionId, chatId, assistantMsg!.id, 'default', asPermissionMode(mode_id));

      reply.code(202);
      return { user_message_id: userMsg!.id, assistant_message_id: assistantMsg!.id };