Skip to content

fix(session): route Title/token/cost writes through locked setters #3591

Description

@aheritier

Summary

Session scalar fields are written cross-goroutine bypassing Session.mu, while sibling accessors guard the exact same fields.

Locations

  • pkg/server/session_manager.go:964 rt.session.Title = title (HTTP goroutine) vs pkg/runtime/runtime.go:1399 and session_manager.go:998 (generateTitle goroutine) — no locked SetTitle exists.
  • pkg/session/store.go:438-441 UpdateSessionTokens writes InputTokens/OutputTokens/Cost directly, while SetUsage/Usage (session.go:595-610) guard those with s.mu; store.go:453 same for Title.

Fix

Add locked SetTitle / SetTokensAndCost methods on Session; route all writers through them.

Acceptance

  • All Title/token/cost writes go through locked setters; -race clean; regression coverage.

Metadata

Metadata

Assignees

Labels

area/runtimeRuntime engine, agent loop execution, tool dispatch, loop detectionarea/securityAuthentication, authorization, secrets, vulnerabilitiesarea/sessionsFor features/issues/fixes related to session lifecycle (resume, persistence, export)kind/fixPR fixes a bug (maps to fix:). Use on PRs only.

Type

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions