Skip to content

fix: use ROOT role for extract context to bypass peer isolation in trusted auth mode#3172

Open
njuboy11 wants to merge 1 commit into
volcengine:mainfrom
njuboy11:fix/extract-peer-isolation-trusted-auth
Open

fix: use ROOT role for extract context to bypass peer isolation in trusted auth mode#3172
njuboy11 wants to merge 1 commit into
volcengine:mainfrom
njuboy11:fix/extract-peer-isolation-trusted-auth

Conversation

@njuboy11

Copy link
Copy Markdown
Contributor

Problem

When OV runs with auth_mode=trusted, the REST API handler creates RequestContext with role=Role.USER. This USER context is passed through to _run_memory_extraction() as self.ctx, then forwarded to extract_long_term_memories() and extract_execution_memories().

The extract VLM tools use this context. When they try to read/search peers/<peer_id>/memories/ paths, is_hidden_by_actor_peer_view() (namespace.py:207) blocks access — because the peer URIs belong to a different actor_peer_id.

Result: Every memory extraction silently produces add=0 / update=0 / delete=0 in memory_diff.json.

Fix

Create a ROOT-privileged extract_ctx in _run_memory_extraction():

extract_ctx = RequestContext(
    user=self.ctx.user,
    role=Role.ROOT,
    actor_peer_id=self.ctx.actor_peer_id,
)

Replace ctx=self.ctx with ctx=extract_ctx in both extract calls.

Extract is the session's own internal background operation — it needs full access to read/write the owner's peer memories, not the restricted USER scope.

Verification

  • Before fix: 12 consecutive archives had 0/0/0 memory_diff with ~50 Access denied errors per commit
  • After fix: first commit produced 0 add / 1 update / 0 delete, zero Access denied errors in server.log

Changes

  • session.py: 14 lines added, 2 lines changed
  • Minimal scope: only affects the extract context used by background Phase 2, does not change any other self.ctx usage

Fixes #3171

…usted auth mode

In _run_memory_extraction(), the session's self.ctx has Role.USER
when running in trusted auth mode. This triggers is_hidden_by_actor_peer_view()
checks that block VLM tool calls on peers/<id>/memories/ paths, causing all
memory extraction to silently fail with 0/0/0 memory_diff.

Create extract_ctx with Role.ROOT for the internal extract operations,
which need full access to read/write the owner's peer memories.

Fixes volcengine#3171
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Backlog

Development

Successfully merging this pull request may close these issues.

[v0.4.8] bug: Extract VLM tools blocked by Role.USER peer isolation in trusted auth mode

1 participant