fix: prevent cross-project knowledge entries from leaking into AGENTS.md#36
Merged
fix: prevent cross-project knowledge entries from leaking into AGENTS.md#36
Conversation
Cross-project entries from unrelated projects were appearing in a project's AGENTS.md. Three interrelated causes fixed: 1. Curator saw all cross-project entries and created project-scoped duplicates. Fix: curator and consolidation now use forProject(path, false) to only see project-specific entries. 2. ltm.create() defaulted crossProject to true, so entries imported from AGENTS.md leaked into other projects. Fix: default changed to false; importFromFile now explicitly sets crossProject: false. 3. Consolidation entry count included cross-project entries from all repos, triggering unnecessary consolidation. Fix: use forProject(path, false) for the count. Additional hardening: - Dedup guard in ltm.create() now also checks cross-project entries by title, preventing duplicate creation even if curator tries. - forProject(path, false) no longer includes project_id IS NULL entries (global entries don't belong to any specific project). - Config crossProject default changed from true to false. forSession() is unaffected — it has its own SQL queries with relevance gating for cross-project entries.
BYK
force-pushed
the
fix/cross-project-agents-md-leak
branch
from
ec727dd to
24a1c54
Compare
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Cross-project knowledge entries from unrelated projects were appearing in a project's AGENTS.md (reported on getsentry/devinfra-deployment-service#832). Entries like "Consola prompt cancel returns truthy Symbol", "Zod z.coerce.number() converts null to 0", and "Craft v2 GitHub App must be installed per-repo" appeared in devinfra-deployment-service's AGENTS.md — none of which are relevant to that repo.
Root Causes
Three interrelated issues:
Curator creates project-scoped duplicates: The curator saw all cross-project entries via
ltm.forProject(path, cfg.crossProject=true), then the LLM created near-duplicates scoped to the current project. The title dedup guard only checked sameproject_id, missing cross-project originals.importFromFile defaults crossProject to true: Entries imported from AGENTS.md got
crossProject: true(theltm.create()default), leaking them into other projects' system prompts.Consolidation count inflated:
ltm.forProject(projectPath)included cross-project entries from all repos, triggering unnecessary consolidation.Fix
Source changes (5 files)
src/curator.ts: Curator and consolidation now useforProject(path, false)— only see project-specific entriessrc/ltm.ts:crossProjectchanged fromtruetofalseincreate()forProject(path, false)no longer includesproject_id IS NULLentriessrc/index.ts: Consolidation count usesforProject(path, false)src/config.ts:crossProjectconfig default changed tofalsesrc/agents-file.ts: Both import paths explicitly setcrossProject: falseBackward compatibility
forSession()is unaffected — it has its own SQL queries with relevance gating for cross-project entries, so they still appear in system prompts when relevantforSession()Tests
7 new tests added covering:
create()defaultscrossProjecttofalseimportFromFilecreates entries withcross_project = 0exportToFileoutputforProject(path, false)countAll 194 tests pass (187 existing + 7 new).