llm-multiverse/llm-multiverse
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
987ecbb2c38f0f8913a1aa5ff643c7d47a6a08fc
llm-multiverse/implementation-plans/issue-118.md
Pi Agent 1179a77467 fix: resolve tech debt from issue #30 review 
- Add defense-in-depth validation for memory IDs before SQL interpolation
  in stage2, stage3, and stage4 IN clauses (validate alphanumeric/hyphen/underscore only)
- Make scoring weights (name, description, corpus) configurable via RetrievalConfig
  instead of compile-time constants, with defaults 0.3/0.3/0.4

Closes #118

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 07:46:19 +01:00

2.3 KiB
Raw Blame History

Issue #118: Tech debt: minor findings from issue #30 review

Summary

Address two tech debt items from the staged retrieval pipeline review:

  1. Validate memory IDs before SQL interpolation - Add defense-in-depth validation that memory IDs contain only safe characters (alphanumeric, hyphens) before string-interpolating them into SQL IN clauses in stage2, stage3, and stage4.

  2. Make scoring weights configurable - Move the compile-time constants NAME_WEIGHT, DESCRIPTION_WEIGHT, and CORPUS_WEIGHT from stage3.rs into RetrievalConfig, making them tunable without recompilation.

Item 1: Validate memory IDs before SQL interpolation

Approach

Since the IDs originate from database query results (not user input) and are UUID-like strings, full parameterization via temp tables adds complexity without proportionate security benefit. Instead, add a validation function that asserts all IDs contain only safe characters ([a-zA-Z0-9-]) before interpolation, returning an error if any ID fails validation.

Files changed

  • services/memory/src/retrieval/mod.rs - Add validate_memory_ids() helper function
  • services/memory/src/retrieval/stage2.rs - Call validation before building IN clause
  • services/memory/src/retrieval/stage3.rs - Call validation before building IN clause
  • services/memory/src/retrieval/stage4.rs - Call validation before building IN clause

Item 2: Make scoring weights configurable

Approach

Add three new fields to RetrievalConfig: name_weight, description_weight, corpus_weight with serde defaults matching the current constants (0.3, 0.3, 0.4). Thread these through RetrievalParams and into stage3::load_and_rerank().

Files changed

  • services/memory/src/config.rs - Add weight fields to RetrievalConfig
  • services/memory/src/retrieval/mod.rs - Add weight fields to RetrievalParams, update from_config()
  • services/memory/src/retrieval/stage3.rs - Accept weights as parameters instead of using constants
  • services/memory/src/retrieval/pipeline.rs - Pass weights from params to stage3

Testing

  • Add unit tests for validate_memory_ids() with valid and invalid inputs
  • Add unit tests for configurable weights (custom values, TOML deserialization)
  • Update existing stage3 tests to pass weight parameters
Reference in New Issue View Git Blame Copy Permalink