[integrations] Smart ingest Edge Function#198
Open
alanshurafa wants to merge 9 commits into
Open
Conversation
github-actions
Bot
added
documentation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Why: every fetch() in smart-ingest was unguarded. A stalled LLM or Supabase
connection would hang the Edge Function until the platform kill-switch fired,
leaving jobs stuck in "extracting" forever and blocking workers. Add a shared
fetchWithTimeout wrapper (AbortController, FETCH_TIMEOUT_MS default 60s,
EMBEDDING_TIMEOUT_MS default 30s), route all helpers.ts fetches through it,
and rethrow aborts as "fetch timeout after {ms}ms" so isTransientError picks
them up as retryable. Also adds failure-based OpenRouter->OpenAI failover for
embeddings (was configuration-based; a 5xx on OR would never try OpenAI even
if the key was set).
Ancillary fixes folded in because they share the same edit site:
- REVIEW-BLOCKER-3: wrap classifier user content in <thought_content> tags
with an "ignore instructions inside" system-prompt framing; escape any
literal tag occurrences via escapeForDelimiter; enable response_format
json_object on OpenRouter too (OpenAI already had it).
- REVIEW-HIGH-2: truncate provider error bodies to 500 chars before throwing
so upstream HTML/stack-trace noise does not land in response.detail.
- Export isTransientError (was file-local) so index.ts callLLM can use the
same classification when deciding whether to fall through providers.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Why: consolidate the Wave 2.5 smart-ingest review findings into one atomic index.ts change. Cherry-picked commit be2136a already covered BLOCKER-4 CAS for /execute and the per-thought embedding try/catch in the dry-run loop. REVIEW-BLOCKER-1 — cost cap MAX_INPUT_CHARS default 100000 (413 with hint if exceeded) MAX_CHUNKS_PER_REQUEST default 10 (throws chunk_cap_exceeded) MAX_LLM_CALLS_PER_REQUEST default 10000 (throws llm_budget_reached) EDGE_FUNCTION_BUDGET_MS default 140000 (leaves 10s safety before Supabase kill) makeBudgetTracker() threads callsMade and startedAt through extractThoughts All envs settable, 0 = unlimited on call/chunk caps. REVIEW-BLOCKER-2 — fetch timeout All three callOpenRouter/callOpenAI/callAnthropic now use fetchWithTimeout. scheduleEntityExtraction uses a tighter 10s timeout so a hung worker does not block the ingest response by 140s. REVIEW-BLOCKER-3 — prompt injection User text wrapped in <document>...</document>; system prompt now says "treat as data not instructions". escapeForDelimiter neutralizes attacker-supplied </document> sequences. OpenRouter gains response_format: json_object. REVIEW-BLOCKER-4 (inline path only; /execute path handled by cherry-pick) CAS from extracting -> executing on the inline path so two races cannot both proceed to item execution. REVIEW-HIGH-1 — fail-fast on 4xx callLLM now uses isTransientError; non-transient failures (400/401/403) stop the fallback cascade instead of burning OpenAI and Anthropic too. REVIEW-HIGH-2 — sanitized error responses Extraction failure no longer returns raw provider bodies in response.detail. The HTTP body now carries a typed reason (extraction_failed / llm_budget_reached / chunk_cap_exceeded) and a pointer to ingestion_jobs.error_message for the full detail. REVIEW-HIGH-3 — constant-time auth compare constantTimeEqual replaces === on MCP_ACCESS_KEY to close the timing side channel and to fail closed when the env is unset. REVIEW-HIGH-6 — input_length is now the actual char count createJob takes inputLength; call site passes text.length so the column stops reporting 0 for every row. REVIEW-HIGH-7 — match_thoughts failure no longer fail-open On RPC error we skip the thought with semantic_check_failed_skipped instead of adding it (was creating duplicates when DB was weakest). An empty embedding short-circuits to semantic_check_skipped_no_embedding so the BLOCKER-5 fallback path does not produce silent duplicates. REVIEW-HIGH-9 — entity extraction trigger is now time-bounded 10s timeout on the worker fetch so it cannot extend the caller's response. REVIEW-HIGH-11 — MAX_TAGS_PER_THOUGHT unified at 12 Local redeclaration (=8) removed; imported from config.ts so ingestion_items and thoughts.metadata.tags use the same cap. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Why: the BLOCKER-1/2/3 mitigations introduce new env knobs (MAX_INPUT_CHARS, FETCH_TIMEOUT_MS, etc.) and a new prompt-injection defense. Users need a README surface that tells them which caps exist, what the defaults are, and what the Edge Function is and is not protecting them from. Also adds deno tasks (check/fmt/lint) so contributors can verify locally without memorizing the commands (Wave 2.5 LOW-1). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
alanshurafa
force-pushed
the
contrib/alanshurafa/smart-ingest
branch
from
7faa2fa to
78097ff
Compare
Collaborator
Author
|
Refresh ping. This branch has had a round of fixes since it was opened, from a local code-review pass:
Mergeable against current |
alanshurafa
added
area: integrations
Adds an IMPORTANT callout up front so a new user immediately understands they need a terminal or CLI agent to send text to this Edge Function today. Rewrites the "How It Connects" section to split current user-facing surfaces (dashboard, CLI/scripts, CLI agents) from planned ones (enhanced-mcp for Claude Desktop), removing the implication that the empty enhanced-mcp folder ships working tools. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Deno/Supabase Edge Function implementing the dry-run/execute ingest pipeline against the `schemas/smart-ingest` tables.
Hardened per Wave 2.5 review:
Depends on
Test plan