fix(compiler): harden config-driven entity types (crash-proof + complete the override)

Review of the config-entity-types feature surfaced two real issues:
- A config 'entity_types' value containing '{' or '}' was substituted into the
  prompt template BEFORE .format() ran → KeyError/ValueError crashing every
  compile. Swap to format-then-replace at all 3 call sites (types_str is now an
  inert literal), and sanitize resolved types to a safe label charset (also
  skips YAML nulls/ints so str(None) can't become the type 'none').
- The AGENTS_MD system schema hardcoded 'type: is one of: <7 defaults>',
  contradicting a custom entity_types in the higher-weight system message.
  Reword it to frame those as the configurable default and defer the
  authoritative set to the compilation prompt (which is config-driven).
Also drop the now-dead _ENTITY_TYPES_STR + its stale import-time-substitution
comment. +2 regression tests (sanitization; brace-in-type doesn't crash).

Author: KylinMountain

openkb/agent/compiler.py

@@ -68,14 +68,13 @@
 """
 
 
-# Canonical entity-type enum — the single source of truth shared by the
-# plan prompt, the entity-page prompts, and create/update validation. The
-# prompt templates carry an ``__ENTITY_TYPES__`` token that is substituted
-# with this list once at import time (see below), so adding a type here
-# updates every place at once.
+# Default entity-type enum. The EFFECTIVE set is resolved per-KB from config
+# (see ``_resolve_entity_types``) and substituted into the plan + entity-page
+# prompts at call time inside ``_compile_concepts`` via the ``__ENTITY_TYPES__``
+# token. ``_ENTITY_TYPES`` is the default validation set used when no
+# config-driven set is threaded through.
 _ENTITY_TYPE_LIST = ("person", "organization", "place", "product", "work", "event", "other")
 _ENTITY_TYPES = frozenset(_ENTITY_TYPE_LIST)
-_ENTITY_TYPES_STR = ", ".join(_ENTITY_TYPE_LIST)
 
 
 def _resolve_entity_types(config: dict) -> list[str]:
@@ -101,7 +100,11 @@ def _resolve_entity_types(config: dict) -> list[str]:
         return list(_ENTITY_TYPE_LIST)
     cleaned: list[str] = []
     for x in raw:
-        s = str(x).strip().lower()
+        if not isinstance(x, str):
+            continue  # skip YAML nulls/numbers (str(None) would become "none")
+        # Restrict to a safe label charset so a stray '{'/'}' or punctuation
+        # can't leak into a prompt template or a frontmatter value.
+        s = re.sub(r"[^a-z0-9 _-]+", "", x.strip().lower()).strip()
         if s and s not in cleaned:
             cleaned.append(s)
     if not cleaned:
@@ -1416,12 +1419,10 @@ async def _compile_concepts(
         system_msg,
         doc_msg,
         summary_msg,
-        {"role": "user", "content": _CONCEPTS_PLAN_USER.replace(
-            "__ENTITY_TYPES__", types_str,
-        ).format(
+        {"role": "user", "content": _CONCEPTS_PLAN_USER.format(
             concept_briefs=concept_briefs,
             entity_briefs=entity_briefs,
-        )},
+        ).replace("__ENTITY_TYPES__", types_str)},
     ], "concepts-plan", max_tokens=2048, response_format=_JSON_RESPONSE_FORMAT)
 
     def _write_v1_summary_stripped() -> None:
@@ -1669,11 +1670,9 @@ async def _gen_entity_create(ent: dict) -> tuple[str, str, str, str]:
                 doc_msg,             # cached (BP1)
                 summary_msg,         # cached (BP2)
                 known_targets_msg,   # cached (BP3) — whitelist
-                {"role": "user", "content": _ENTITY_PAGE_USER.replace(
-                    "__ENTITY_TYPES__", types_str,
-                ).format(
+                {"role": "user", "content": _ENTITY_PAGE_USER.format(
                     title=title, type=etype, doc_name=doc_name,
-                )},
+                ).replace("__ENTITY_TYPES__", types_str)},
             ], f"entity: {name}", response_format=_JSON_RESPONSE_FORMAT)
         try:
             parsed = _parse_json(raw)
@@ -1707,12 +1706,10 @@ async def _gen_entity_update(ent: dict) -> tuple[str, str, str, str]:
                 doc_msg,             # cached (BP1)
                 summary_msg,         # cached (BP2)
                 known_targets_msg,   # cached (BP3) — whitelist
-                {"role": "user", "content": _ENTITY_UPDATE_USER.replace(
-                    "__ENTITY_TYPES__", types_str,
-                ).format(
+                {"role": "user", "content": _ENTITY_UPDATE_USER.format(
                     title=title, type=etype, doc_name=doc_name,
                     existing_content=existing_content,
-                )},
+                ).replace("__ENTITY_TYPES__", types_str)},
             ], f"entity-update: {name}", response_format=_JSON_RESPONSE_FORMAT)
         try:
             parsed = _parse_json(raw)

openkb/schema.py

@@ -29,7 +29,7 @@
 ## Page Types
 - **Summary Page** (summaries/): Key content of a single source document.
 - **Concept Page** (concepts/): Cross-document topic synthesis with [[wikilinks]].
-- **Entity Page** (entities/): A specific named thing (proper noun). Frontmatter `type:` is one of: person, organization, place, product, work, event, other. An entity differs from a concept: a concept is an abstract recurring idea; an entity is a specific named thing. Create an entity page only when the entity is central to a document or recurs across sources — do not page passing mentions.
+- **Entity Page** (entities/): A specific named thing (proper noun) — e.g. a person, organization, place, product, named work, or event. Each page has a `type:` frontmatter field; the exact allowed type set is configurable (default: person, organization, place, product, work, event, other) and the authoritative set for this run is given in the compilation prompt. An entity differs from a concept: a concept is an abstract recurring idea; an entity is a specific named thing. Create an entity page only when the entity is central to a document or recurs across sources — do not page passing mentions.
 - **Exploration Page** (explorations/): Saved query results — analyses, comparisons, syntheses.
 - **Index Page** (index.md): One-liner summary of every page in the wiki. Auto-maintained.
 

tests/test_compiler.py

@@ -123,6 +123,15 @@ def test_empty_list_falls_back_to_default(self):
     def test_all_empty_strings_falls_back_to_default(self):
         assert _resolve_entity_types({"entity_types": ["", "  "]}) == list(_ENTITY_TYPE_LIST)
 
+    def test_sanitizes_punctuation_and_skips_non_strings(self):
+        # '{'/'}' and other punctuation are stripped (so they can't leak into a
+        # prompt template's .format()); non-string items (YAML null, ints) are
+        # skipped (str(None) must NOT become the type "none").
+        out = _resolve_entity_types(
+            {"entity_types": ["Per{son}", None, 123, "data set!"]}
+        )
+        assert out == ["person", "data set", "other"]
+
 
 class TestFilterEntityItemsCustomTypes:
     def test_custom_type_in_valid_types_is_kept(self):
@@ -1919,6 +1928,38 @@ async def fake_llm_async(model, messages, label, **kw):
         assert "dataset" in plan_user
         assert "__ENTITY_TYPES__" not in plan_user  # token was substituted
 
+    @pytest.mark.asyncio
+    async def test_brace_in_entity_type_does_not_crash_format(self, tmp_path, monkeypatch):
+        """Defense-in-depth: even if a '{'/'}' reaches types_str (bypassing
+        _resolve_entity_types sanitization), the prompt build must not raise —
+        the token is substituted AFTER .format(), so braces are inert."""
+        wiki = tmp_path / "wiki"
+        (wiki / "summaries").mkdir(parents=True)
+        (wiki / "summaries" / "doc.md").write_text(
+            "---\nsources: []\n---\n\n# Doc\n", encoding="utf-8")
+
+        def fake_llm(model, messages, label, **kw):
+            return json.dumps({
+                "concepts": {"create": [], "update": [], "related": []},
+                "entities": {"create": [], "update": [], "related": []},
+            })
+
+        async def fake_llm_async(model, messages, label, **kw):
+            return fake_llm(model, messages, label, **kw)
+
+        monkeypatch.setattr("openkb.agent.compiler._llm_call", fake_llm)
+        monkeypatch.setattr("openkb.agent.compiler._llm_call_async", fake_llm_async)
+
+        from openkb.agent.compiler import _compile_concepts
+        # entity_types deliberately contains brace chars to exercise the
+        # format/replace ordering — this must NOT raise KeyError/ValueError.
+        await _compile_concepts(
+            wiki, tmp_path, "m", {"role": "system", "content": "x"},
+            {"role": "user", "content": "x"}, "summary text", "doc",
+            max_concurrency=2, doc_type="short", rewrite_summary=False,
+            entity_types=["wei{rd}", "other"],
+        )  # reaching here without an exception is the assertion
+
     @pytest.mark.asyncio
     async def test_default_path_plan_prompt_has_default_types(self, tmp_path, monkeypatch):
         """When entity_types is omitted, the plan prompt still advertises the