feat(hooks): silently abort on HookAbortError in run_agent + 3rd-party runner

yzhouwang · claude · yzhouwang · commit 8fc4e5ea2144 · 2026-05-04T11:13:22.000+08:00
Patch AstrBotDevs#2 added fail_closed=True semantics to the 6 LLM filter decorators and a HookAbortError catch in agent_sub_stages/internal.py. But two other sites still let the abort fall through their broad `except Exception`: - astr_agent_run_util.py:303 — the local agent runner's main loop. The broad catch built `Error occurred during AI execution. Error Type: HookAbortError. Error Message: ...` and called on_agent_done with that string as the LLMResponse, which (a) leaked the hook name + plugin path + reason to the user, and (b) re-fired the on_llm_response hook chain — the same chain that had just aborted — causing a cascade. - third_party.py:82 — same pattern in the third-party agent runner. Yields the error string to the user via the response chain. Fix: add a dedicated `except HookAbortError` ahead of the broad catch in both sites. On abort: - log the hook / plugin / handler / reason at error level (operator- facing only — never user-facing) - do NOT call on_agent_done (avoid the cascade) - send the persona's custom_error_message as a polite refusal if set; otherwise stay silent - in run_agent: stop the event so the respond stage doesn't wrap and forward an empty result This is the third in the SuperX governance hook safety suite (Patches AstrBotDevs#1=signature, AstrBotDevs#2=fail_closed, AstrBotDevs#3=silent-abort). Existing test_hook_fail_closed.py still passes (9/9). Worth adding a test for the run_agent path in a follow-up — the current suite covers context_utils.call_event_hook directly but not the runner's outer catch. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/astrbot/core/astr_agent_run_util.py b/astrbot/core/astr_agent_run_util.py
@@ -8,6 +8,7 @@
 from astrbot.core.agent.message import Message
 from astrbot.core.agent.runners.tool_loop_agent_runner import ToolLoopAgentRunner
 from astrbot.core.astr_agent_context import AstrAgentContext
+from astrbot.core.exceptions import HookAbortError
 from astrbot.core.message.components import BaseMessageComponent, Json, Plain
 from astrbot.core.message.message_event_result import (
     MessageChain,
@@ -300,6 +301,36 @@ async def run_agent(
 
                 break
 
+        except HookAbortError as e:
+            # A fail_closed governance hook aborted the agent. We must NOT
+            # echo the error to the user (it leaks internal hook names /
+            # plugin paths / failure reasons), and we MUST NOT re-fire
+            # on_agent_done with a synthesised error response — that would
+            # cascade through the same hook chain that just aborted.
+            #
+            # Send the persona's custom_error_message (if any) as a polite
+            # refusal placeholder; otherwise stay silent.
+            if "stop_watcher" in locals() and not stop_watcher.done():
+                stop_watcher.cancel()
+                try:
+                    await stop_watcher
+                except asyncio.CancelledError:
+                    pass
+            logger.error(
+                "AI execution aborted by fail_closed hook %s -> %s.%s: %s",
+                e.hook_name,
+                e.plugin_name,
+                e.handler_name,
+                e.reason,
+            )
+            placeholder = extract_persona_custom_error_message_from_event(astr_event)
+            if placeholder:
+                if agent_runner.streaming:
+                    yield MessageChain().message(placeholder)
+                else:
+                    astr_event.set_result(MessageEventResult().message(placeholder))
+            astr_event.stop_event()
+            return
         except Exception as e:
             if "stop_watcher" in locals() and not stop_watcher.done():
                 stop_watcher.cancel()
diff --git a/astrbot/core/pipeline/process_stage/method/agent_sub_stages/third_party.py b/astrbot/core/pipeline/process_stage/method/agent_sub_stages/third_party.py
@@ -4,6 +4,7 @@
 from typing import TYPE_CHECKING
 
 from astrbot.core import astrbot_config, logger
+from astrbot.core.exceptions import HookAbortError
 from astrbot.core.agent.runners.coze.coze_agent_runner import CozeAgentRunner
 from astrbot.core.agent.runners.dashscope.dashscope_agent_runner import (
     DashscopeAgentRunner,
@@ -79,6 +80,19 @@ async def run_third_party_agent(
                     yield resp.data["chain"], False
             elif resp.type == "err":
                 yield resp.data["chain"], True
+    except HookAbortError as e:
+        # fail_closed hook aborted — silent refusal (or persona placeholder
+        # via custom_error_message). Don't leak hook names / reasons.
+        logger.error(
+            "Third-party agent aborted by fail_closed hook %s -> %s.%s: %s",
+            e.hook_name,
+            e.plugin_name,
+            e.handler_name,
+            e.reason,
+        )
+        if custom_error_message:
+            yield MessageChain().message(custom_error_message), True
+        return
     except Exception as e:
         logger.error(f"Third party agent runner error: {e}")
         err_msg = custom_error_message
