ref #10: [fix] enforce UUID chat ids

Normalize chat ids to a single UUID form so locks, repository keys, and mount paths cannot diverge through path-like aliases.
2026-04-02 22:35:50 +03:00 · 2026-04-02 22:35:50 +03:00 · e629e34c4d
commit e629e34c4d
parent 44f1549d80
7 changed files with 192 additions and 80 deletions
--- a/adapter/docker/runtime.py
+++ b/adapter/docker/runtime.py
@ -1,5 +1,6 @@
 from datetime import datetime
 from pathlib import Path
+from uuid import UUID

 from docker import DockerClient
 from docker.errors import DockerException, NotFound
@ -28,8 +29,11 @@ class DockerSandboxRuntime(SandboxRuntime):
        created_at: datetime,
        expires_at: datetime,
    ) -> SandboxSession:
+        normalized_chat_id = chat_id
+
        try:
-            chat_path = self._chat_path(chat_id)
+            normalized_chat_id = _canonical_chat_id(chat_id)
+            chat_path = self._chat_path(normalized_chat_id)
            dependencies_path = self._readonly_host_path(
                self._config.dependencies_host_path
            )
@ -40,19 +44,19 @@ class DockerSandboxRuntime(SandboxRuntime):
            container = self._client.containers.run(
                self._config.image,
                detach=True,
-                labels=self._labels(session_id, chat_id, expires_at),
+                labels=self._labels(session_id, normalized_chat_id, expires_at),
                mounts=self._mounts(chat_path, dependencies_path, lambda_tools_path),
            )
        except (DockerException, OSError, ValueError) as exc:
-            raise SandboxStartError(chat_id) from exc
+            raise SandboxStartError(normalized_chat_id) from exc

        container_id = str(getattr(container, 'id', '')).strip()
        if not container_id:
-            raise SandboxStartError(chat_id)
+            raise SandboxStartError(normalized_chat_id)

        return SandboxSession(
            session_id=session_id,
-            chat_id=chat_id,
+            chat_id=normalized_chat_id,
            container_id=container_id,
            status=SandboxStatus.RUNNING,
            created_at=created_at,
@ -124,3 +128,7 @@ class DockerSandboxRuntime(SandboxRuntime):

    def _host_path(self, path_value: str) -> Path:
        return Path(path_value).expanduser().resolve(strict=False)
+
+
+def _canonical_chat_id(chat_id: str) -> str:
+    return str(UUID(str(chat_id).strip()))
--- a/adapter/http/fastapi/schemas.py
+++ b/adapter/http/fastapi/schemas.py
@ -1,6 +1,7 @@
 from datetime import datetime
+from uuid import UUID

-from pydantic import BaseModel, ConfigDict, Field
+from pydantic import BaseModel, ConfigDict, Field, field_validator


 class HealthResponse(BaseModel):
@ -14,6 +15,11 @@ class CreateSandboxRequest(BaseModel):

    chat_id: str = Field(min_length=1)

+    @field_validator('chat_id')
+    @classmethod
+    def validate_chat_id(cls, value: str) -> str:
+        return str(UUID(value))
+

 class SandboxSessionResponse(BaseModel):
    session_id: str