feat: harden knowledge pack prompt traces#181
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cd2ac3026b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "Codex (@codex) review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "Codex (@codex) address that feedback".
| for (var index = 0; index < values.length; index += 1) { | ||
| var value = values[index]; | ||
| appendKnowledgePackCandidate(candidates, trimString(value && value.id) || trimString(value), baseScore, reason); | ||
| } |
There was a problem hiding this comment.
rpcAgentDecideUnsafe accepts world_snapshot directly from the request payload, and this loop appends every entry from world.knowledge_pack_ids/context_pack_ids/knowledge_packs with no upper bound; later buildDecisionKnowledgePackSelection calls readKnowledgePack for every candidate and sorts the full list. A client can send a very large array to force unbounded storage reads and CPU work in a single decision RPC, which can degrade latency or exhaust server capacity. Add a strict per-request cap (and ideally reject/trim over-limit payloads) before candidates are appended/read.
Useful? React with 👍 / 👎.
1 participant
Summary
Closes #136.
Local verification
Local code review
APPROVED. Nakama still owns LLM context selection and PromptTrace persistence. Unity only reads redacted metadata for debug display. No provider keys, raw prompts, or authoritative game-state mutations were added.
Unity note
Unity C# compile smoke will be run from the root project after merge because the active Editor is opened on the root worktree, not this feature worktree.