aminghadersohi commented on PR #40349: URL: https://github.com/apache/superset/pull/40349#issuecomment-4566112329
Applied cross-PR feedback from Richard's thorough review on #40344 and #40348 — same patterns addressed here where applicable. Three issues from Richard's reviews applied to the tag tools (commit b8d8a87e90): **1. DEFAULT_INSTRUCTIONS missing tag tools** (mirrors #40344 action-log note) `list_tags` and `get_tag_info` were absent from the curated tool guide in `DEFAULT_INSTRUCTIONS`. Added a "Tag Management" section so agents see these tools in the primary prompt surface. **2. LLM data boundary: user-controlled fields not sanitized** (mirrors #40344 action-log schemas note) `serialize_tag_object` returned `name` and `description` raw — user-controlled tag text could masquerade as instructions in LLM context. Added `_sanitize_tag_info_for_llm_context()` following the same pattern as `sanitize_chart_info_for_llm_context`, `_sanitize_dashboard_info_for_llm_context`, and `_sanitize_dataset_info_for_llm_context`. Updated tests to check `in` containment (values are now wrapped in `<UNTRUSTED-CONTENT>` delimiters) and added `test_get_tag_info_sanitizes_user_controlled_fields` to assert the boundary is enforced. **3. `columns_available` omitted derived timestamp fields** (mirrors #40348 report columns_available mismatch note) `ALL_TAG_COLUMNS` advertised `changed_on` and `created_on` but not `changed_on_humanized` / `created_on_humanized`, even though `TagInfo` exposes both. Clients following `columns_available` couldn't discover or request the humanized fields. `ModelListCore` already maps `*_humanized → *_on` for DB loading, so adding them here is sufficient. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
