fix: Memory update system has cache corruption, data loss, and thread-safety bugs (#2251)

* fix(memory): cache corruption, thread-safety, and caller mutation bugs Bug 1 (updater.py): deep-copy current_memory before passing to _apply_updates() so a subsequent save() failure cannot leave a partially-mutated object in the storage cache. Bug 3 (storage.py): add _cache_lock (threading.Lock) to FileMemoryStorage and acquire it around every read/write of _memory_cache, fixing concurrent-access races between the background timer thread and HTTP reload calls. Bug 4 (storage.py): replace in-place mutation memory_data["lastUpdated"] = ... with a shallow copy memory_data = {**memory_data, "lastUpdated": ...} so save() no longer silently modifies the caller's dict. Regression tests added for all three bugs in test_memory_storage.py and test_memory_updater.py. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * style: format test_memory_updater.py with ruff Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * style: remove stale bug-number labels from code comments and docstrings Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 07:56:48 +00:00 · 2026-04-17 12:00:31 +08:00
parent 259a6844bf
commit 898f4e8ac2
4 changed files with 159 additions and 9 deletions
@@ -881,3 +881,53 @@ class TestReinforcementHint:
        prompt = model.ainvoke.await_args.args[0]
        assert "Explicit correction signals were detected" in prompt
        assert "Positive reinforcement signals were detected" in prompt
+
+
+class TestFinalizeCacheIsolation:
+    """_finalize_update must not mutate the cached memory object."""
+
+    def test_deepcopy_prevents_cache_corruption_on_save_failure(self):
+        """If save() fails, the in-memory snapshot used by _finalize_update
+        must remain independent of any object the storage layer may still hold in
+        its cache.  The deepcopy in _finalize_update achieves this — the object
+        passed to _apply_updates is always a fresh copy, never the cache reference.
+        """
+        updater = MemoryUpdater()
+        original_memory = _make_memory(facts=[{"id": "fact_orig", "content": "original", "category": "context", "confidence": 0.9, "createdAt": "2024-01-01T00:00:00Z", "source": "t1"}])
+
+        import json as _json
+
+        new_fact_json = _json.dumps(
+            {
+                "user": {},
+                "history": {},
+                "newFacts": [{"content": "new fact", "category": "context", "confidence": 0.9}],
+                "factsToRemove": [],
+            }
+        )
+        mock_response = MagicMock()
+        mock_response.content = new_fact_json
+        mock_model = AsyncMock()
+        mock_model.ainvoke = AsyncMock(return_value=mock_response)
+
+        saved_objects: list[dict] = []
+        save_mock = MagicMock(side_effect=lambda m, a=None: saved_objects.append(m) or False)  # always fails
+
+        with (
+            patch.object(updater, "_get_model", return_value=mock_model),
+            patch("deerflow.agents.memory.updater.get_memory_config", return_value=_memory_config(enabled=True, fact_confidence_threshold=0.7)),
+            patch("deerflow.agents.memory.updater.get_memory_data", return_value=original_memory),
+            patch("deerflow.agents.memory.updater.get_memory_storage", return_value=MagicMock(save=save_mock)),
+        ):
+            msg = MagicMock()
+            msg.type = "human"
+            msg.content = "hello"
+            ai_msg = MagicMock()
+            ai_msg.type = "ai"
+            ai_msg.content = "world"
+            ai_msg.tool_calls = []
+            updater.update_memory([msg, ai_msg], thread_id="t1")
+
+        # original_memory must not have been mutated — deepcopy isolates the mutation
+        assert len(original_memory["facts"]) == 1, "original_memory must not be mutated by _apply_updates"
+        assert original_memory["facts"][0]["content"] == "original"