Skip to content

security(neural-mesh): fix QueryDecomposer prompt injection + error handling (#2169)#2528

Merged
mrveiss merged 2 commits intoDev_new_guifrom
fix/issue-2169
Mar 27, 2026
Merged

security(neural-mesh): fix QueryDecomposer prompt injection + error handling (#2169)#2528
mrveiss merged 2 commits intoDev_new_guifrom
fix/issue-2169

Conversation

@mrveiss
Copy link
Owner

@mrveiss mrveiss commented Mar 27, 2026

Summary

  • Prompt injection mitigation: Added _sanitize_query() (500-char limit, control char stripping) and _build_decomposition_prompt() with structured delimiters separating system instructions from user input
  • LLM error handling: Wrapped await self.llm(prompt) in try/except with single-step fallback plan on failure
  • Per-step retrieval error handling: Wrapped mesh_retriever.retrieve() in try/except per step — failures log and continue with empty evidence

Closes #2169

Test plan

  • Verify query decomposition works with normal queries
  • Test with oversized query (>500 chars) — should be truncated
  • Test with control characters in query — should be stripped
  • Verify LLM failure returns single-step fallback
  • Verify individual step failure doesn't kill the chain

@github-actions
Copy link

github-actions bot commented Mar 27, 2026
edited
Loading

✅ SSOT Configuration Compliance: Passing

🎉 No hardcoded values detected that have SSOT config equivalents!

@mrveiss mrveiss merged commit fe2ecf2 into Dev_new_gui Mar 27, 2026
3 of 5 checks passed
@github-actions github-actions bot mentioned this pull request Mar 27, 2026
Closed
@mrveiss mrveiss deleted the fix/issue-2169 branch March 27, 2026 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrveiss