RSPEED-2885: sanitize model and MCP output in all response paths#1563
Open
Lifto wants to merge 3 commits intolightspeed-core:mainfrom
Open
RSPEED-2885: sanitize model and MCP output in all response paths#1563Lifto wants to merge 3 commits intolightspeed-core:mainfrom
Lifto wants to merge 3 commits intolightspeed-core:mainfrom
Conversation
Red tests for _sanitize_response_dict to cover: - mcp_list_tools/mcp_call items not filtered from output array - model field not stripping provider prefix (google-vertex/...) These tests document the expected behavior before the fix. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Move output array filtering into _sanitize_response_dict() so both streaming and non-streaming paths strip server-deployed MCP items (mcp_list_tools, mcp_call, mcp_approval_request). Strip provider routing prefix from model field (e.g. google-vertex/.../gemini-2.5-flash becomes gemini-2.5-flash). Removes redundant ad-hoc output filtering from the streaming generator that was missing from the non-streaming path, causing the leak QE found. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Contributor
WalkthroughResponse sanitization now removes server-deployed MCP output items of specific types and strips provider routing prefixes from Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~22 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
radofuchs
requested changes
Apr 21, 2026
Contributor
radofuchs
left a comment
There was a problem hiding this comment.
LGTM, just one update in tests needed
E2E feature files now use {MODEL_SHORT} placeholder for response body
assertions since the model field is stripped of provider prefix.
Request bodies still send {PROVIDER}/{MODEL} unchanged.
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
asimurka
requested changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
RSPEED-2885: sanitize model and MCP output in all response paths
QE found that the non-streaming
/v1/responsespath still leaks server internals:model: exposes full provider routing path (google-vertex/publishers/google/models/gemini-2.5-flash)output: includesmcp_list_toolsitems with full server-side tool definitionsRoot cause:
_sanitize_response_dict()only handledinstructionsandtools. The streaming path had ad-hocoutputfiltering at a separate call site that the non-streaming path lacked. Neither path sanitizedmodel.Fix:
outputarray filtering into_sanitize_response_dict()— both paths now stripmcp_list_tools,mcp_call,mcp_approval_requestitems from server-deployed MCP serversmodelsanitization — strips provider prefix, keeps model name (e.g.gemini-2.5-flash)Tested:
_sanitize_response_dictincluding new coverage for output and model)model,instructions, andoutputall sanitized correctlySummary by CodeRabbit
Bug Fixes
Tests