[P0] Stream events carry no session_id → cross-conversation token bleed #32

New issue

Open

opened 2026-05-23 21:52:20 +00:00 by thabeta · 0 comments

thabeta commented 2026-05-23 21:52:20 +00:00

Owner

Copy link

Problem
The engine emits llm:delta (and other stream events) without a session_id/job_id in the payload, so the SSE bus forwards them to every subscriber. The web UI therefore routes tokens by a single global heuristic (currentStreamingId / jobStreamJobId). With two conversations/jobs active, one job's tokens can land in another conversation's message.

Evidence

• crates/hero_shrimp_runtime/src/llm/completion/mod.rs — emit_scoped("llm:delta", {stream_id, kind, text, model, alias, phase}) — no session_id.
• crates/hero_shrimp_web/ui/src/store.ts — SSE handler routes by global currentStreamingId / jobStreamJobId; comments already call this a "best-effort bandaid".

Proposed fix (root)
Stamp every stream event with session_id (+ artifact_job_id for jobs) at emit time, and have the UI subscribe/route per conversation. This is the single change that removes most of the streaming whack-a-mole.

Related: #29, #31.

---

Filed from a comparative audit of Hero Shrimp vs Qwen-Code / kimi-cli / picoclaw (2026-05-23). Severity in title: P0=correctness/trust, P1=reliability/UX, P2=cleanup.

**Problem** The engine emits `llm:delta` (and other stream events) **without a `session_id`/`job_id` in the payload**, so the SSE bus forwards them to every subscriber. The web UI therefore routes tokens by a single global heuristic (`currentStreamingId` / `jobStreamJobId`). With two conversations/jobs active, one job's tokens can land in another conversation's message. **Evidence** - `crates/hero_shrimp_runtime/src/llm/completion/mod.rs` — `emit_scoped("llm:delta", {stream_id, kind, text, model, alias, phase})` — no session_id. - `crates/hero_shrimp_web/ui/src/store.ts` — SSE handler routes by global `currentStreamingId` / `jobStreamJobId`; comments already call this a "best-effort bandaid". **Proposed fix (root)** Stamp every stream event with `session_id` (+ `artifact_job_id` for jobs) at emit time, and have the UI subscribe/route **per conversation**. This is the single change that removes most of the streaming whack-a-mole. Related: #29, #31. --- _Filed from a comparative audit of Hero Shrimp vs Qwen-Code / kimi-cli / picoclaw (2026-05-23). Severity in title: P0=correctness/trust, P1=reliability/UX, P2=cleanup._

thabeta added the

type_bug

prio_critical

labels 2026-05-23 21:52:20 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

integration

int_fix_veridict

development_structured_incomplete_field

development

development_freeze

port-from-xmoncode-shrimp

main

development_kristof

development_comply

latest

v2.0.0

v1.0.0

v1.0.0-rc2

Labels

Clear labels   

prio_critical

  

prio_low

  

type_bug

  

type_contact

  

type_issue

  

type_lead

  

type_question

  

type_story

  

type_task

No labels

prio_critical

prio_low

type_bug

type_contact

type_issue

type_lead

type_question

type_story

type_task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_shrimp#32

No description provided.