[nu-demo] hero_router clobbers client X-Hero-Context header with state.context

mik-tf commented

2026-04-23 23:13:45 +00:00

Owner

Symptom

Every non-root-context query returned root's data. Contexts dropdown in the UI showed "4x Root" instead of Default/Geomind/Incubaid/ThreeFold, and per-context business/identity/etc data leaked across contexts.

Root cause

hero_router/crates/hero_router/src/server/routes.rs lines 553, 1145, 1215, 1266, 1335 unconditionally inject ("X-Hero-Context", state.context.to_string()) into the upstream request headers. This overwrites any client-supplied X-Hero-Context, so the value always falls back to the router's own context (0 = root).

Demo workaround (applied 2026-04-23)

Patched all 5 sites in hero_router/crates/hero_router/src/server/routes.rs to preserve the client's header, using .or_else(|| state.context.to_string()) so state.context is only used when the client did not provide one. Rebuilt and restarted hero_router.

Proper fix

Make client-header-wins the default upstream. The client's X-Hero-Context must always take precedence; state.context is only the fallback when absent. Add a test that sends X-Hero-Context: 2 and asserts the upstream receives 2, not the router's state.context value.

Filed 2026-04-23 nu-shell demo bring-up. Signed-off-by: mik-tf

## Symptom Every non-root-context query returned root's data. Contexts dropdown in the UI showed "4x Root" instead of Default/Geomind/Incubaid/ThreeFold, and per-context business/identity/etc data leaked across contexts. ## Root cause `hero_router/crates/hero_router/src/server/routes.rs` lines 553, 1145, 1215, 1266, 1335 unconditionally inject `("X-Hero-Context", state.context.to_string())` into the upstream request headers. This overwrites any client-supplied `X-Hero-Context`, so the value always falls back to the router's own context (0 = root). ## Demo workaround (applied 2026-04-23) Patched all 5 sites in `hero_router/crates/hero_router/src/server/routes.rs` to preserve the client's header, using `.or_else(|| state.context.to_string())` so state.context is only used when the client did not provide one. Rebuilt and restarted hero_router. ## Proper fix Make client-header-wins the default upstream. The client's `X-Hero-Context` must always take precedence; `state.context` is only the fallback when absent. Add a test that sends `X-Hero-Context: 2` and asserts the upstream receives `2`, not the router's state.context value. Filed 2026-04-23 nu-shell demo bring-up. Signed-off-by: mik-tf

mik-tf referenced this issue

2026-04-24 01:12:24 +00:00

[nu-demo] Documentation index: heronu deployment flow, AI grounding chain, per-service gaps #148

mik-tf referenced this issue

2026-04-24 02:48:10 +00:00

[nu-demo] CANONICAL — Intelligence pipeline documented end-to-end: hero_agent ↔ aibroker ↔ embedder ↔ hero_books ↔ docs_hero #159

mik-tf referenced this issue

2026-04-24 03:25:50 +00:00

[nu-demo] STATE OF HERONU as of 2026-04-24 — what works, what's still broken, everything that needs upstream landing #160

mik-tf referenced this issue

2026-04-25 15:53:12 +00:00

[nu-demo] uv (Python script runner) not in hero_skills installer — python_exec tool fails silently in hero_agent #170

mik-tf referenced this issue

2026-04-25 15:53:13 +00:00

[nu-demo] hero_voice build needs cmake (whisper.cpp build step) — not in installer apt deps #172

mik-tf referenced this issue

2026-04-25 15:53:13 +00:00

[nu-demo] service_embedder.nu missing ORT_LIB_LOCATION/LD_LIBRARY_PATH/EMBEDDER_MODELS env vars — embedderd panics with 'No embedder models found' after fresh install #166

mik-tf referenced this issue from a commit

2026-04-27 05:13:01 +00:00

fix(router): respect client X-Hero-Context header on proxy paths

mik-tf referenced this issue from a commit

2026-04-27 12:53:28 +00:00

fix(router): respect client X-Hero-Context header on proxy paths

mik-tf closed this issue

2026-04-27 12:53:28 +00:00

mik-tf commented

2026-04-27 12:55:47 +00:00

Author

Owner

Fixed in hero_router commit fe1cbd6 on development.

Five sites in server/routes.rs updated — all non-admin proxy paths now respect the client's X-Hero-Context instead of clobbering it with state.context:

L584: WebSocket upgrade tunnel (websocket route)
L1175: /<service>/rpc
L1297: /<service>/rest and /<service>/api
L1367: default /<service>/<webname> (web/ui fallback)

The /admin branch (L1245) intentionally keeps passing state.context.to_string() directly — that path is already gated to state.context == 0 and must NEVER honor a client-supplied context that could escape the gate.

Helper added — resolve_hero_context(headers, default_context) returns the client's X-Hero-Context when present and non-empty (trims surrounding whitespace), falls back to default_context otherwise.

Tests added (5 cases at the bottom of routes.rs):

resolve_uses_client_header_when_present — the home#125 regression
resolve_falls_back_when_header_missing
resolve_falls_back_when_header_empty (covers "" and " ")
resolve_trims_whitespace
resolve_passes_through_non_numeric_strings

Verification: cargo fmt --check, cargo check, cargo clippy --all-targets -- -D warnings clean. All 5 new tests pass + 74 pre-existing.

Composes with the home#129 chain — together with home#129(a) (hero_rpc OServer::register registry-persist) and home#129(b) (hero_skills service_osis env passthrough), this completes the full context-routing flow that home#151 was a symptom of.

Meta-tracker: home#193.

Signed-off-by: mik-tf

Fixed in hero_router commit `fe1cbd6` on `development`. **Five sites in `server/routes.rs` updated** — all non-admin proxy paths now respect the client's `X-Hero-Context` instead of clobbering it with `state.context`: - L584: WebSocket upgrade tunnel (websocket route) - L1175: `/<service>/rpc` - L1297: `/<service>/rest` and `/<service>/api` - L1367: default `/<service>/<webname>` (web/ui fallback) The `/admin` branch (L1245) intentionally keeps passing `state.context.to_string()` directly — that path is already gated to `state.context == 0` and must NEVER honor a client-supplied context that could escape the gate. **Helper added** — `resolve_hero_context(headers, default_context)` returns the client's `X-Hero-Context` when present and non-empty (trims surrounding whitespace), falls back to `default_context` otherwise. **Tests added** (5 cases at the bottom of routes.rs): - `resolve_uses_client_header_when_present` — the home#125 regression - `resolve_falls_back_when_header_missing` - `resolve_falls_back_when_header_empty` (covers `""` and `" "`) - `resolve_trims_whitespace` - `resolve_passes_through_non_numeric_strings` **Verification:** `cargo fmt --check`, `cargo check`, `cargo clippy --all-targets -- -D warnings` clean. All 5 new tests pass + 74 pre-existing. **Composes with the home#129 chain** — together with home#129(a) (hero_rpc OServer::register registry-persist) and home#129(b) (hero_skills service_osis env passthrough), this completes the full context-routing flow that home#151 was a symptom of. Meta-tracker: home#193. Signed-off-by: mik-tf

mik-tf referenced this issue from lhumina_code/hero_demo

2026-04-28 12:20:36 +00:00

[nu-demo] Documentation index: heronu deployment flow, AI grounding chain, per-service gaps #23

mik-tf referenced this issue from lhumina_code/hero_demo

2026-04-28 12:20:51 +00:00

[nu-demo] CANONICAL — Intelligence pipeline documented end-to-end: hero_agent ↔ aibroker ↔ embedder ↔ hero_books ↔ docs_hero #27

mik-tf referenced this issue from lhumina_code/hero_demo

2026-04-28 12:20:57 +00:00

[nu-demo] STATE OF HERONU as of 2026-04-24 — what works, what's still broken, everything that needs upstream landing #28