fix: four bugs in cli.py - streaming crash, plaintext private key, dead code, tool_choice default#272
Open
verseon0980 wants to merge 1 commit intoOpenGradient:mainfrom
Conversation
Signed-off-by: verseon0980 <klokrc74@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bugs Fixed
This PR fixes four separate bugs all found in src/opengradient/cli.py.
Bug 1 - CLI streaming completely broken: RuntimeError when using --stream flag
The chat command called asyncio.run() twice in sequence for the streaming path.
The first call created the async generator inside event loop 1 and then closed
that loop. The second call inside print_streaming_chat_result() created a new
event loop 2 and tried to iterate the generator from the already closed loop 1.
This caused: RuntimeError: Task attached to a different loop
Every single user who runs opengradient chat --stream gets this crash.
Streaming via the CLI was completely non-functional.
Fix: Introduced a new async function _stream_chat_and_print() that creates
the generator and consumes it inside a single asyncio.run() call so the
generator and its consumer always share the same event loop.
Bug 2 - Private key stored in world-readable file: wallet can be stolen
The config file at ~/.opengradient_config.json was written with default OS
permissions which are typically 0644 on Linux and macOS. This means any other
user on the same machine, any background process, any malicious package, or
any shared server environment can read the file and steal the private key.
The config show command correctly masks the private key on screen, but the
file itself was completely unprotected.
Fix: Added os.chmod(OG_CONFIG_FILE, 0o600) immediately after writing the
config file. This restricts access to the file owner only. Added import os
at the top of the file.
Bug 3 - Dead unreachable code referencing undefined variable image_data
The generate_image command had several lines of code after a
raise NotImplementedError statement. These lines could never execute.
Worse, one of the unreachable lines referenced image_data which is never
defined anywhere in the function. If someone removed the raise to start
implementing the feature, they would immediately get:
NameError: name image_data is not defined
Fix: Removed the dead unreachable code after the raise and wrapped the
command in a proper try/except that catches NotImplementedError and prints
a clean error message.
Bug 4 - tool_choice CLI option defaulted to empty string instead of None
The --tool-choice option had default="" instead of default=None. When a
user does not pass --tool-choice, the value arrives as an empty string
and gets forwarded to llm.chat(tool_choice=""). An empty string behaves
differently from None throughout the codebase and causes inconsistent
behavior between CLI usage and direct Python API usage.
Fix: Changed default="" to default=None on the --tool-choice click option.
Files Changed