wenjin272 commented on code in PR #854:
URL: https://github.com/apache/flink-agents/pull/854#discussion_r3510955666


##########
python/flink_agents/runtime/python_java_utils.py:
##########
@@ -149,7 +151,9 @@ def get_python_tool_metadata(module: str, qual_name: str) 
-> Dict[str, str]:
     callable_ = descriptor.as_callable()
     name = callable_.__name__
     description = (parse(callable_.__doc__).description or "") if 
callable_.__doc__ else ""
-    args_schema_model = create_schema_from_function(name, callable_)
+    args_schema_model = create_schema_from_function(
+        name, callable_, injected_args=injected_args

Review Comment:
   get_python_tool_metadata builds the schema from only the Java-passed 
injected_args, never the callable's own `_injected_args`.                       
                                                                           
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                        
   The pure-Python paths (`Tool.from_callable`, 
`_eager_derive_python_metadata`) both `merge_injected_args(getattr(callable_, 
"_injected_args", None), ...)`, so a Python tool authored with 
`@tool(injected_args=...)` and used in a  Java-orchestrated plan (YAML omitting 
the arg) gets its injected param neither hidden from the schema nor injected at 
call time — the model-supplied value flows into the real call, the exact 
spoofing case this feature prevents.    
                                                                                
                                                                                
                                                                            
   Suggest merging the callable's _injected_args here (as the docstring's 
"mirrors the Python-side derivation" claim implies).



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to