fix(core): Fix a cache collision bug in the edit corrector

[gvking]

TLDR

Fixed a cache collision bug in the edit corrector that could cause incorrect text replacements. Changed cache key generation from using --- separators to JSON.stringify() to prevent collisions when code content contains the --- sequence or any other special characters.

Dive Deeper

The ensureCorrectEdit function uses a cache to avoid redundant LLM calls for edit corrections. The cache key was generated by concatenating currentContent, old_string, and new_string with --- as a separator:

const cacheKey = `${currentContent}---${originalParams.old_string}---${originalParams.new_string}`;

This approach had a collision vulnerability when the file content or edit parameters contained the --- sequence, which is common in:

• YAML frontmatter (---)
• Markdown document separators
• Code comments (// --- Section ---)
• Configuration files

Example collision scenario:

• Content: "config = { theme: '---'", old: "default", new: "dark' }"
• Content: "config = { theme: '---'---default", old: "dark' }", new: ""
• Both produce the same cache key, causing incorrect cache hits

The fix uses JSON.stringify() to serialize the cache key components into an array, which is completely collision-proof and handles any possible content safely:

const cacheKey = JSON.stringify([currentContent, originalParams.old_string, originalParams.new_string]);

This approach guarantees unique cache keys regardless of what characters appear in the content, including edge cases where LLMs might generate unusual characters.

Reviewer Test Plan

To validate this fix:

1. Test edit operations with --- in content:

   • Create files containing --- (YAML, Markdown, comments)
   • Perform multiple edits and verify cache behavior is correct
   • Ensure no incorrect cached results are returned

2. Verify cache functionality still works:

   • Perform the same edit operation twice
   • Confirm second operation uses cached result (faster execution)
   • Check cache hit/miss behavior with debug logging

3. Test edge cases:

   • Files with various special characters (quotes, backslashes, unicode)
   • Large file content (cache key generation performance)
   • Multiple rapid edit operations
   • Content with JSON-like structures that might interfere with serialization

Testing Matrix

	🍏	🪟	🐧
npm run	✅	❓	❓
npx	❓	❓	❓
Docker	❓	❓	❓
Podman	❓	-	-
Seatbelt	❓	-	-

Linked issues / bugs

[gemini-code-assist]

Summary of Changes

Hello @gvking, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a significant cache collision vulnerability within the ensureCorrectEdit function's caching logic. The previous method of constructing cache keys using string concatenation with --- separators was prone to errors when content contained this sequence. The updated approach leverages JSON.stringify() to serialize the key components, which are then hashed using SHA256, guaranteeing unique and collision-proof cache keys. This enhancement improves the reliability and correctness of text editing operations by preventing incorrect cache hits.

Highlights

• Fixes Cache Collision Bug: Addresses a critical cache collision vulnerability in the edit corrector's caching mechanism that could lead to incorrect text replacements.
• Improved Cache Key Generation: The method for generating cache keys has been updated from simple string concatenation using '---' separators to a more robust approach utilizing JSON.stringify() combined with SHA256 hashing.
• Enhanced Robustness and Reliability: This change ensures that cache keys are unique and collision-proof, even when file content or edit parameters contain special characters or the '---' sequence, thereby preventing erroneous cache hits.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively resolves a cache collision bug in the edit corrector by adopting a more robust cache key generation strategy. The use of JSON.stringify followed by hashing is a solid approach. My review includes one suggestion to further improve the memory efficiency of the hashing mechanism, particularly for large file contents, to prevent potential performance issues or out-of-memory errors.