Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(rust-sandbox): generate IDs from rand::random, not nanos+ThreadId+FNV#2172

Merged
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/rust-sandbox-generate-id-rand
May 12, 2026
Merged

fix(rust-sandbox): generate IDs from rand::random, not nanos+ThreadId+FNV#2172
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/rust-sandbox-generate-id-rand

Conversation

@finnoybu

Copy link
Copy Markdown
Contributor

Summary

agent-governance-rust/agentmesh/src/sandbox.rsgenerate_id() derived its 16-hex-char session/execution ID by FNV-1a–mixing SystemTime::now().as_nanos() with the debug-formatted std::thread::ThreadId. Two calls landing in the same nanosecond on the same thread (tight create_session() loops, or create_session() + execute_code() back-to-back in one function) produce identical inputs to a deterministic mix, so they produce identical IDs.

Change

  • Replace the FNV body with format!("{:016x}", rand::random::<u64>()) — the same shape already used elsewhere in this crate (governance_support::violation_id, control_support::incident_id, identity_support::credential_id, trust_support::grant_id).
  • rand is already a [dependencies] entry; no Cargo.toml change.
  • These IDs are not security-sensitive (they namespace Docker container names and reference in-process session state), so a non-CSPRNG thread RNG is sufficient — the collision probability over 10 000 draws is ~2.7e-12.
  • Add two regression tests in sandbox_test.rs:
    • generate_id_no_collisions_under_burst — 10 000 sequential calls, all unique.
    • generate_id_no_collisions_across_threads — 8 threads x 2 000 calls, union all unique.

Tests

  • cargo test -p agentmesh --lib sandbox — 14 passed, 0 failed (including the two new tests and the existing generate_id_uniqueness smoke test).

Test plan

  • New burst test would fail if generate_id were reverted to the FNV-1a-on-nanos approach (tight loop hits same nanosecond)
  • Cross-thread test would fail under the previous implementation when two threads scheduled into the same nanosecond
  • No callers depend on monotonicity of the previous time-based ID

Surfaced during independent audit conducted by @finnoybu (Ken Tannenbaum, AEGIS Initiative); [LOW, Rust].

…not nanos+ThreadId+FNV

`generate_id()` in `agent-governance-rust/agentmesh/src/sandbox.rs` derived
its 16-hex-char ID by FNV-1a–mixing `SystemTime::now().as_nanos()` with the
debug-formatted `std::thread::ThreadId`. Two calls landing in the same
nanosecond on the same thread (e.g. tight `create_session()` loops, or
`create_session()` immediately followed by `execute_code()` inside the same
function) would produce identical IDs because both inputs to the mix were
identical and FNV-1a is deterministic.

For an internal namespacing helper, a non-CSPRNG `rand::random::<u64>()`
(OS-seeded thread RNG, used in the same shape elsewhere in this crate —
e.g. `governance_support::violation_id`, `control_support::incident_id`,
`identity_support::credential_id`) is the right primitive: collision
probability over 10k draws is ~2.7e-12 and it doesn't require a clock
read at all.

Replace the FNV body with `format!("{:016x}", rand::random::<u64>())` and
add two regression tests in `sandbox_test.rs`:
- `generate_id_no_collisions_under_burst` — 10 000 sequential calls.
- `generate_id_no_collisions_across_threads` — 8 threads × 2 000 calls.

The existing `generate_id_uniqueness` smoke test still passes.
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: test-generator — `agent-governance-rust/agentmesh/src/sandbox.rs`

agent-governance-rust/agentmesh/src/sandbox.rs

  • generate_id_no_collisions_under_burst -- tests that 10,000 sequential calls to generate_id() produce all unique IDs.
  • generate_id_no_collisions_across_threads -- verifies that IDs generated across multiple threads remain unique.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: code-reviewer — View details

TL;DR: 1 blocker, 0 warnings. The ID generation method may lead to collisions under specific conditions.

# Sev Issue Where
1 CRITICAL Potential ID collision in generate_id() when used in high-frequency scenarios agent-governance-rust/agentmesh/src/sandbox.rs

Action items: Refactor generate_id() to ensure uniqueness under all concurrent execution scenarios, possibly by using a more robust random number generation method or adding additional entropy sources.

Warnings: No warnings found. Fine as follow-up PRs.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: breaking-change-detector — API Compatibility

API Compatibility

Severity Change Impact
Breaking Changed ID generation from a deterministic FNV-1a hash based on SystemTime and ThreadId to a random value using rand::random::<u64>() Previous IDs may not be reproducible, affecting any system relying on the specific ID generation logic for uniqueness or traceability.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: security-scanner — View details

No security issues found.

@github-actions github-actions Bot added the size/M Medium PR (< 200 lines) label May 12, 2026
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

  • generate_id() in agent-governance-rust/agentmesh/src/sandbox.rs -- missing docstring
  • CHANGELOG.md -- missing entry for behavioral change in ID generation method

@github-actions

Copy link
Copy Markdown

🟡 Contributor Check: MEDIUM

Check Result
Profile MEDIUM
Credential NONE
Overall MEDIUM

Automated check by AGT Contributor Check.

@github-actions github-actions Bot added the needs-review:MEDIUM Contributor check flagged MEDIUM risk label May 12, 2026
@github-actions

Copy link
Copy Markdown

PR Review Summary

Check Status Details
🔍 Code Review ❌ Failed Issues detected
🛡️ Security Scan ✅ Passed No issues found
🔄 Breaking Changes ✅ Completed Analysis complete
📝 Docs Sync ✅ Completed Analysis complete
🧪 Test Coverage ✅ Completed Analysis complete

Verdict: ❌ Changes needed

@imran-siddique imran-siddique merged commit dd08946 into microsoft:main May 12, 2026
13 of 14 checks passed
MohammadHaroonAbuomar pushed a commit to MohammadHaroonAbuomar/agt-acs that referenced this pull request Jun 1, 2026
…not nanos+ThreadId+FNV (microsoft#2172)

`generate_id()` in `agent-governance-rust/agentmesh/src/sandbox.rs` derived
its 16-hex-char ID by FNV-1a–mixing `SystemTime::now().as_nanos()` with the
debug-formatted `std::thread::ThreadId`. Two calls landing in the same
nanosecond on the same thread (e.g. tight `create_session()` loops, or
`create_session()` immediately followed by `execute_code()` inside the same
function) would produce identical IDs because both inputs to the mix were
identical and FNV-1a is deterministic.

For an internal namespacing helper, a non-CSPRNG `rand::random::<u64>()`
(OS-seeded thread RNG, used in the same shape elsewhere in this crate —
e.g. `governance_support::violation_id`, `control_support::incident_id`,
`identity_support::credential_id`) is the right primitive: collision
probability over 10k draws is ~2.7e-12 and it doesn't require a clock
read at all.

Replace the FNV body with `format!("{:016x}", rand::random::<u64>())` and
add two regression tests in `sandbox_test.rs`:
- `generate_id_no_collisions_under_burst` — 10 000 sequential calls.
- `generate_id_no_collisions_across_threads` — 8 threads × 2 000 calls.

The existing `generate_id_uniqueness` smoke test still passes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-review:MEDIUM Contributor check flagged MEDIUM risk size/M Medium PR (< 200 lines)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants