Describe the bug
write_autoswarm_file() interpolates swarm_architecture.max_loops directly into generated Python source instead of validating or literal-formatting it first.
That means a non-integer string value is emitted as executable Python code inside the generated module.
To Reproduce
- Call
write_autoswarm_file() with a config whose swarm_architecture.max_loops is a string expression instead of an integer.
- Write the generated file.
- Import or execute the generated module.
Minimal example:
config = {
"agents": [{"agent_name": "Agent A", "system_prompt": "x"}],
"swarm_architecture": {
"name": "Research Pipeline",
"swarm_type": "SequentialWorkflow",
"max_loops": "(__import__('builtins').globals().__setitem__('INJECTED_FLAG', True) or 1)",
},
}At HEAD, the generated file contains:
max_loops=(__import__('builtins').globals().__setitem__('INJECTED_FLAG', True) or 1),Locally I verified that the side effect runs when the generated module is imported.
Expected behavior
max_loops should be validated/coerced to an integer-compatible value before code generation, or rejected with a ValueError.
Additional context
Describe the bug
write_autoswarm_file()interpolatesswarm_architecture.max_loopsdirectly into generated Python source instead of validating or literal-formatting it first.That means a non-integer string value is emitted as executable Python code inside the generated module.
To Reproduce
write_autoswarm_file()with a config whoseswarm_architecture.max_loopsis a string expression instead of an integer.Minimal example:
At HEAD, the generated file contains:
Locally I verified that the side effect runs when the generated module is imported.
Expected behavior
max_loopsshould be validated/coerced to an integer-compatible value before code generation, or rejected with aValueError.Additional context
master(cc1667a1).swarms/agents/auto_generate_swarm_config.py:346-349