Spaces:

xleaps
/

sgo

Running

Eric Xu commited on 25 days ago

Commit

a08e54e

unverified ·

1 Parent(s): 33a4f71

Move counterfactual params from GET query to POST+ticket to avoid log leakage

Files changed (2) hide show

web/app.py CHANGED Viewed

@@ -565,19 +565,45 @@ async def evaluate_stream(sid: str, parallel: int = 5, bias_calibration: bool =
     return EventSourceResponse(event_generator())
 @app.get("/api/counterfactual/stream/{sid}")
-async def counterfactual_stream(
-    sid: str, changes_json: str, goal: str = "",
-    min_score: int = 4, max_score: int = 7, parallel: int = 5
-):
-    """Run counterfactual probes with SSE progress. Goal enables VJP weighting."""
     if sid not in sessions:
         raise HTTPException(404, "Session not found")
     session = sessions[sid]
     if not session["eval_results"]:
         raise HTTPException(400, "Run evaluation first")
-    all_changes = json.loads(changes_json)
     async def event_generator():
         client = get_client()

     return EventSourceResponse(event_generator())
+class CounterfactualRequest(BaseModel):
+    changes: list[dict]
+    goal: str = ""
+    min_score: int = 4
+    max_score: int = 7
+    parallel: int = 5
+# Store pending counterfactual configs for SSE pickup
+_cf_pending: dict = {}
+@app.post("/api/counterfactual/prepare/{sid}")
+async def prepare_counterfactual(sid: str, req: CounterfactualRequest):
+    """Stage counterfactual config, return a ticket for the SSE stream."""
+    if sid not in sessions:
+        raise HTTPException(404, "Session not found")
+    ticket = uuid.uuid4().hex[:8]
+    _cf_pending[ticket] = req
+    return {"ticket": ticket}
 @app.get("/api/counterfactual/stream/{sid}")
+async def counterfactual_stream(sid: str, ticket: str, **_):
+    """Run counterfactual probes with SSE progress."""
     if sid not in sessions:
         raise HTTPException(404, "Session not found")
     session = sessions[sid]
     if not session["eval_results"]:
         raise HTTPException(400, "Run evaluation first")
+    req = _cf_pending.pop(ticket, None)
+    if not req:
+        raise HTTPException(400, "Invalid or expired ticket")
+    all_changes = req.changes
+    goal = req.goal
+    min_score = req.min_score
+    max_score = req.max_score
+    parallel = req.parallel
     async def event_generator():
         client = get_client()

web/static/index.html CHANGED Viewed

@@ -905,16 +905,22 @@ async function runDirections() {
     // Phase 3: Run counterfactual probes
     document.getElementById('cfProgressText').textContent = 'Testing changes against persuadable middle...';
-    const params = new URLSearchParams({
-      changes_json: JSON.stringify(suggestedChanges),
-      goal: goal,
-      min_score: 4,
-      max_score: 7,
-      parallel: 5,
     });
     await new Promise((resolve, reject) => {
-      const es = new EventSource(`/api/counterfactual/stream/${sessionId}?${params}`);
       es.addEventListener('start', (e) => {
         const d = JSON.parse(e.data);

     // Phase 3: Run counterfactual probes
     document.getElementById('cfProgressText').textContent = 'Testing changes against persuadable middle...';
+    // POST config first, get a ticket, then SSE with just the ticket
+    const prepResp = await fetch(`/api/counterfactual/prepare/${sessionId}`, {
+      method: 'POST',
+      headers: {'Content-Type': 'application/json'},
+      body: JSON.stringify({
+        changes: suggestedChanges,
+        goal: goal,
+        min_score: 4,
+        max_score: 7,
+        parallel: 5,
+      }),
     });
+    const {ticket} = await prepResp.json();
     await new Promise((resolve, reject) => {
+      const es = new EventSource(`/api/counterfactual/stream/${sessionId}?ticket=${ticket}`);
       es.addEventListener('start', (e) => {
         const d = JSON.parse(e.data);