fix(python): add org_id to prompt cache key for cross-org isolation#1268
Open
colinbennettbrain wants to merge 1 commit intomainfrom
Open
fix(python): add org_id to prompt cache key for cross-org isolation#1268colinbennettbrain wants to merge 1 commit intomainfrom
colinbennettbrain wants to merge 1 commit intomainfrom
Conversation
The prompt cache was using a key format of `{project_name}:{slug}:{version}`
which did not include the organization ID. This caused a cross-org cache
collision bug where two organizations with the same project name and prompt
slug could retrieve each other's cached prompts.
This was reported by HubSpot (Pylon case #10589) where a UI-based Python
scorer returned a "legal-related prompt" instead of their SDC coverage
prompt because the disk cache returned a prompt from a different org.
Changes:
- Add `org_id` parameter to `_create_cache_key()` function
- Update cache key format to `{org_id}:{prefix}:{slug}:{version}` when
org_id is available
- Add `org_id` parameter to `PromptCache.get()` and `PromptCache.set()`
- Pass `_state.org_id` from `load_prompt()` to cache operations
- Add tests for cross-org cache isolation
The fix is backward compatible - existing cached prompts without org_id
in the key will simply miss and trigger a fresh API fetch.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Contributor
Author
|
Hey Olmo, this came up because a customer realized the wrong prompt was getting sent to OpenAI. I am attempting to fix the issue with this. I also have a repro script if that's helpful. |
clutchski
reviewed
Jan 15, 2026
|
|
||
|
|
||
| def _create_cache_key( | ||
| org_id: str | None, |
Collaborator
There was a problem hiding this comment.
if org_id is required to prevent cross org issues, it should be required (e.g. not none)
clutchski
reviewed
Jan 15, 2026
| """Creates a unique cache key from project identifier, slug and version, or from ID.""" | ||
| """Creates a unique cache key from org ID, project identifier, slug and version, or from prompt ID. | ||
|
|
||
| The org_id is included to ensure cache isolation between organizations. Without it, |
Collaborator
There was a problem hiding this comment.
i think the org_id can always be in the cache key
ibolmo
reviewed
Jan 28, 2026
| try: | ||
| if id: | ||
| return _state._prompt_cache.get(id=id) | ||
| return _state._prompt_cache.get(id=id, org_id=_state.org_id) |
Collaborator
There was a problem hiding this comment.
you can revert this line since id will always win maybe even combine the next statement for the same reason into one
ibolmo
reviewed
Jan 28, 2026
| _state._prompt_cache.set( | ||
| prompt, | ||
| id=id, | ||
| org_id=_state.org_id, |
Collaborator
There was a problem hiding this comment.
same here combine with the next statement
ibolmo
reviewed
Jan 28, 2026
| raise ValueError("Slug must be provided when not using ID") | ||
|
|
||
| # Include org_id in cache key if available to ensure cross-org isolation | ||
| if org_id: |
Collaborator
There was a problem hiding this comment.
looks like login is called L1696 before updating/setting the prompt. you should be able to assume org_id exists .. perhaps raise if not set
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
org_idto cache key format for proper organization isolationThe prompt cache was using a key format of
{project_name}:{slug}:{version}which did not include the organization ID. This caused a cross-org cache collision bug where two organizations with the same project name and prompt slug could retrieve each other's cached prompts.Test plan
test_handle_different_orgs_with_same_project_and_slug- verifies prompts from different orgs with same project/slug are isolatedtest_org_id_isolation_with_disk_cache- verifies isolation works after memory eviction (via disk cache)