fix: persist moving summary buffer to db and limit message fetch by date

[RenzoMXD]

Root cause

The getChatMessages method fetched all messages from the db on every request with no limit. Additionally, movingSummaryBuffer was an in-memory instance variable that was lost between requests (the class is
re-instantiated per request), so the summary was never actually reused — every turn re-summarized the full history from scratch.

Fix

1. Persist the summary to db — after pruning generates a summary, it is saved as a summaryMessage row in the ChatMessage table for the session.

2. Load the persisted summary on startup — at the start of each request, the latest summaryMessage row is fetched and restored into movingSummaryBuffer.

3. Date-filter the message query — the main message query now only fetches messages created after the last summary's timestamp, so the number of messages processed stays bounded regardless of conversation length.

4. Fix double-prepend — a pre-existing issue where the summary was prepended twice when no pruning was needed is also resolved.

Result

Token usage now stays within maxTokenLimit across long conversations. The amount of text re-summarized per turn is bounded to only the messages since the last summary, not the full history.

Closes #5873

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the efficiency and performance of conversation summary buffer memory by implementing database persistence for summaries and optimizing message retrieval. Previously, summaries were re-generated from scratch for every request, leading to high token usage and slow performance in long conversations. The changes ensure that summaries are stored, loaded, and used effectively, bounding the amount of text processed per turn and maintaining token usage within limits.

Highlights

• Summary Persistence: The movingSummaryBuffer is now persisted to the database as a summaryMessage after pruning, ensuring summaries are reused across requests and not lost between instantiations.
• Optimized Message Fetching: The getChatMessages method now fetches messages created after the last summary's timestamp, significantly reducing the number of messages processed and bounding the amount of text re-summarized.
• Summary Loading: The latest persisted summary is loaded from the database at the start of each request to initialize movingSummaryBuffer, allowing for continuous conversation context.
• Double-Prepend Fix: An issue where the summary was prepended twice when no pruning was needed has been resolved, preventing redundant summary additions.

Changelog

• packages/components/nodes/memory/ConversationSummaryBufferMemory/ConversationSummaryBufferMemory.ts
  • Imported Not and MoreThan from typeorm for advanced database querying.
  • Implemented logic to fetch the latest summaryMessage from the database and populate this.movingSummaryBuffer at the start of a request.
  • Modified the chatMessage query to exclude summaryMessage types and filter messages by createdDate to only retrieve those newer than the last summary.
  • Added database operations to delete existing summaryMessage entries and save the newly generated movingSummaryBuffer as a summaryMessage after pruning.
  • Introduced a check to remove a potentially duplicate summary from baseMessages before further processing, addressing a double-prepend issue.
• packages/components/src/Interface.ts
  • Extended the MessageType type to include 'summaryMessage' to support the new summary persistence.
• packages/server/src/Interface.ts
  • Extended the MessageType type to include 'summaryMessage' to support the new summary persistence.

Activity

• No activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively addresses a key issue with conversation summary memory by persisting the summary to the database, which improves performance, reduces token consumption in long conversations, and fixes the double-prepending of summaries. However, it introduces two significant security concerns: an Insecure Direct Object Reference (IDOR) vulnerability due to unvalidated sessionId usage in database queries, which violates the authorization rule, and a persistent Indirect Prompt Injection risk where malicious instructions can be stored in the conversation summary and affect all future interactions in the session. Additionally, consider wrapping the database operations for updating the summary in a transaction to prevent potential race conditions and ensure data integrity.

[RenzoMXD]

Hello, @rvasilero, @HenryHengZJ. Could you please review my PR?