Skip to content

fix(tool_parser): treat qwen_xml tool-call arg values literally#1899

Open
key4ng wants to merge 2 commits into
mainfrom
fix/qwen-xml-html-unescape
Open

fix(tool_parser): treat qwen_xml tool-call arg values literally#1899
key4ng wants to merge 2 commits into
mainfrom
fix/qwen-xml-html-unescape

Conversation

@key4ng

@key4ng key4ng commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Description

Problem

qwen_xml's value decoder ran html.unescape on every tool-call argument value, so any argument containing a literal HTML entity (&, <, ', …) was silently mutated on parse (&&).

The Qwen3-Coder XML tool format is not HTML-escaped on render — the chat template emits argument values via | tojson | safe / | string, so the model emits literal characters. vLLM's Qwen3CoderToolParser, Qwen-Agent, and Qwen's chat template all pass argument values through verbatim. SMG was the only implementation that unescaped, and it applies no matching escape on its own render side, so its parse was not the inverse of its render.

Impact: a coding agent writing an HTML/XML/Markdown snippet had its argument silently corrupted before it reached the tool:

  • Model emits (literal): <parameter=content>\n<a>Tom &amp; Jerry</a>\n</parameter>
  • vLLM delivers to the tool: <a>Tom &amp; Jerry</a>
  • SMG delivered to the tool: <a>Tom & Jerry</a>

Because the assistant tool call is re-serialized into the next turn's prompt, the mutated value also propagated into subsequent turns.

Fixes #1888.

Solution

Treat argument values literally — drop the html_unescape call from both safe_val (schema-less inference path) and coerce_value (schema-typed path), matching vLLM's qwen3coder parser. JSON / schema-type coercion is unchanged.

Changes

  • Remove html_unescape from safe_val and coerce_value in crates/tool_parser/src/parsers/qwen_xml.rs (keep trim + JSON / schema-type coercion).
  • Delete the now-dead html_unescape helper (~70 lines).
  • Invert the unit + integration tests that asserted entity decoding so they now assert literal preservation.
  • Add golden conformance test test_arg_values_with_entities_roundtrip_unchanged covering both the inference and string-schema paths — this class of divergence now fails in CI, not as a benchmark score.

Test Plan

Before: value <a>Tom &amp; Jerry</a> &lt;x&gt; it&#39;s parsed to <a>Tom & Jerry</a> <x> it's (entities decoded).
After: the same value round-trips unchanged.

cargo test -p tool-parser                                            # all pass, incl. new golden test
cargo +nightly fmt --all -- --check                                  # clean
cargo clippy -p tool-parser --all-targets --all-features -- -D warnings  # clean
Checklist
  • cargo +nightly fmt passes
  • cargo clippy --all-targets --all-features -- -D warnings passes
  • (Optional) Documentation updated
  • (Optional) Please join us on Slack #sig-smg to discuss, review, and merge PRs

Summary by CodeRabbit

  • Bug Fixes
    • Qwen XML tool argument values now preserve HTML-entity-like text exactly as provided, rather than decoding it into rendered characters.
    • Encoded inputs now round-trip consistently in both schema-less parsing and schema-typed string parsing.
    • Mixed XML text and JSON values now keep entity-like substrings unchanged.
  • Tests
    • Updated and added coverage to assert literal preservation for named, numeric, and hex entities, including round-trip regression coverage.

The qwen_xml parser HTML-unescaped every tool-call argument value, so any
value containing an entity-like substring (&amp;, &lt;, &#39;, ...) was
silently mutated on parse. The Qwen3-Coder XML format is not HTML-escaped on
render (the chat template emits values via `| tojson | safe` / `| string`),
so parsing must not unescape it. vLLM's Qwen3CoderToolParser, Qwen-Agent, and
Qwen's chat template all pass argument values through verbatim.

Drop the html_unescape call from safe_val and coerce_value (keeping the JSON /
schema-type coercion), delete the now-dead html_unescape helper, and invert the
unit/integration tests that asserted decoding. Add a golden conformance test
asserting entity-containing values round-trip unchanged on both the inference
and string-schema paths.

Signed-off-by: key4ng <rukeyang@gmail.com>
@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Removes HTML-entity decoding from Qwen XML tool argument parsing while retaining JSON and schema-based coercion. Unit and integration tests now verify that named, numeric, and hexadecimal entity-like substrings remain unchanged.

Changes

Literal value parsing

Layer / File(s) Summary
Preserve literal argument values
crates/tool_parser/src/parsers/qwen_xml.rs
safe_val and coerce_value no longer decode HTML entities; values are trimmed, JSON-parsed, checked for Python literals, and otherwise returned literally with schema coercion applied when available.
Parser regression coverage
crates/tool_parser/src/parsers/qwen_xml.rs
Removes entity-decoding tests and adds coverage for unchanged entities in safe_val, schema-less parsing, and schema-typed string parsing.
XML integration regression coverage
crates/tool_parser/tests/tool_parser_qwen_xml.rs
Updates named-entity, numeric/hex-entity, and mixed HTML-and-JSON assertions to expect encoded entity text in parsed values.

Estimated code review effort: 2 (Simple) | ~12 minutes

Possibly related PRs

Suggested reviewers: slin1237, CatherineSue, claude

Poem

A rabbit hopped through XML bright,
And kept each entity just right.
“No decoding here,” it said with cheer,
“The literal text belongs right here!”
Tests now guard the encoded trail. 🐇

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Linked Issues check ✅ Passed The parser now preserves entity text, keeps JSON/schema coercion, and adds coverage for unchanged round-tripping.
Out of Scope Changes check ✅ Passed The changes stay focused on qwen_xml parsing behavior and related tests, with no unrelated scope added.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: qwen_xml tool-call argument values are now preserved literally instead of being HTML-unescaped.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/qwen-xml-html-unescape

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added tests Test changes tool-parser Tool/function call parser changes labels Jul 9, 2026

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean removal of incorrect HTML-entity decoding in the Qwen XML parser. The change aligns with vLLM's Qwen3CoderToolParser and the Qwen chat template, both of which pass argument values through verbatim. Tests comprehensively cover the schema-less inference path, the schema-typed string path, and the mixed HTML-entity-in-JSON edge case. No issues found.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request removes HTML-entity decoding from the Qwen XML parser to ensure argument values are treated literally, aligning with vLLM's Qwen3CoderToolParser and Qwen-Agent. Tests have been updated and added to verify that HTML entities are preserved verbatim. The review feedback correctly points out a mismatch in the newly added test test_arg_values_with_entities_roundtrip_unchanged where the function name in the XML template (write_file) does not match the function name defined in tool_with_props (f), which prevents the schema-typed path from being properly exercised.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment on lines +612 to +616
let text = format!(
"<tool_call>\n<function=write_file>\n\
<parameter=content>\n{literal}\n</parameter>\n\
</function>\n</tool_call>"
);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

In this test, the XML input uses <function=write_file>, but the tools list is created using tool_with_props, which defines a function named "f".

Because of this mismatch, helpers::param_types_for_function(tools, "write_file") returns an empty map, meaning the schema-typed path (coerce_value) does not find the "content" parameter's declared type ("string") and silently falls back to the schema-less safe_val path. As a result, the schema-typed string path is not actually being tested here.

Changing the function name in the XML template to "f" ensures that the schema-typed path is correctly matched and exercised.

        let text = format!(
            "<tool_call>\n<function=f>\n\\\n             <parameter=content>\n{literal}\n</parameter>\n\\\n             </function>\n</tool_call>"
        );

@key4ng

key4ng commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator Author

…icial API

Reframe the doc/test comments around the primary source: Qwen's own official
API (DashScope) returns tool-call argument values with HTML entities intact,
verified live on both Qwen3-Coder and Qwen3.5 (the two families SMG maps to the
qwen_xml parser). vLLM, SGLang, and Qwen-Agent are cited as corroborating rather
than as the canonical reference. No behavior change.

Signed-off-by: key4ng <rukeyang@gmail.com>
@key4ng key4ng changed the title fix(tool_parser): treat qwen_xml tool-call arg values literally (#1888) fix(tool_parser): treat qwen_xml tool-call arg values literally, matching Qwen's official API (#1888) Jul 9, 2026
@key4ng key4ng changed the title fix(tool_parser): treat qwen_xml tool-call arg values literally, matching Qwen's official API (#1888) fix(tool_parser): treat qwen_xml tool-call arg values literally Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

tests Test changes tool-parser Tool/function call parser changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]?: qwen_xml tool parser HTML-unescapes tool-call argument values

1 participant