whodb icon indicating copy to clipboard operation
whodb copied to clipboard
verified publisher icon clidey

Refactor AI Providers

Open modelorona opened this issue 3 months ago • 4 comments

goal is to make it easier to extend providers, add settings for models via the UI and env variables, and prevent pre-defined providers from being deleted

modelorona avatar Oct 04 '25 23:10 modelorona

An error occured.

This error may be due to rate limits. If this error persists, please email us.

jazzberry-ai[bot] avatar Oct 04 '25 23:10 jazzberry-ai[bot]

Hey, leave a @claude-review comment below and I'll do a code review!

github-actions[bot] avatar Oct 04 '25 23:10 github-actions[bot]

@claude-review

modelorona avatar Oct 05 '25 00:10 modelorona

PR Review: Refactor AI Providers

This PR successfully refactors the AI provider system. Overall excellent work with clean architecture.

Critical Issues

1. API Key Exposure Risk (HIGH PRIORITY)

  • Location: core/graph/schema.resolvers.go:165-173, 221-229, 848-856
  • Issue: Settings are marshaled and returned without filtering sensitive fields
  • Risk: If API keys are stored in settings map, they would be exposed in GraphQL responses
  • Fix: Add sanitization to filter apiKey/api_key fields before marshaling settings

2. Ignored JSON Marshal Errors (MEDIUM)

  • Location: core/graph/schema.resolvers.go:156, 212, 839
  • Issue: Errors from json.Marshal are silently ignored
  • Fix: Handle errors with proper logging

3. Missing License Header (MEDIUM)

  • Location: core/graph/generated.go:1
  • Issue: Copyright header was removed from generated file
  • Check if code generator config needs adjustment

Medium Issues

4. Provider Persistence Missing

  • Location: core/src/llm/provider_registry.go:121, 152, 174
  • User-created providers lost on restart
  • Create follow-up issue for implementation

5. Potential Race Condition

  • Location: core/src/llm/llm_instance.go:28-65
  • Mutex unlocked before reading from provider registry
  • Consider extended lock scope or document safety

6. HTTP Resolver Changes

  • Location: core/graph/http.resolvers.go:152-197
  • Changes appear justified but against stated guidelines
  • Worth noting for future reviews

Strengths

  • Clean ProviderRegistry singleton pattern
  • Proper GraphQL-first approach
  • No SQL injection vulnerabilities
  • Plugin architecture respected
  • CE/EE separation maintained
  • Modern Go syntax throughout
  • Secure API key handling in memory

Recommendation

Approve with Changes - Solid refactor but address API key exposure before merge.

Priority:

  1. Add settings sanitization
  2. Handle marshal errors
  3. Track persistence as follow-up

Excellent architecture improvements overall!

claude[bot] avatar Oct 05 '25 00:10 claude[bot]

closing as too many changes since then, need to do it again and update

modelorona avatar Dec 08 '25 10:12 modelorona