fix: validate provider urls before use#147
Closed
codefromthecrypt wants to merge 2 commits into
Closed
Conversation
|
|
||
| client = httpx.Client( | ||
| base_url=url + "v1/", | ||
| base_url=url.join("v1/"), |
Collaborator
Author
There was a problem hiding this comment.
fyi using httpx.URL as it isn't so sensitive about trailing slash etc when joining
Contributor
There was a problem hiding this comment.
interesting, i always remembered // would resolve? just curious what bug you can into since i haven't seen this before!
Collaborator
Author
There was a problem hiding this comment.
I think it was more about not having a slash at all. e.g if you set a base URL ending in the port
Collaborator
|
@lamchau can you cast eagle eyes over this? |
lamchau
reviewed
Oct 15, 2024
lamchau
reviewed
Oct 15, 2024
|
|
||
| val = os.environ.get(key, default) | ||
| if val == "": | ||
| raise ValueError(f"{key} was empty") |
Contributor
There was a problem hiding this comment.
:nit: should use KeyError which is consistent with the non-default value getter os.environ[key].
[nav] In [1]: import os
...:
...: os.environ["SHELL"]
...: os.environ["SHELL_MISSING"]
...:
---------------------------------------------------------------------------
KeyError Traceback (most recent call last)
Cell In[1], line 4
1 import os
3 os.environ["SHELL"]
----> 4 os.environ["SHELL_MISSING"]
File <frozen os>:714, in __getitem__(self, key)
KeyError: 'SHELL_MISSING'
Contributor
There was a problem hiding this comment.
forgot what package i was in – it just occurred to me that we recently wrote up a way to do this on the base provider. could we add the check in there?
Collaborator
Author
There was a problem hiding this comment.
so you mean add a parameter to check_env_vars() like base_url_key?
Contributor
There was a problem hiding this comment.
exactly! imo we might want to tweak it slightly so it'll dump all the env vars in a single pass rather than one at a time (especially with how much setup is needed for AZURE_*).
not sure if @elenazherdeva is working on that atm, but it was from this #116 (comment)
Contributor
There was a problem hiding this comment.
@lamchau thank you for pinging! I’m not working on it at the moment, but I should fix it. Let me create a follow-up PR based on your comments!
Collaborator
Author
|
thanks for the advice @lamchau will revise impl after clarification on #147 (comment) |
Collaborator
Author
|
sorry was awol on medical leave. sporadic this week, but will adjust this and others soon |
Contributor
|
@codefromthecrypt no worries! hopefully you're doing well/on the mend! |
Signed-off-by: Adrian Cole <adrian.cole@elastic.co>
codefromthecrypt
force-pushed
the
validate_env
branch
from
4dc27d9 to
224d729
Compare
codefromthecrypt
force-pushed
the
validate_env
branch
from
224d729 to
e8049a4
Compare
Collaborator
Author
|
@lamchau PTAL I have consolidated what I could into the same check, and refactored things around it. |
codefromthecrypt
commented
Nov 4, 2024
| @retry_procedure | ||
| def _post(self, payload: dict) -> httpx.Response: | ||
| response = self.client.post(ANTHROPIC_HOST, json=payload) | ||
| response = self.client.post(self.BASE_URL_DEFAULT, json=payload) |
Collaborator
Author
There was a problem hiding this comment.
I think this is incorrect as it defers to the default value without considering an override. OTOH, if I make this empty, it fails tests...
codefromthecrypt
commented
Nov 4, 2024
| PROVIDER_NAME = "azure" | ||
| BASE_URL_ENV_VAR = "AZURE_CHAT_COMPLETIONS_HOST_NAME" | ||
| REQUIRED_ENV_VARS = [ | ||
| "AZURE_CHAT_COMPLETIONS_HOST_NAME", |
Collaborator
Author
There was a problem hiding this comment.
I separated out the base URL enforcement from the other ENV vars as there is special handling
michaelneale
reviewed
Nov 4, 2024
|
|
||
| PROVIDER_NAME = "google" | ||
| BASE_URL_ENV_VAR = "GOOGLE_HOST" | ||
| BASE_URL_DEFAULT = "https://generativelanguage.googleapis.com/v1beta" |
Collaborator
There was a problem hiding this comment.
does it make sense to have the constant at the top of the file just as people may want to quickly scan/change?
Collaborator
Author
There was a problem hiding this comment.
So, these constants are accessed as class variables, so if we move to the top they'd no longer be that. I'm not sure a hack to work around this..
michaelneale
approved these changes
Nov 4, 2024
Collaborator
|
Closing up PRs that point to pre-v1.0 but this is still a good idea, happy to open this up again against v1.0 |
Ghenghis
referenced
this pull request
in Ghenghis/Super-Goose
Feb 5, 2026
This removes the goose/temp/ directory which contained old test projects with vulnerable dependencies that were incorrectly tracked in git. Fixes Dependabot alerts: - #147-162: Python dependencies in watchflow-main/uv.lock (langchain, aiohttp, urllib3, etc.) - #138-139: esbuild vulnerabilities in vibes-cli temp files The @modelcontextprotocol/sdk in ui/desktop is already updated to 1.26.0 which fixes alert #167. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
jamadeo
pushed a commit
that referenced
this pull request
Apr 13, 2026
* feat: file @-mention with fuzzy search in chat input
Extend the mention system to show session files alongside personas:
- MentionAutocomplete now renders two sections: Personas and Files
- FileMentionItem type for file suggestions (resolvedPath, displayPath, filename, kind)
- MentionItem union type (persona | file) for unified selection handling
- useMentionDetection accepts files param, filters both lists on query
- confirmMention returns MentionItem instead of Persona
- Extract mention handlers into useMentionHandlers hook (keeps ChatInput under 500 lines)
- File data sourced from ArtifactPolicyContext.getAllSessionArtifacts()
- Selecting a file inserts its resolved path into the message text
- Selecting a persona still switches the active persona (unchanged behavior)
- Add i18n key mention.filesTitle for the files section header
* fix: use Radix Popover for @-mention autocomplete positioning
Replace manual absolute positioning with shared/ui Popover primitives
so the dropdown gets viewport collision detection and portal rendering.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(system): add file mention scan command
Add a Tauri command that scans project roots for files usable in @ mention completion.\n\nThe scan deduplicates roots and file paths, skips common generated directories,\nlimits traversal depth and result count, and runs in a blocking task to avoid\nstalling the async runtime.\n\nExpose the command through the frontend system API so chat mention handlers can\nrequest project files.
* feat(chat): include project files in @mentions
Load project file paths from configured working directories and merge them\nwith session artifacts in mention autocomplete results.\n\nWhen selecting a project, mention suggestions now include matching files even\nbefore they have been attached in the current session, and retain deduped\nabsolute paths for insertion.\n\nAdd a chat input test for file mention selection and include the Spanish\ntranslation for the files section heading.
* fix: scroll selected mention item into view on arrow navigation
Add scrollIntoView({ block: "nearest" }) via ref map so the active
item stays visible when arrowing through the popover list.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: use fuzzy subsequence matching for @-mention filtering
Replace includes() with an fzf-style subsequence matcher so queries
like "crates/sprout-acp/.rs" match files whose path contains those
characters in order (e.g. acp.rs, config.rs in that directory).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: project files not appearing in @-mention popover
The loadedRootsKeyRef dedup guard prevented the second mount in React
StrictMode from fetching files, while the first mount's response was
cancelled by cleanup. Remove the ref guard — the sameStringArray check
in setProjectFilePaths already prevents unnecessary state updates.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* style: fix biome formatting in ChatInput
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: replace requestAnimationFrame with useEffect for cursor placement
Use a pendingCursorRef + useEffect triggered by text changes instead of
rAF to set focus and cursor position after mention selection. This is
React-idiomatic — the effect runs after React flushes the new text into
the DOM, avoiding timing hacks.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: remove stale comment in MentionAutocomplete
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: biome format and lint issues
- Expand biome.json includes array to multi-line format
- Exclude .worktrees and .claude/worktrees from biome checks
- Add biome-ignore for intentional text dependency in cursor effect
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: resolve TypeScript error in ChatInput test mock
Type the listFilesForMentions mock with explicit parameter types
instead of rest spread to satisfy tsc --noEmit.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* style: fix biome formatting in ChatInput test
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add list_files_for_mentions to E2E Tauri mock
The mock IPC fallback returns null for unknown commands, which crashes
the mention handler expecting a string array. Add the mock so E2E
draft tests can render the chat view.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: use ignore crate for gitignore-aware file scanning
Replace the hardcoded should_skip_dir list with the `ignore` crate
(from ripgrep) which respects .gitignore, .git/info/exclude, and
global gitignore. This automatically handles project-specific ignores
instead of maintaining a static list of directory names.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* style: cargo fmt
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: harden file scanner and deduplicate mention filtering
Two fixes:
1. File scanner: add follow_links(false) explicitly and canonicalize
all paths to reject any that escape the project roots. Prevents
symlink loops and path leakage.
2. Mention filtering: useMentionDetection hook now owns all filtering
and exposes filteredPersonas/filteredFiles. MentionAutocomplete
renders pre-filtered results instead of re-running the same fuzzy
match on every keystroke.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: remove unused mentionQuery destructure
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: simplify persona header logic and stop collapsing user spaces
- Collapse redundant persona header branches into a single condition
- Remove replace(/\s{2,}/g, " ") from mention insertion which silently
ate intentional double spaces (markdown, code blocks)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: clear file suggestions immediately when project roots change
Prevents stale files from a previous project appearing in mention
results while the new scan is in flight.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This fixes validation, like #133, except for all providers that accept a hostname/base URL variable.