Rob 1261 holmes load toolset configs from saas

[moshemorad]

No description provided.

[coderabbitai]

Walkthrough

The changes introduce support for fetching Holmes toolset configurations from a SaaS endpoint, add new data models and API client logic, and update the toolset manager to merge SaaS toolset settings when enabled. Test adjustments and minor logging improvements are also included.

Changes

File(s)	Change Summary
holmes/clients/robusta_client.py	Added HOLMES_TOOLSET_CONFIG_URL constant, HolmesToolsetConfig model, and fetch_holmes_toolset_config API client.
holmes/core/supabase_dal.py	Added get_session_token (thread-safe), updated get_ai_credentials, and added get_toolset_configs to fetch SaaS configs.
holmes/core/toolset_manager.py	Updated to load and merge toolsets from SaaS configs if enabled; changed list_server_toolsets to refresh toolsets directly.
holmes/core/tools.py	Fixed argument type for excluding "name" in Toolset.override_with method.
holmes/plugins/toolsets/coralogix/api.py	Added info-level logging of response text in health_check on non-200 status.
tests/core/test_toolset_manager.py	Updated test to patch _list_all_toolsets instead of load_toolset_with_status.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant SupabaseDal
    participant RobustaClient
    participant SaaS_API
    participant ToolsetManager

    Client->>ToolsetManager: list_server_toolsets(dal)
    ToolsetManager->>SupabaseDal: get_toolset_configs()
    SupabaseDal->>SupabaseDal: get_session_token()
    SupabaseDal->>RobustaClient: fetch_holmes_toolset_config(token, account_id, cluster_id)
    RobustaClient->>SaaS_API: GET /holmes/toolset/configs
    SaaS_API-->>RobustaClient: JSON configs
    RobustaClient-->>SupabaseDal: List[HolmesToolsetConfig]
    SupabaseDal-->>ToolsetManager: List[HolmesToolsetConfig]
    ToolsetManager->>ToolsetManager: Merge SaaS configs into toolsets
    ToolsetManager-->>Client: List[Toolset]

Loading

Suggested reviewers

• nherment

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Results of HolmesGPT evals

• ask_holmes: 43/53 test cases were successful
• investigate: 15/15 test cases were successful

Test suite	Test case	Status
ask_holmes	01_how_many_pods	⚠️
ask_holmes	02_what_is_wrong_with_pod	✅
ask_holmes	02_what_is_wrong_with_pod_LOKI	✅
ask_holmes	03_what_is_the_command_to_port_forward	✅
ask_holmes	04_related_k8s_events	✅
ask_holmes	05_image_version	✅
ask_holmes	06_explain_issue	✅
ask_holmes	07_high_latency	✅
ask_holmes	07_high_latency_LOKI	✅
ask_holmes	08_sock_shop_frontend	✅
ask_holmes	09_crashpod	✅
ask_holmes	10_image_pull_backoff	✅
ask_holmes	11_init_containers	✅
ask_holmes	12_job_crashing	✅
ask_holmes	12_job_crashing_CORALOGIX	⚠️
ask_holmes	12_job_crashing_LOKI	✅
ask_holmes	13_pending_node_selector	✅
ask_holmes	14_pending_resources	✅
ask_holmes	15_failed_readiness_probe	✅
ask_holmes	16_failed_no_toolset_found	✅
ask_holmes	17_oom_kill	✅
ask_holmes	18_crash_looping_v2	✅
ask_holmes	19_detect_missing_app_details	✅
ask_holmes	20_long_log_file_search	✅
ask_holmes	20_long_log_file_search_LOKI	✅
ask_holmes	21_job_fail_curl_no_svc_account	✅
ask_holmes	22_high_latency_dbi_down	✅
ask_holmes	23_app_error_in_current_logs	✅
ask_holmes	23_app_error_in_current_logs_LOKI	✅
ask_holmes	24_misconfigured_pvc	✅
ask_holmes	25_misconfigured_ingress_class	⚠️
ask_holmes	26_multi_container_logs	✅
ask_holmes	27_permissions_error_no_helm_tools	✅
ask_holmes	28_permissions_error_helm_tools_enabled	✅
ask_holmes	29_events_from_alert_manager	✅
ask_holmes	30_basic_promql_graph_cluster_memory	✅
ask_holmes	31_basic_promql_graph_pod_memory	✅
ask_holmes	32_basic_promql_graph_pod_cpu	✅
ask_holmes	33_http_latency_graph	✅
ask_holmes	34_memory_graph	✅
ask_holmes	35_tempo	✅
ask_holmes	36_argocd_find_resource	✅
ask_holmes	37_argocd_wrong_namespace	⚠️
ask_holmes	38_rabbitmq_split_head	✅
ask_holmes	39_failed_toolset	✅
ask_holmes	40_disabled_toolset	✅
ask_holmes	41_setup_argo	✅
ask_holmes	42_dns_issues_result_all_tools	⚠️
ask_holmes	42_dns_issues_result_new_tools	⚠️
ask_holmes	42_dns_issues_result_old_tools	⚠️
ask_holmes	42_dns_issues_steps_new_all_tools	⚠️
ask_holmes	42_dns_issues_steps_new_tools	⚠️
ask_holmes	42_dns_issues_steps_old_tools	⚠️
investigate	01_oom_kill	✅
investigate	02_crashloop_backoff	✅
investigate	03_cpu_throttling	✅
investigate	04_image_pull_backoff	✅
investigate	05_crashpod	✅
investigate	05_crashpod_LOKI	✅
investigate	06_job_failure	✅
investigate	07_job_syntax_error	✅
investigate	08_memory_pressure	✅
investigate	09_high_latency	✅
investigate	10_KubeDeploymentReplicasMismatch	✅
investigate	11_KubePodCrashLooping	✅
investigate	12_KubePodNotReady	✅
investigate	13_Watchdog	✅
investigate	14_tempo	✅

Legend

• ✅ the test was successful
• ⚠️ the test failed but is known to be flakky or known to fail
• ❌ the test failed and should be fixed before merging the PR

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (4)

holmes/clients/robusta_client.py (1)

8-11: TIMEOUT constant is now misleading / unused

TIMEOUT is still set to 2, but the new SaaS call below hard-codes timeout=30. Either reuse the shared constant or introduce a dedicated one (TOOLSET_CONFIG_TIMEOUT) to avoid confusion.

tests/core/test_toolset_manager.py (1)

167-174: Variable name & patch target mismatch hurts readability

The patched attribute is _list_all_toolsets, but the mock variable is still called mock_load_toolset_with_status. Rename for clarity and update usages.

-@patch("holmes.core.toolset_manager.ToolsetManager._list_all_toolsets")
-def test_list_server_toolsets(mock_load_toolset_with_status, toolset_manager):
+@patch("holmes.core.toolset_manager.ToolsetManager._list_all_toolsets")
+def test_list_server_toolsets(mock_list_all_toolsets, toolset_manager):
 ...
-    mock_load_toolset_with_status.return_value = [toolset]
+    mock_list_all_toolsets.return_value = [toolset]

holmes/core/supabase_dal.py (2)

424-426: get_ai_credentials now depends on new helper – good, but add type hint

The refactor is cleaner; add an explicit return annotation for consistency.

-    def get_session_token(self):
+    def get_session_token(self) -> str:

---

549-552: Surface failures from SaaS fetch

fetch_holmes_toolset_config already returns [] on errors. Consider logging an explicit warning here so callers know why configs are empty.

configs = fetch_holmes_toolset_config(token, self.account_id, self.cluster)
if not configs:
    logging.warning("No SaaS toolset configs fetched for account %s / cluster %s",
                    self.account_id, self.cluster)
return configs

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 197fea2 and 0911b35.

📒 Files selected for processing (6)

• holmes/clients/robusta_client.py (2 hunks)
• holmes/core/supabase_dal.py (3 hunks)
• holmes/core/tools.py (1 hunks)
• holmes/core/toolset_manager.py (3 hunks)
• holmes/plugins/toolsets/coralogix/api.py (1 hunks)
• tests/core/test_toolset_manager.py (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

holmes/core/supabase_dal.py (1)

holmes/clients/robusta_client.py (2)

• HolmesToolsetConfig (29-37)
• fetch_holmes_toolset_config (40-60)

🪛 Pylint (3.3.7)

holmes/clients/robusta_client.py

[refactor] 29-29: Too few public methods (0/2)

(R0903)

🔇 Additional comments (2)

holmes/core/tools.py (1)

350-358: 👍 Bug fix acknowledged

Changing exclude=("name") to exclude={"name"} prevents accidental per-character exclusion. Nice catch.

holmes/core/supabase_dal.py (1)

427-433: TTLCache is not thread-safe – locking is good, but read-then-put can race

The with self.lock block covers the entire check-and-set – perfect. Minor: consider cachetools.cachedmethod which handles TTL and locking for you.

[coderabbitai]

⚠️ Potential issue

Harden payload parsing & reuse existing timeout constant

A defensive guard around the "configs" key prevents a KeyError and avoids logging an exception for a perfectly valid but unexpected payload. While at it, reuse the (adjusted) timeout constant.

-        response = requests.get(
-            HOLMES_TOOLSET_CONFIG_URL,
-            timeout=30,
+        response = requests.get(
+            HOLMES_TOOLSET_CONFIG_URL,
+            timeout=TOOLSET_CONFIG_TIMEOUT,
             headers=headers,
             params={"account_id": account_id, "cluster_id": cluster_id},
         )
         response.raise_for_status()
-        result = response.json()
-
-        toolset_configs: List[HolmesToolsetConfig] = [
-            HolmesToolsetConfig(**item) for item in result["configs"]
-        ]
+        result: dict = response.json()
+        configs = result.get("configs", [])
+        if not isinstance(configs, list):
+            logging.warning(
+                "Unexpected payload shape from %s: %s",
+                HOLMES_TOOLSET_CONFIG_URL,
+                result,
+            )
+            return []
+
+        toolset_configs: List[HolmesToolsetConfig] = [
+            HolmesToolsetConfig(**item) for item in configs
+        ]
         return toolset_configs

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	def fetch_holmes_toolset_config(
	session_token: str, account_id: str, cluster_id: str
	) -> List[HolmesToolsetConfig]:
	try:
	headers = {"Authorization": f"Bearer {session_token}"}
	response = requests.get(
	HOLMES_TOOLSET_CONFIG_URL,
	timeout=30,
	headers=headers,
	params={"account_id": account_id, "cluster_id": cluster_id},
	)
	response.raise_for_status()
	result = response.json()
	toolset_configs: List[HolmesToolsetConfig] = [
	HolmesToolsetConfig(**item) for item in result["configs"]
	]
	return toolset_configs
	except Exception:
	logging.exception("Failed to fetch holmes toolset configs")
	return []
	def fetch_holmes_toolset_config(
	session_token: str, account_id: str, cluster_id: str
	) -> List[HolmesToolsetConfig]:
	try:
	headers = {"Authorization": f"Bearer {session_token}"}
	response = requests.get(
	HOLMES_TOOLSET_CONFIG_URL,
	timeout=TOOLSET_CONFIG_TIMEOUT,
	headers=headers,
	params={"account_id": account_id, "cluster_id": cluster_id},
	)
	response.raise_for_status()
	result: dict = response.json()
	configs = result.get("configs", [])
	if not isinstance(configs, list):
	logging.warning(
	"Unexpected payload shape from %s: %s",
	HOLMES_TOOLSET_CONFIG_URL,
	result,
	)
	return []
	toolset_configs: List[HolmesToolsetConfig] = [
	HolmesToolsetConfig(**item) for item in configs
	]
	return toolset_configs
	except Exception:
	logging.exception("Failed to fetch holmes toolset configs")
	return []

🤖 Prompt for AI Agents

In holmes/clients/robusta_client.py between lines 40 and 60, add a check to
verify the "configs" key exists in the JSON response before accessing it to
prevent KeyError and avoid unnecessary exceptions. Also, replace the hardcoded
timeout value with the existing timeout constant used elsewhere in the code for
consistency. Adjust the code to handle the case where "configs" is missing by
returning an empty list without logging an error.

[coderabbitai]

🛠️ Refactor suggestion

Downgrade log level and truncate body to avoid leaking PII

response.text may contain payloads or secrets; logging it at INFO risks exposing them and bloating logs. Use DEBUG and cap size.

-        logging.info(f"Response: {response.text}")
+        logging.debug(
+            "Coralogix non-200 response (truncated to 1 kB): %s",
+            response.text[:1024],
+        )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	logging.info(f"Response: {response.text}")
	return False, f"Failed with status_code={response.status_code}. {response.text}"
	logging.debug(
	"Coralogix non-200 response (truncated to 1 kB): %s",
	response.text[:1024],
	)
	return False, f"Failed with status_code={response.status_code}. {response.text}"

🧰 Tools

🪛 Pylint (3.3.7)

[refactor] 51-55: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it

(R1705)

🤖 Prompt for AI Agents

In holmes/plugins/toolsets/coralogix/api.py around lines 54 to 55, the code logs
the full response text at INFO level, which risks exposing sensitive information
and bloating logs. Change the logging level to DEBUG and truncate the response
text to a reasonable length (e.g., first 200 characters) before logging to
reduce PII exposure and log size.

[coderabbitai]

🛠️ Refactor suggestion

Config merge overwrites existing settings & loses state

The SaaS branch blindly replaces toolset.config:

toolset.config = toolset_config.config

1. All local/built-in config keys disappear even when SaaS only overrides a subset.
2. A None/empty SaaS config will wipe a previously valid dict.
3. No defensive copy – SaaS dict mutations elsewhere could leak.

-                toolset.enabled = toolset_config.enabled
-                toolset.config = toolset_config.config
+                toolset.enabled = toolset_config.enabled
+
+                # Merge dictionaries shallowly: SaaS keys win, originals preserved
+                if toolset_config.config:
+                    merged_cfg = {**(toolset.config or {}), **toolset_config.config}
+                    toolset.config = merged_cfg

Also consider deep-merge (dictdiffer, deepmerge) if nested structures are common.

🤖 Prompt for AI Agents

In holmes/core/toolset_manager.py around lines 115 to 128, the code replaces the
entire toolset.config with the SaaS config, which causes loss of existing local
config keys and state, and risks wiping valid configs if SaaS config is None or
empty. To fix this, merge the SaaS config into the existing toolset.config
instead of overwriting it, ensuring to create a defensive copy to avoid mutation
leaks. Consider using a deep merge approach if the config contains nested
dictionaries to preserve all nested settings.

[coderabbitai]

⚠️ Potential issue

refresh_status parameter is now a no-op

list_server_toolsets() still advertises refresh_status, but the new implementation bypasses the cache entirely and never honours the flag – callers can think they are skipping a refresh while they are not.

-        toolsets_with_status = self._list_all_toolsets(
-            dal,
-            check_prerequisites=True,
-            enable_all_toolsets=False,
-            toolset_tags=self.server_tool_tags,
-        )
+        if refresh_status:
+            self.refresh_toolset_status(
+                dal=dal,
+                enable_all_toolsets=False,
+                toolset_tags=self.server_tool_tags,
+            )
+
+        toolsets_with_status = self._list_all_toolsets(
+            dal,
+            check_prerequisites=True,
+            enable_all_toolsets=False,
+            toolset_tags=self.server_tool_tags,
+        )

Either honour the argument as above or drop it from the signature to avoid API confusion.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	toolsets_with_status = self._list_all_toolsets(
	dal,
	refresh_status=refresh_status,
	check_prerequisites=True,
	enable_all_toolsets=False,
	toolset_tags=self.server_tool_tags,
	)
	if refresh_status:
	self.refresh_toolset_status(
	dal=dal,
	enable_all_toolsets=False,
	toolset_tags=self.server_tool_tags,
	)
	toolsets_with_status = self._list_all_toolsets(
	dal,
	check_prerequisites=True,
	enable_all_toolsets=False,
	toolset_tags=self.server_tool_tags,
	)

🤖 Prompt for AI Agents

In holmes/core/toolset_manager.py around lines 300 to 305, the
list_server_toolsets() method includes a refresh_status parameter that is no
longer used because the current implementation bypasses the cache and always
refreshes. To fix this, either update the method to respect the refresh_status
flag by conditionally bypassing the cache based on its value or remove the
refresh_status parameter entirely from the method signature and all its callers
to prevent confusion about its effect.

[coderabbitai]

🛠️ Refactor suggestion

Missing safeguard – constant may not be a real boolean

ENABLE_HOLMES_TOOLSETS_FROM_SAAS is imported and later used in a truth-test.
If that constant is the raw environment-variable string (e.g. "false"/"0"), any non-empty value will evaluate to True, unintentionally enabling the SaaS merge.

+from distutils.util import strtobool  # builtin, lightweight
...
-        if ENABLE_HOLMES_TOOLSETS_FROM_SAAS and dal:
+        # Treat env-var strings such as "0", "false", "no" as False
+        if strtobool(str(ENABLE_HOLMES_TOOLSETS_FROM_SAAS or "0")) and dal:

(If distutils is unavailable in your target Python, replace with a small helper that normalises "true", "1", "yes" etc.)
Ensures the feature flag behaves predictably.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	from holmes.clients.robusta_client import HolmesToolsetConfig
	from holmes.common.env_vars import ENABLE_HOLMES_TOOLSETS_FROM_SAAS
	from holmes.clients.robusta_client import HolmesToolsetConfig
	from holmes.common.env_vars import ENABLE_HOLMES_TOOLSETS_FROM_SAAS
	from distutils.util import strtobool # builtin, lightweight
	# ... other imports or code ...
	# Treat env-var strings such as "0", "false", "no" as False
	if strtobool(str(ENABLE_HOLMES_TOOLSETS_FROM_SAAS or "0")) and dal:
	# existing merge logic
	...

🤖 Prompt for AI Agents

In holmes/core/toolset_manager.py around lines 9 to 10, the imported constant
ENABLE_HOLMES_TOOLSETS_FROM_SAAS is used directly in a truth-test but may be a
raw environment string, causing incorrect truthiness evaluation. To fix this,
convert ENABLE_HOLMES_TOOLSETS_FROM_SAAS to a proper boolean by normalizing its
value (e.g., comparing lowercased string to "true", "1", or "yes") before using
it in any conditional checks, ensuring the feature flag behaves as intended.