Fix: Restore get_provider_credential behavior to return None when Langfuse credentials are missing

[avirajsingh7]

Summary

In PR #360, the get_provider_credential method was modified to raise an exception when credentials were missing.
However, the Response API and other modules still expect this method to return None in such cases.
As a result, the Response API currently throws an error when Langfuse credentials are not configured.

Reverted all method logic changed in PR to return as per previous behaviour.

Checklist

Before submitting a pull request, please ensure that you mark these task.

• Ran fastapi run --reload app/main.py or docker compose up in the repository root and test.
• If you've fixed a bug or added code that is tested and has test cases.

Notes

Please add here if any other information is required for the reviewer.

Summary by CodeRabbit

• Bug Fixes

  • Listing credentials now returns an empty result when none exist instead of an error.
  • Fetching a single credential will yield no result rather than an unexpected error when it doesn't exist.
  • Deletion operations now return a clear "not found" response if credentials are missing.

• Tests

  • Tests updated to no longer assert exact error message text for missing-credential 404 responses.

[coderabbitai]

Walkthrough

Adjusted credential handling: query functions now return empty list or None instead of raising; deletion and API read routes explicitly raise HTTP 404 when credentials are absent.

Changes

Cohort / File(s)	Summary
Credential CRUD backend/app/crud/credentials.py	- get_creds_by_org: returns empty list instead of raising when none found. - get_provider_credential: return type now `dict[str, Any]
API routes validation backend/app/api/routes/credentials.py	- read_credential and read_provider_credential: now raise HTTP 404 when credentials are absent (early error handling).
Tests adjusted backend/app/tests/api/routes/test_creds.py, backend/app/tests/crud/test_credentials.py	- Removed assertions for exact error message strings in 404 responses. - Updated tests to expect None / empty list return behavior for missing credentials rather than exceptions.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant API as CredentialsAPI
  participant CRUD as CredentialsCRUD
  participant DB

  Client->>API: GET /org/{org_id}/creds
  API->>CRUD: get_creds_by_org(org_id)
  CRUD->>DB: query creds
  DB-->>CRUD: [] 
  CRUD-->>API: [] 
  API-->>Client: 200 OK (empty list)

  Client->>API: GET /provider/{provider_id}/cred
  API->>CRUD: get_provider_credential(provider_id)
  CRUD->>DB: query provider cred
  DB-->>CRUD: none
  CRUD-->>API: None
  alt None -> API decides missing
    API-->>Client: 404 Not Found
  else found
    API-->>Client: 200 OK (credential)
  end

  Client->>API: DELETE /provider/{provider_id}/cred
  API->>CRUD: remove_provider_credential(provider_id)
  CRUD->>CRUD: get_provider_credential(provider_id)
  alt credential exists
    CRUD->>DB: delete credential
    DB-->>CRUD: success
    CRUD-->>API: success
    API-->>Client: 204 No Content
  else missing
    CRUD-->>API: raise 404
    API-->>Client: 404 Not Found
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Added logs for User and Creds Endpoint #322 — modifies credentials CRUD and routes; touches same credential-not-found handling paths.
• Testing : Utility functions for test data setup #275 — changes get_provider_credential return behavior/signature.
• Credentials: Fetching ID from API key #354 — alters credentials API and CRUD flow, including read-route 404 behavior.

Suggested labels

bug

Suggested reviewers

• AkhileshNegi
• vijay-T4D

Poem

🐰 I hop through code with nimble feet,
Empty lists hum a quiet beat,
None says softly where keys are gone,
Deletes now check before they're drawn.
A tidy patch — a carrot treat. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 60.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The PR title "Fix: Restore get_provider_credential behavior to return None when Langfuse credentials are missing" directly and specifically describes the main change in the changeset. The raw summary confirms that the core modification is reverting get_provider_credential from raising an exception to returning None when credentials are not found, which aligns perfectly with the stated objective. The title is concise, clear, and specific enough that a teammate reviewing the commit history would immediately understand the primary change without needing to examine the full diff.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch hotfix/creds_langfuse

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 779e99a and f9ab58a.

📒 Files selected for processing (3)

• backend/app/api/routes/credentials.py (2 hunks)
• backend/app/tests/api/routes/test_creds.py (0 hunks)
• backend/app/tests/crud/test_credentials.py (2 hunks)

💤 Files with no reviewable changes (1)

• backend/app/tests/api/routes/test_creds.py

🧰 Additional context used

📓 Path-based instructions (2)

**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Use type hints in Python code (Python 3.11+ project)

Files:

• backend/app/api/routes/credentials.py
• backend/app/tests/crud/test_credentials.py

backend/app/api/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Expose FastAPI REST endpoints under backend/app/api/ organized by domain

Files:

• backend/app/api/routes/credentials.py

🧬 Code graph analysis (1)

backend/app/tests/crud/test_credentials.py (2)

backend/app/crud/credentials.py (2)

• get_provider_credential (121-159)
• get_creds_by_org (97-118)

backend/app/tests/conftest.py (1)

• db (28-45)

🔇 Additional comments (4)

backend/app/api/routes/credentials.py (2)

94-96: Correct implementation of None check.

The explicit None check with is None correctly handles the case where get_provider_credential returns None (as per the PR objective). This properly separates concerns: the CRUD layer returns None for missing credentials, and the API layer handles the HTTP 404 response.

Note: Similar to the other read endpoint, this changes the API response from potentially returning a success response with null to returning 404, which may be a breaking change for existing consumers.

---

69-71: No action required—behavior change is intentional and properly tested.

The test suite already validates this behavior change. Tests confirm that the endpoint returns 404 when no credentials exist (lines 128, 160, 284 in backend/app/tests/api/routes/test_creds.py) and 200 when credentials are found (lines 113, 141, 385). The API contract is established and well-tested.

backend/app/tests/crud/test_credentials.py (2)

171-177: Test correctly validates the new CRUD behavior.

The test properly verifies that get_provider_credential returns None after credentials are removed, which aligns with the PR objective to restore value-based returns instead of raising exceptions for missing credentials.

---

210-213: Test correctly validates empty list return.

The test properly verifies that get_creds_by_org returns an empty list after all credentials are removed, which is the expected behavior when no credentials exist.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

backend/app/crud/credentials.py (3)

110-111: Update docstring to reflect actual behavior.

The docstring states "Raises: HTTPException: If no credentials are found" but the function now returns an empty list instead of raising an exception.

Apply this diff to update the docstring:

-    Raises:
-        HTTPException: If no credentials are found

---

128-128: Update return type hint to include None.

The function now returns None when credentials are not found (line 159), but the type hint only declares dict[str, Any] | Credential.

As per coding guidelines

Apply this diff to update the type hint:

-) -> dict[str, Any] | Credential:
+) -> dict[str, Any] | Credential | None:

---

144-145: Update docstring to reflect actual behavior.

The docstring states "Raises: HTTPException: If credentials are not found" but the function now returns None instead of raising an exception (line 159), which aligns with the PR objectives.

Apply this diff to update the docstring:

-    Raises:
-        HTTPException: If credentials are not found
+    Returns None if credentials are not found for the specified provider.

🧹 Nitpick comments (1)

backend/app/crud/credentials.py (1)

271-271: Simplify redundant None check.

The existing_creds is None check is unnecessary since get_creds_by_org always returns a list (line 117), never None.

Apply this diff to simplify:

-    if existing_creds is None or len(existing_creds) == 0:
+    if not existing_creds:

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3b7b640 and 943652e.

📒 Files selected for processing (1)

• backend/app/crud/credentials.py (3 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Use type hints in Python code (Python 3.11+ project)

Files:

• backend/app/crud/credentials.py

backend/app/crud/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Implement database access operations in backend/app/crud/

Files:

• backend/app/crud/credentials.py

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: checks (3.11.7, 6)

🔇 Additional comments (2)

backend/app/crud/credentials.py (2)

222-231: LGTM! Proper existence validation before deletion.

The explicit check for credential existence before attempting deletion follows best practices and provides clearer error handling.

---

266-274: LGTM! Proper existence validation before deletion.

The explicit check for credentials before attempting deletion is consistent with the pattern in remove_provider_credential and provides clearer error handling.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

backend/app/crud/credentials.py (2)

110-111: Update the docstring to reflect the actual behavior.

The docstring states "Raises: HTTPException: If no credentials are found", but the function no longer raises an exception. It returns an empty list when no credentials exist, which aligns with the PR objectives.

Apply this diff to fix the docstring:

     Returns:
         list[Credential]: List of credentials
-
-    Raises:
-        HTTPException: If no credentials are found
     """

---

139-145: Update the docstring to document the None return case.

The docstring describes the return values when credentials are found but doesn't mention that None is returned when credentials don't exist for the specified provider. This should be documented for API clarity.

Apply this diff to update the docstring:

     Returns:
-        dict[str, Any] | Credential:
+        dict[str, Any] | Credential | None:
             - If `full` is True, returns the full Credential SQLModel object.
             - Otherwise, returns the decrypted credentials as a dictionary.
-
-    Raises:
-        HTTPException: If credentials are not found
+            - Returns None if credentials are not found for the specified provider.
     """

🧹 Nitpick comments (2)

backend/app/crud/credentials.py (2)

222-227: Pass full=True to avoid unnecessary credential decryption.

The existence check only needs to verify that credentials exist, but by not passing full=True, the function unnecessarily decrypts credentials (line 157) only to check if the result is None. Passing full=True would return the Credential object directly, avoiding the decryption overhead.

Apply this diff to improve performance:

     creds = get_provider_credential(
         session=session,
         org_id=org_id,
         project_id=project_id,
         provider=provider,
+        full=True,
     )

---

271-271: Remove redundant None check.

The condition existing_creds is None is redundant. The get_creds_by_org function has a return type of list[Credential] and uses session.exec(statement).all() (line 117), which always returns a list—either empty or populated—but never None. Only the length check is necessary.

Apply this diff to simplify the condition:

-    if existing_creds is None or len(existing_creds) == 0:
+    if len(existing_creds) == 0:

Or more idiomatically:

-    if existing_creds is None or len(existing_creds) == 0:
+    if not existing_creds:

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 943652e and 779e99a.

📒 Files selected for processing (1)

• backend/app/crud/credentials.py (4 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Use type hints in Python code (Python 3.11+ project)

Files:

• backend/app/crud/credentials.py

backend/app/crud/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Implement database access operations in backend/app/crud/

Files:

• backend/app/crud/credentials.py

🧬 Code graph analysis (1)

backend/app/crud/credentials.py (1)

backend/app/models/credentials.py (1)

• Credential (48-97)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: checks (3.11.7, 6)

🔇 Additional comments (2)

backend/app/crud/credentials.py (2)

128-128: LGTM! The changes correctly restore the expected behavior.

The update to return None when credentials are not found aligns with the PR objectives and restores the expected behavior for the Response API and other modules. The return type annotation is correctly updated to include None, making the API contract clear.

Also applies to: 159-159

---

222-231: Good defensive programming for delete operations.

Adding an explicit existence check before deletion follows good practices and provides clear 404 responses when attempting to delete non-existent credentials. This separates concerns between query operations (which gracefully return None) and write operations (which validate resource existence).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!