Session storage and retrieval store APIs(redis)

[nuwangeek]

This pull request introduces a Redis-backed session store for managing multi-turn API tool workflows, including all necessary infrastructure, application logic, configuration, and documentation. The main changes add a robust, async CRUD interface for storing session state in Redis, integrate the store into the FastAPI app lifecycle, and provide clear usage documentation. Redis connectivity is now surfaced in the service health check, and all configuration is parameterized for flexible deployment.

Session Store Implementation and Integration

• Added APIToolSessionStore and APIToolSession Pydantic model to enable async CRUD operations for agentic session state, with sliding TTL and partial updates. (src/utils/api_tool_session_store.py, src/models/session_models.py) [1] [2]
• Integrated session store initialization and shutdown into the FastAPI app’s lifespan events, making the store available at app.state.session_store and handling Redis outages gracefully. (src/llm_orchestration_service_api.py) [1] [2] [3]
• Health check endpoint now reports Redis session store connectivity status. (src/llm_orchestration_service_api.py)

Infrastructure and Configuration

• Added Redis connection management utilities, including async client initialization, teardown, and health checking, with environment-variable-based configuration for host, port, password, and DB selection. (src/utils/redis_client.py, env.example) [1] [2]
• Updated Docker Compose files to inject Redis connection settings as environment variables, ensure the LLM orchestration service depends on Redis, and expose configuration for the session DB. (docker-compose.yml, docker-compose-ec2.yml) [1] [2] [3] [4]

Documentation and Dependencies

• Added a comprehensive usage guide for the Redis session store, including example CRUD patterns and schema reference. (docs/REDIS_SESSION_STORE.md)
• Declared redis[hiredis] as an application dependency and updated lint configuration to allow dynamic field updates in the session store. (pyproject.toml) [1] [2]

[Thirunayan22]

Review Overview

Verdict: Request Changes — 2 critical issues must be resolved before merge.

Issues by Severity

Critical

• Hardcoded Redis password in docker-compose files (violates ADR SEC-001)
• Race condition in update() — non-atomic read-modify-write

High

• No TLS support despite existing TLS config vars in env.example
• Silent None fallback with no consumer feedback mechanism
• Global mutable state for Redis client singleton

Medium

• update() accepts arbitrary **kwargs with no field validation
• REDIS_SESSION_DB misplaced in env.example
• No integration tests — all Redis interactions mocked
• Dead code in documentation usage example

Low

• close_redis_client() outside try/except in shutdown path
• Legacy typing.Dict / typing.Optional imports (Python 3.12 project)

ADR Compliance

ADR	Status	Notes
SEC-001: Secrets Management	VIOLATION	Default password myredissecret hardcoded in compose files
ARCH-001: Modular Architecture	PASS	Clean module separation
VIS-003: Observability Contracts	PARTIAL	Health check present, no /metrics for session ops
DATA-001: Client Data Boundary	NEEDS REVIEW	Session data may contain user-provided params
NOOPS-004: Fault Tolerance	PARTIAL	Graceful degradation present, no retry/backoff
LOG-001: Structured Logging	PARTIAL	Loguru used, not JSON schema per ADR