Agent #19
Merged
Agent #19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Implement handle_attach_file method in ChatService to attach user files to sessions via S3 key - Update WebSocket connection adapter to authenticate user from query params or config fallback - Handle "attach_file" message type in WebSocket endpoint, calling handle_attach_file with authenticated user - Ensures file ownership verification and adds file to session context securely
Update websocket endpoint to authenticate users primarily through X-Authenticated-User header set by authenticated reverse proxy in production, falling back to insecure query parameter for local development. Add comprehensive security documentation explaining the authentication flow, production requirements, and risks of direct access. This ensures secure connections in production while maintaining development flexibility.
Relocated the /files/healthz endpoint to appear before the /files/{file_key:path} route in files_routes.py to avoid path capture conflicts in the router. The endpoint now includes an explanatory note in its docstring for clarity.
Prevent leading '-' in tags by conditionally enabling SHA types: use branch prefix for branches and 'pr-' for pull requests.
- Replace template variables with ${{ github.ref_name }}, ${{ github.event_name }}, and ${{ github.ref }} for safer and more accurate branch/PR tagging
- Simplify enabling conditions for SHA tags on branches and PRs
- Set 'latest' tag only on main branch push
- Remove trailing newline_clip económicallyselectedocument at the end of the file.
- In chat service, reduced verbosity in log messages by removing server/prompt_name and filename details to streamline output. - Removed unused response variable assignment in websocket endpoint. - Eliminated unused Filter icon import from frontend component.
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…error Previously, the error log for failed file attachments included raw s3_key and exception details, potentially introducing multi-line entries or injection risks. This update strips '\n' and '\r' characters from both to ensure clean, single-line log output for better readability and security.
- Introduced new `output_filename` parameter with default "presentation" - Added `_sanitize_filename` helper to clean filenames (remove non-alphanumeric/underscore/dash, truncate to 50 chars) - Updated output paths for PPTX/HTML to use sanitized custom names instead of hardcoded ones - Reflected changes in artifacts, metadata, and display primary file references - Improves file identification for generated presentations and exports when used across multiple instances
Update json_to_pptx and markdown_to_pptx function signatures to accept Annotated[Optional[str], ...] instead of Annotated[str, ...] for output_filename, image_filename, and image_data_base64 parameters. Add None-handling logic in function bodies to use default values ("presentation" for output_filename, empty strings otherwise), preventing potential errors from None inputs and enhancing API robustness and usability.
- Add ActAgentLoop for fast, minimal-overhead tasks without reasoning steps - Update AgentLoopFactory to register "act" strategy - Document new strategy in CLAUDE.md alongside existing ReAct and Think-Act loops - Add file naming guidelines and emoji policy to CLAUDE.md - Mark agent start events with strategy type for better traceability
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for configurable agent loop strategies, introducing a new "act" strategy and refactoring the agent loop instantiation to use a factory pattern. Key changes include:
- New
AgentLoopFactoryfor creating agent loop instances based on strategy selection - Added new "act" agent loop implementation (pure action loop without explicit reasoning)
- Frontend UI controls for selecting agent loop strategy (react, think-act, act)
- Changed default strategy from "react" to "think-act" in configuration
- Improved agent event notifications to include strategy information
- Updated tool_choice behavior in agent loops to use "required" instead of "auto"
- Added customizable output filenames to PowerPoint generation tools
- Minor documentation updates and new service refactor planning document
Reviewed Changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
frontend/src/hooks/useSettings.js |
Added agentLoopStrategy to default settings with "think-act" default |
frontend/src/handlers/chat/websocketHandlers.js |
Updated agent start message to display strategy name |
frontend/src/contexts/ChatContext.jsx |
Pass agent loop strategy from settings to backend |
frontend/src/components/SettingsPanel.jsx |
Added UI controls for selecting agent loop strategy with descriptions |
backend/modules/config/manager.py |
Changed default agent loop strategy from "react" to "think-act" |
backend/main.py |
Extract and pass agent_loop_strategy parameter to chat service |
backend/application/chat/service.py |
Refactored to use AgentLoopFactory instead of direct instantiation |
backend/application/chat/agent/factory.py |
New factory class for creating agent loop instances with caching |
backend/application/chat/agent/act_loop.py |
New pure action agent loop implementation |
backend/application/chat/agent/think_act_loop.py |
Updated to emit strategy in events and use "required" tool_choice |
backend/application/chat/agent/react_loop.py |
Updated to emit strategy in events and use "required" tool_choice |
backend/application/chat/agent/__init__.py |
Export AgentLoopFactory |
backend/mcp/pptx_generator/main.py |
Added customizable output filenames and sanitization |
backend/modules/llm/litellm_caller.py |
Simplified comment about tool_choice handling |
backend/modules/file_storage/s3_client.py |
Added log sanitization helper function |
config/overrides/llmconfig.yml |
Updated model configuration (appears to be test data) |
config/overrides/messages.txt |
Added test message file |
docs/service-refactor-plan.md |
New architecture planning document |
CLAUDE.md |
Updated documentation for agent strategies and file naming guidelines |
.env.example |
Added AGENT_LOOP_STRATEGY configuration |
| AgentLoopProtocol instance | ||
| Raises: | ||
| ValueError: If strategy is not recognized |
There was a problem hiding this comment.
The docstring claims this method raises ValueError if the strategy is not recognized, but the implementation actually falls back to 'react' with a warning (lines 83-88) instead of raising an exception. Either update the docstring to reflect the actual behavior or implement the documented exception.
Comment on lines
+120
to
+125
| model, messages, data_sources, tools_schema, context.user_email, "required", temperature=temperature | ||
| ) | ||
| else: | ||
| llm_response = await self.llm.call_with_tools( | ||
| model, messages, tools_schema, "required", temperature=temperature | ||
| ) |
There was a problem hiding this comment.
The tool_choice parameter was changed from 'auto' to 'required' in the action loop. This is a potentially breaking behavior change that could cause failures with LLM providers that don't support 'required'. While the LiteLLM caller has fallback logic, this change should be accompanied by tests to verify the fallback behavior works correctly in agent mode, or the tool_choice should remain 'auto' to maintain existing behavior.
Comment on lines
+216
to
221
| model, messages, data_sources, tools_schema, context.user_email, "required", temperature=temperature | ||
| ) | ||
| else: | ||
| llm_response = await self.llm.call_with_tools( | ||
| model, messages, tools_schema, "auto", temperature=temperature | ||
| model, messages, tools_schema, "required", temperature=temperature | ||
| ) |
There was a problem hiding this comment.
Same as think_act_loop.py: changing tool_choice from 'auto' to 'required' could cause failures with LLM providers that don't support 'required'. This behavior change needs test coverage or should be reverted to maintain compatibility.
backend/mcp/pptx_generator/main.py
Outdated
Comment on lines
71
to
72
| # Remove bad characters (anything not alphanumeric, underscore, or dash) | ||
| sanitized = re.sub(r'[^\w\-]', '', filename) |
There was a problem hiding this comment.
The regex pattern [^\w\-] removes all non-alphanumeric characters except underscore and dash, but it will also remove dots (periods). This means if a user passes 'my.file.name', it becomes 'myfilename', losing the dot separators. Consider preserving dots: r'[^\w\-.]' or documenting this behavior clearly.
Suggested change
| # Remove bad characters (anything not alphanumeric, underscore, or dash) | |
| sanitized = re.sub(r'[^\w\-]', '', filename) | |
| # Remove bad characters (anything not alphanumeric, underscore, dash, or dot) | |
| sanitized = re.sub(r'[^\w\-.]', '', filename) |
| """Factory for creating agent loop instances based on strategy.""" | ||
|
|
||
| import logging | ||
| from typing import Any, Optional |
There was a problem hiding this comment.
Import of 'Any' is not used.
Suggested change
| from typing import Any, Optional | |
| from typing import Optional |
backend/application/chat/service.py
Outdated
| # Import utilities | ||
| from .utilities import tool_utils, file_utils, notification_utils, error_utils | ||
| from .agent import AgentLoopProtocol, ReActAgentLoop, ThinkActAgentLoop | ||
| from .agent import AgentLoopProtocol, AgentLoopFactory |
There was a problem hiding this comment.
Import of 'AgentLoopProtocol' is not used.
Suggested change
| from .agent import AgentLoopProtocol, AgentLoopFactory | |
| from .agent import AgentLoopFactory |
backend/mcp/pptx_generator/main.py
Outdated
|
|
||
| def _sanitize_filename(filename: str, max_length: int = 50) -> str: | ||
| """Sanitize filename by removing bad characters and truncating.""" | ||
| import re |
There was a problem hiding this comment.
This import of module re is redundant, as it was previously imported on line 21.
Suggested change
| import re |
Comment on lines
92
to
93
| except Exception: | ||
| pass |
There was a problem hiding this comment.
'except' clause does nothing but pass and there is no explanatory comment.
Suggested change
| except Exception: | |
| pass | |
| except Exception as e: | |
| logger.warning("Failed to read agent loop strategy from config, using default '%s': %s", self.default_agent_strategy, e) |
- Remove unused imports (Any, AgentLoopProtocol) - Add explanatory comment to empty except clause - Remove redundant 're' import in pptx_generator - Fix factory.py docstring (falls back instead of raising ValueError) - Add comments explaining tool_choice='required' with fallback logic - Rename 'sanitized' variable to 'cleaned_filename' for clarity Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.