Add AG-UI protocol for message streaming #472
Conversation
This comment has been minimized.
This comment has been minimized.
Claude Code ReviewSummaryThis PR implements a major architectural refactoring transitioning from WebSocket to AG-UI protocol (HTTP/SSE). 55 files changed: +6,732/-4,224 lines. Overall Assessment: Well-structured implementation with several CRITICAL concurrency and error handling issues that must be fixed before merge. Critical Issues (Must Fix)
Major Issues (Should Fix)
Positive Highlights✅ Well-structured AG-UI protocol types Recommendation: Request changes for CRITICAL issues (1-6), then re-review. 🔍 View AI decision process (logs available for 90 days) 📋 View memory system files loaded (click to expand)What Amber Loaded for Code ReviewAmber automatically loaded these repository standards from the memory system:
Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines. |
Claude Code ReviewSummaryThis PR introduces a major architectural change by implementing the AG-UI protocol for message streaming between the frontend, backend, and runner components. The refactor moves from WebSocket-based communication to HTTP/SSE (Server-Sent Events) with a FastAPI server in the runner. While the protocol implementation appears solid, there are several critical security and architectural concerns that must be addressed before merge. Overall Assessment: 🟡 Major revision required - The protocol implementation is good, but security issues and architectural concerns need resolution. Issues by Severity🚫 Blocker Issues1. Missing User Token Authentication in AG-UI Proxy Endpoints
// agui_proxy.go:26 - HandleAGUIRunProxy
func HandleAGUIRunProxy(c *gin.Context) {
projectName := c.Param("projectName")
sessionName := c.Param("sessionName")
// ❌ MISSING: User token authentication check
// ✅ REQUIRED:
// reqK8s, _ := handlers.GetK8sClientsForRequest(c)
// if reqK8s == nil {
// c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
// return
// }
2. No RBAC Permission Checks Before Proxying
ssar := &authv1.SelfSubjectAccessReview{
Spec: authv1.SelfSubjectAccessReviewSpec{
ResourceAttributes: &authv1.ResourceAttributes{
Group: "vteam.ambient-code",
Resource: "agenticsessions",
Verb: "update", // or "get" for read-only endpoints
Namespace: projectName,
},
},
}
res, err := reqK8s.AuthorizationV1().SelfSubjectAccessReviews().Create(ctx, ssar, v1.CreateOptions{})
if err \!= nil || \!res.Status.Allowed {
c.JSON(http.StatusForbidden, gin.H{"error": "Unauthorized"})
return
}3. Unsafe Type Assertions Without Checking
// Line 159
eventType, _ := event["type"].(string) // ❌ Silent failure if type is wrong
// Line 182
eventRunID, _ := event["runId"].(string) // ❌ No validation
eventType, ok := event["type"].(string)
if \!ok {
log.Printf("Invalid event type, skipping")
return
}
🔴 Critical Issues4. Potential Goroutine Leaks in Background Stream Consumer
go func() {
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Hour)
defer cancel()
// ... long-running HTTP stream consumption
}()
// Use request context (with extended timeout)
ctx, cancel := context.WithTimeout(c.Request.Context(), 2*time.Hour)
defer cancel()
// OR: Add to sync.WaitGroup for graceful shutdown tracking5. Missing Error Context in Logs
// agui.go:78
log.Printf("AGUI: subscriber channel full, skipping event")
// ❌ Missing: which session? which run? which event type?
// ✅ Better:
log.Printf("AGUI: subscriber channel full for session %s run %s, skipping event %s",
sessionID, runID, eventType)6. No Rate Limiting on /agui/run Endpoint
7. Long Timeout Without Justification
🟡 Major Issues8. Frontend Hook Uses
9. Inconsistent Error Handling Patterns
10. Missing Tests for New AG-UI Endpoints
11. Removed WebSocket Code Without Deprecation Warning
12. Event Compaction Logic Complexity
🔵 Minor Issues13. Magic Numbers in Code
14. Inconsistent Naming Conventions
15. Build Metadata Implementation
16. Frontend: Missing Loading States on Buttons
17. Removed
Positive Highlights✅ Well-Structured Protocol Implementation: AG-UI types and events follow the spec closely RecommendationsImmediate Actions (Before Merge)
Post-Merge Improvements
Architecture Questions
Pre-Merge Checklist
VerdictStatus: The AG-UI protocol implementation is architecturally sound and well-structured, but the missing authentication and authorization checks are critical security vulnerabilities that violate established patterns in CLAUDE.md. Once security issues are addressed and tests are added, this will be a solid improvement to the platform. Estimated effort to fix blockers: 4-6 hours Happy to review again after fixes! 🚀 🔍 View AI decision process (logs available for 90 days) 📋 View memory system files loaded (click to expand)What Amber Loaded for Code ReviewAmber automatically loaded these repository standards from the memory system:
Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines. |
Gkrumbach07
force-pushed
the
ui-cleanup
branch
from
b2f666e to
5986ced
Compare
Claude Code ReviewSummaryThis PR introduces the AG-UI protocol for message streaming, replacing the previous WebSocket-based communication with a modern HTTP/SSE approach. The changes are extensive (7,286 additions, 4,369 deletions across 58 files). While the architectural direction is sound, there are critical security, error handling, and code quality issues that must be addressed before merging. Overall Assessment: Requires significant revisions - Multiple blocker and critical issues identified. Issues by SeverityBlocker Issues1. Global mutable state without proper synchronization (components/backend/websocket/agui.go:23-36) Problem: Package-level global state with nested maps. The nested map structure is not fully protected by RWMutex when inner maps are modified. 2. Missing RBAC validation in AG-UI proxy endpoints (components/backend/routes.go:83-90) Problem: New AG-UI endpoints lack ValidateProjectContext() middleware. Users can access endpoints without RBAC checks. 3. Potential goroutine leaks in subscriber management (components/backend/websocket/agui.go:53-66) Problem: No cleanup mechanism when runs finish. Channels closed without checking if already closed. Critical Issues4. Missing user-scoped client usage in proxy handlers (components/backend/websocket/agui_proxy.go:24-100) Problem: Proxy handlers use package-level K8s clients without user token validation. Violates authentication pattern. 5. Error handling doesn't follow established patterns (components/backend/websocket/agui_proxy.go) Problem: Generic error messages, no differentiation between error types, missing structured logging. 6. Type safety violations in unstructured access Need to verify: All obj.Object["field"].(Type) patterns replaced with unstructured.Nested* helpers. Major Issues7. Frontend: Multiple 'any' type violations (components/frontend/src/hooks/use-agui-stream.ts:66) Problem: Violates Zero 'any' Types rule. pendingToolCalls and pendingChildren lack proper types. 8. Operator: Missing OwnerReferences validation (components/operator/internal/handlers/sessions.go) Need to verify created resources have proper OwnerReferences set for cleanup. 9. Build metadata creates unnecessary cache invalidation (Makefile, Dockerfiles) Problem: Every commit triggers full rebuild due to LABEL changes, defeating Docker layer caching. 10. Missing tests for new AG-UI functionality No test files added for agui.go, agui_proxy.go, compaction.go, use-agui-stream.ts Minor Issues11. Inconsistent image naming - Changed from hyphens to underscores without migration path Positive Highlights
RecommendationsPriority 1 (Must Fix Before Merge):
Priority 2 (Should Fix Before Merge): Priority 3 (Can Address Post-Merge): Files Requiring Immediate Attention
Verdict: Significant architectural improvement, but critical security and stability issues must be resolved before merging. 🔍 View AI decision process (logs available for 90 days) 📋 View memory system files loaded (click to expand)What Amber Loaded for Code ReviewAmber automatically loaded these repository standards from the memory system:
Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines. |
Claude Code ReviewSummaryThis PR introduces the AG-UI Protocol for event streaming, replacing the legacy WebSocket-based messaging system with HTTP/SSE. This is a major architectural change affecting all components (backend, frontend, operator, runner). The changes are extensive (7,459 additions, 4,369 deletions across 59 files). Issues by SeverityBlocker IssuesNone identified - No critical security vulnerabilities or architectural violations found. Critical Issues
Major Issues
Minor Issues
Positive Highlights
RecommendationsBefore Merge:
After Merge: Architecture ValidationFollows Project Standards:
Security Standards Met:
Needs Verification:
Overall AssessmentThis is a well-executed major refactoring that modernizes the messaging architecture. The AG-UI protocol implementation is solid, with good type safety and security practices. Main concerns are goroutine lifecycle management, missing test coverage, and documentation gaps. Code quality is high. Recommendation: Approve with required changes (address critical RBAC and goroutine cleanup issues before merge). Review by Claude Code (claude-sonnet-4-5) 🔍 View AI decision process (logs available for 90 days) 📋 View memory system files loaded (click to expand)What Amber Loaded for Code ReviewAmber automatically loaded these repository standards from the memory system:
Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines. |
- Removed the autoTriggerInitialPrompt function from the backend, delegating initial prompt execution to the runner on startup. - Updated the StartSession handler to reflect changes in initial prompt handling, ensuring events flow through the backend for both UI and headless/API usage. - Adjusted frontend logic to remove direct initial prompt sending, relying on backend auto-execution instead. - Refactored session reconciliation logic to directly call runner endpoints for adding and removing repositories and changing workflows, enhancing integration and simplifying the codebase. These changes improve the clarity and efficiency of session management, ensuring a more robust handling of initial prompts and repository workflows. refactor: Enhance ToolCall structure and event handling - Added ParentToolUseID field to the ToolCall struct for hierarchical tool call support. - Refactored event handling in getCompactedMessages and compactEventsToState to utilize a map for tracking tool call states, improving management of parallel tool calls. - Updated logic to ensure all relevant fields are captured during tool call events, enhancing event completeness and traceability. These changes improve the clarity and functionality of tool call processing within the AGUI framework. refactor: Streamline AG-UI event handling and improve logging - Refactored the sendInitialSyncEvents function to load and compact events at read-time, enhancing performance and compliance with AG-UI specifications. - Updated logging to provide clearer insights into event loading and message snapshot sending, improving traceability during event processing. - Removed the getCompactedMessages function, consolidating message handling logic to simplify the codebase and improve maintainability. These changes enhance the efficiency and clarity of AG-UI event handling, ensuring better performance and easier debugging. refactor: Implement hierarchical tool message rendering - Enhanced the ProjectSessionDetailPage to support hierarchical tool message rendering, allowing for nested tool calls to be displayed under their parent tools. - Updated the StreamMessage and ToolMessage components to handle and visualize hierarchical tool messages, including child tool calls. - Introduced new types for HierarchicalToolMessage and updated existing types to accommodate parent-child relationships in tool calls. These changes improve the clarity and organization of tool call displays, enhancing the user experience in managing complex tool interactions. refactor: Improve AGUI event handling and logging - Refactored the handling of TOOL_CALL_START events to ensure all relevant fields are returned, enhancing event completeness. - Added debug logging for tool call start and end events, providing better visibility into the tool call lifecycle and pending tool calls. - Cleared pending tool calls after flushing to maintain state integrity. These changes enhance the clarity and traceability of AGUI event processing. refactor: Remove nested styling marker from ProjectSessionDetailPage - Cleaned up the ProjectSessionDetailPage by removing the nested styling marker, as it is no longer necessary. - Updated the useAGUIStream hook to ensure tool calls are added only if they exist, improving the handling of tool messages. This refactor enhances code clarity and maintains functionality without the redundant nested marker. feat: Implement hierarchical tool call rendering for sub-agents - Runner: Emit parentToolUseId in TOOL_CALL_START events - Backend: Add ParentToolUseID field to ToolCallStartEvent - Frontend: Build tool hierarchy by nesting children under parent tools - Frontend: Render nested tools under parent tool cards - Frontend: Support sub-agent visualization with proper parent-child relationships This enables proper visualization of sub-agent delegations where child tool calls (WebSearch, etc.) are rendered inside the parent Task tool card. fix: Adjust TEXT_MESSAGE_END emission logic in ClaudeCodeAdapter - Updated the logic to delay emitting TEXT_MESSAGE_END until after processing ResultMessage. - This change ensures that the stop_reason can be checked for 'tool_use', allowing for proper handling of subsequent blocks. This fix improves the message handling flow and prevents premature termination of message sequences. feat: Implement build metadata system for enhanced traceability - Added build metadata capture in Makefile, including Git commit, branch, repository, version, build date, and user. - Updated Dockerfiles across components to accept build arguments for metadata and set them as environment variables. - Enhanced backend and operator to log build information on startup, embedding metadata directly into binaries. - Introduced frontend instrumentation to log build details during server startup. - Created documentation detailing the build metadata system and its usage. This system improves traceability of deployed images and simplifies debugging by providing clear versioning information at runtime. fix: AG-UI event streaming and tool call display fixes - Backend: Return full event structs with all fields (toolCallId, toolCallName, delta, result) - Backend: Preserve user message IDs from frontend to prevent duplicates - Backend: Parse AG-UI events in getCompactedMessages() for message persistence on refresh - Backend: Handle TEXT_MESSAGE_*, TOOL_CALL_*, and RAW events in legacy storage - Frontend: Display tool calls immediately on TOOL_CALL_START (don't wait for END) - Frontend: Show streaming tool args as they accumulate - Frontend: Include toolCalls array in completed tool messages with args/result - Frontend: Graceful error logging (suppress ResponseAborted, ECONNREFUSED during restarts) - Frontend: Safer tool arg parsing with validation - Runner: Emit TEXT_MESSAGE_END after processing all blocks (keeps tools with message) Fixes: tool calls not showing, messages disappearing on refresh, duplicate user messages feat: Enhance AG-UI Event Handling with Full Event Broadcasting This commit introduces significant improvements to the AG-UI event handling system, enabling the broadcasting of full events with all fields, enhancing the messaging capabilities within sessions. - **AGUIRunState**: Added `fullEventSub` map to manage full event subscribers. - **BroadcastFull Method**: Implemented to send full events to subscribers, alongside legacy BaseEvent notifications. - **Event Extraction**: Enhanced `extractBaseEvent` function to support various AG-UI event types. - **Session Handling**: Updated `HandleAGUIRun` and `HandleAGUIEvents` to accommodate full event subscriptions and broadcasting. - **Frontend Integration**: Adjusted hooks and components to utilize the new event streaming capabilities. - Improved real-time event handling for enhanced user experience. - Simplified event management by consolidating full event broadcasting logic. - Increased flexibility in handling different event types within the AG-UI framework. 🤖 Generated with [Claude Code](https://claude.com/claude-code) feat: Integrate AG-UI Protocol for enhanced session messaging This commit introduces the AG-UI Protocol to improve the messaging system within sessions, allowing for real-time streaming and better event handling. - **Backend**: Added AG-UI endpoints for session management in `routes.go`. - **WebSocket**: Implemented broadcasting of AG-UI events in `hub.go`. - **Frontend**: Replaced legacy message handling with AG-UI streaming in `page.tsx`, including hooks for managing AG-UI streams. - **Message Adapter**: Removed the old message adapter and integrated new message handling logic directly in the session detail page. - **UI Components**: Updated message components to support streaming indicators and new message formats. - Enhanced user experience with real-time message updates. - Simplified message handling logic by removing the old adapter. - Improved maintainability and scalability of the messaging system. 🤖 Generated with [Claude Code](https://claude.com/claude-code) refactor: Transition to AG-UI Protocol for session messaging - Removed legacy message handling endpoints in `routes.go`, consolidating to AG-UI protocol. - Updated WebSocket handlers to route AG-UI events directly, simplifying message processing. - Eliminated deprecated functions for message retrieval and control messaging, enhancing clarity and maintainability. - Integrated AG-UI event streaming in frontend components, replacing previous message handling logic. - Improved logging for AG-UI event processing, providing better insights during runtime. These changes streamline the messaging system, ensuring real-time updates and a more efficient architecture. refactor: Streamline AGUI event handling and improve compaction strategy - Updated `RouteAGUIEvent` to prevent lazy run creation for terminal events, enhancing event processing logic. - Removed legacy functions `loadCompactedMessages` and `compactAndPersistRun`, transitioning to a "compact-on-read" strategy to eliminate race conditions and simplify event management. - Enhanced logging for AGUI events to provide better insights during runtime. - Updated WebSocket message handling to ensure proper event type assignment and routing. These changes improve the efficiency and clarity of AGUI event handling, ensuring better performance and easier debugging. refactor: Enhance AGUI event handling and compaction logic - Updated the `streamThreadEvents` function to only compact events from completed runs, improving event processing and preventing duplicates from active runs. - Introduced logic to filter out events from active runs and log relevant information for better traceability. - Modified the `MessageCompactor` to ensure in-progress tool calls are not included in snapshots, enhancing the clarity of event messages. - Enhanced the frontend to support rendering of pending tool calls and children, improving the user experience during streaming. - Updated the `useAGUIStream` hook to manage pending tool calls and children, ensuring accurate state representation in the UI. These changes streamline AGUI event handling, improve performance, and enhance the overall user experience during tool call streaming. feat: Add python-struct dependency and enhance JSON parsing for Python literals - Introduced the `python-struct` package to handle structured data parsing. - Implemented a helper function `pythonLiteralToJson` to convert Python literal strings to JSON-parseable format, improving compatibility with legacy data. - Enhanced the `extractTextFromResultContent` function to support parsing both JSON and Python notations, ensuring robust handling of various content formats. - Updated the `ClaudeCodeAdapter` to use `json.dumps()` for proper JSON serialization of results, enhancing data integrity in tool calls. These changes improve data handling and parsing capabilities, facilitating better integration with Python-based content. refactor: Enhance AGUI event logging and compaction logic - Improved logging for AGUI events, including detailed messages for user events and active run processing. - Updated the `persistAGUIEventMap` function to log successful persistence of user messages. - Enhanced the `streamThreadEvents` function to accurately determine active runs by checking for terminal events, improving event handling. - Modified the `MessageCompactor` to flush user messages immediately upon completion, ensuring timely processing. - Added checks for actual content in tool messages to improve user experience and clarity in the frontend. These changes enhance the clarity and efficiency of AGUI event handling, providing better insights during runtime and improving overall user experience. feat: Implement AG-UI Protocol for enhanced session management and event streaming - Introduced a new AG-UI server for Claude Code, replacing legacy WebSocket communication with HTTP/SSE for event streaming. - Updated backend routes to support AG-UI protocol, including new endpoints for session management and event handling. - Implemented a proxy mechanism in the backend to forward AG-UI run requests to the FastAPI server, enhancing real-time communication. - Enhanced frontend components to utilize the new AG-UI event streaming capabilities, ensuring seamless integration with the updated backend. - Improved logging and error handling for AG-UI events, providing better insights during runtime. These changes significantly enhance the messaging system, enabling real-time updates and a more efficient architecture for session management. refactor: Remove legacy WebSocket handling and transition to AG-UI protocol - Eliminated WebSocket-related code, including handlers and connection management, as the AG-UI server now utilizes HTTP/SSE for event streaming. - Updated backend to remove references to WebSocket URLs and legacy message handling, streamlining session communication. - Adjusted frontend components to load initial message history via GET /agui/events and connect to AG-UI streams for live updates. - Enhanced logging and error handling to align with the new AG-UI protocol, improving runtime insights. These changes significantly modernize the messaging architecture, ensuring a more efficient and maintainable system. refactor: Update AGUI proxy handling and improve event streaming - Refactored the AGUI proxy to initiate background processing for HTTP requests, ensuring the connection remains open for SSE streams. - Enhanced error handling and logging for background requests, improving traceability of failures. - Updated frontend components to reflect changes in AGUI run endpoint behavior, returning metadata immediately instead of streaming responses. - Improved handling of tool call events in the MessageCompactor to support both camelCase and snake_case formats, enhancing compatibility with different data sources. These changes streamline the AGUI event handling process, ensuring better performance and user experience during session management. feat: Add interrupt functionality for AG-UI sessions - Introduced a new endpoint to handle interrupt signals for AG-UI sessions, allowing users to stop ongoing executions. - Implemented backend logic to forward interrupt requests to the Claude SDK, ensuring seamless integration with the existing session management. - Updated frontend components to utilize the new interrupt functionality, providing users with a clear option to stop active runs. - Enhanced message compaction logic to filter out hidden messages, improving the clarity of displayed messages during session interactions. These changes enhance user control over session executions and improve the overall user experience in managing AG-UI sessions. Enhance AGUI security and authorization checks - Added user authentication and authorization checks for AGUI session management, ensuring users have the necessary permissions to update and read session data. - Implemented SelfSubjectAccessReview for verifying user permissions against Kubernetes resources, improving security posture. - Updated event handling functions to include context cancellation checks, enhancing robustness during long-running operations. These changes strengthen the security framework of the AGUI system, ensuring proper access control and improving overall event handling reliability. Refactor AGUI event handling and logging - Removed unnecessary logging statements from the AGUI backend, improving code clarity and reducing log noise. - Updated frontend components to eliminate redundant console logs, enhancing performance and maintainability. - Streamlined event processing logic to focus on essential operations, ensuring efficient handling of AGUI events. These changes enhance the overall efficiency of AGUI event management and improve the clarity of the codebase.
Gkrumbach07
force-pushed
the
ui-cleanup
branch
from
4888f4e to
18e2030
Compare
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
…bient-code#469) Signed-off-by: Michael Clifford
Gkrumbach07
force-pushed
the
ui-cleanup
branch
from
18e2030 to
43367ab
Compare
Claude Code ReviewSummaryThis PR introduces the AG-UI protocol for message streaming, replacing the legacy WebSocket system with HTTP/SSE-based event streaming. This is a major architectural change that touches 61 files across backend, frontend, operator, and runner components. Overall Assessment: The implementation follows most project standards, but there are several critical security and architectural issues that must be addressed before merge. Issues by Severity🚫 Blocker Issues1. RBAC Authorization Checks Missing in Critical Endpoints
✅ GOOD: The proxy correctly uses Evidence: // agui_proxy.go - CORRECT pattern
reqK8s, _ := handlers.GetK8sClientsForRequest(c)
if reqK8s == nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid or missing token"})
return
}
// RBAC check follows...But in
Impact: Users could access sessions they don't have permission to view. Fix Required: Add identical authentication and RBAC checks to all AGUI endpoints. 2. Direct Type Assertions Without Safety Checks
messageID, _ := event["messageId"].(string) // ❌ Ignoring 'ok' check
role, _ := event["role"].(string) // ❌ Ignoring 'ok' checkThis violates Critical Rule #4 from CLAUDE.md:
Impact: Panics if event structure is unexpected. Fix Required: Check the 3. Goroutine Without Context Cancellation
go func() {
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Hour)
defer cancel()
// ...
}()Issue: Uses Impact: Goroutine leaks, unbounded resource consumption. Fix Required: Add session deletion listener or backend shutdown handler to cancel these contexts. 🔴 Critical Issues4. Frontend: Missing Type Safety
if (hiddenMessageIdsRef.current.has(messageId)) {
newState.currentMessage = null;
return newState;
}No type guard to ensure if (typeof messageId === 'string' && hiddenMessageIdsRef.current.has(messageId)) {This violates Frontend Critical Rule #1: Zero 5. Error Handling: Generic Error Messages
c.JSON(http.StatusServiceUnavailable, gin.H{"error": "Runner not available"})✅ GOOD: Generic message to user Should be: log.Printf("Failed to get runner endpoint for %s/%s: %v", projectName, sessionName, err)
c.JSON(http.StatusServiceUnavailable, gin.H{"error": "Runner not available"})6. Python: Missing Exception Handling in Adapter
The 🟡 Major Issues7. Build Metadata: Embedding in Binaries Not Verified
Build args are passed correctly, but the review cannot confirm these are actually embedded in the binaries. Verify with: strings <binary> | grep -i "git_commit"8. Frontend: Large File Size
Per Frontend Pre-Commit Checklist: Components should be under 200 lines. Recommendation: Extract event processing logic into separate files:
9. No Tests Added A PR this large (7475 additions, 4384 deletions) should include:
10. Removed Components Without Migration Guide Files removed:
No migration guide or deprecation notice in commit message or documentation. 🔵 Minor Issues11. Inconsistent Logging Some functions log verbosely, others are silent. Example:
Recommendation: Standardize logging levels and add debug logs consistently. 12. Magic Numbers
context.WithTimeout(context.Background(), 2*time.Hour)Should use a named constant: 13. Frontend: Python Literal Parsing
Question: Why are Python literals in JSON responses? This suggests the backend is not properly serializing data. Fix at the source (Python Positive Highlights✅ Excellent security practices in ✅ Good separation of concerns between backend proxy and runner FastAPI server ✅ Type safety in AG-UI event types (both Go and TypeScript) ✅ Proper use of SSE for event streaming instead of WebSocket (simpler, more reliable) ✅ Build metadata system improves traceability and debugging ✅ Comprehensive AG-UI protocol types with clear documentation references ✅ Error handling patterns mostly follow established standards RecommendationsBefore Merge (Blockers)
After Merge (Critical)
Nice-to-Have (Major/Minor)
Security Checklist Status
Final VerdictThis PR implements a well-architected protocol migration, but has 3 blocker security/stability issues that must be fixed before merge:
The positive aspects (clean protocol design, proper SSE usage, build metadata) are excellent. Once the blockers are addressed, this will be a solid foundation for AG-UI protocol support. Recommendation: Address blockers, then merge with follow-up issues for tests and refactoring. 🔍 View AI decision process (logs available for 90 days) 📋 View memory system files loaded (click to expand)What Amber Loaded for Code ReviewAmber automatically loaded these repository standards from the memory system:
Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines. |
Claude Code ReviewSummaryThis PR introduces the AG-UI protocol for message streaming, replacing the legacy WebSocket-based communication with HTTP/SSE. This is a major architectural refactoring involving 61 files with ~7,500 additions and ~4,400 deletions across backend, frontend, operator, and runner components. Overall Assessment: The implementation shows solid technical execution with good adherence to AG-UI protocol specifications. However, there are several critical security, error handling, and code quality issues that must be addressed before merging. Issues by Severity🚫 Blocker Issues1. CRITICAL: Goroutine Leak Risk in Background ProxyFile: go func() {
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Hour)
defer cancel()
// ... long-running HTTP request
}()Problem: Uses
Required Fix:
Reference: CLAUDE.md lines 817-851 (Goroutine Monitoring pattern) 2. CRITICAL: Missing Error Context in Backend HandlersFiles:
reqK8s, _ := handlers.GetK8sClientsForRequest(c) // ❌ Ignoring error
if reqK8s == nil {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid or missing token"})
}Problem: Violates CLAUDE.md error handling pattern (lines 529-552). Should:
Required Fix: reqK8s, reqDyn := handlers.GetK8sClientsForRequest(c)
if reqK8s == nil {
log.Printf("AGUI: Failed to create K8s client for %s/%s", projectName, sessionName)
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid or missing token"})
c.Abort()
return
}3. CRITICAL: Type Assertion Without Safety CheckFile: eventType, ok := event["type"].(string)
if !ok {
log.Printf("AGUI: Event missing type field, skipping")
return
}Problem: Only checks
Required Fix: Use 🔴 Critical Issues4. Security: RBAC Check Missing for GET Events EndpointFile: Problem: Frontend proxies to backend without RBAC validation. While backend has auth on Current: export async function GET(request: Request, { params }: { params: Promise<RouteParams> }) {
// No RBAC check here - just proxies to backend
}Required: Add permission check or document that frontend routes are public (rely on backend auth only). Reference: CLAUDE.md lines 638-657 (RBAC Enforcement) 5. Error Handling: Silent Failures in Message PersistenceFile: Problem: Multiple
Impact: Message loss is silent - users won't know events failed to persist. Required Fix: Add error logging and status field in AgenticSession CR for persistence failures. 6. Frontend: Unsafe JSON ParsingFile: Problem: Uses Current: const parsed = JSON.parse(toolCall.args) // ❌ Can throwRequired Fix: try {
const parsed = JSON.parse(toolCall.args)
// use parsed
} catch (e) {
// Fallback to raw string display
}Reference: CLAUDE.md lines 1115-1136 (Frontend error handling) 🟡 Major Issues7. Code Quality: 791-Line Hook Violates Size LimitFile: Problem: Violates CLAUDE.md frontend guideline (line 1128): "Components under 200 lines" Required: Extract sub-hooks:
8. Architecture: 1157-Line Backend FileFile: Problem: Violates Go package organization (CLAUDE.md lines 454-494). Should split into:
9. Missing Tests for New AG-UI EndpointsProblem: No test files added for critical new functionality:
Required: Add integration tests (see CLAUDE.md lines 1037-1044) 10. Frontend: Multiple
|
- Updated the event handling logic in `handleStreamedEvent` to use a switch statement for better clarity and maintainability. - Removed deprecated functions and unnecessary variables from `agui.go`, streamlining the codebase. - Enhanced the `MessageCompactor` to improve message visibility by removing unnecessary whitespace. These changes enhance the clarity and efficiency of AGUI event processing, ensuring better performance and easier debugging.
Claude Code ReviewSummaryThis PR implements the AG-UI protocol for message streaming. Major architectural change with ~5,000 lines modified. Has critical security and code quality issues that must be addressed. Blocker Issues1. Panic in Production Code (agui.go:383-390) - Violates CLAUDE.md Rule 2 Critical Issues4. Unchecked Type Assertions - Violates CLAUDE.md Rule 4 Major Issues
Positive Highlights
Required Before Merge
Recommendation: DO NOT MERGE until blockers fixed. Full details available on request. cc @Gkrumbach07 🔍 View AI decision process (logs available for 90 days) 📋 View memory system files loaded (click to expand)What Amber Loaded for Code ReviewAmber automatically loaded these repository standards from the memory system:
Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines. |
- Updated `loadEventsForRun` to include automatic migration from legacy message formats if the event log file does not exist. - Added error handling and logging for migration failures, ensuring better traceability during the event loading process. - Implemented filtering of events by `runID` to improve event retrieval accuracy. These changes improve the robustness of event loading and enhance compatibility with legacy data formats.
Claude Code ReviewSummaryThis PR implements the AG-UI Protocol for event streaming, replacing the legacy WebSocket-based messaging system with HTTP/SSE (Server-Sent Events). The change includes:
Overall, this is a significant architectural improvement that modernizes the messaging system. However, there are critical security issues and several areas requiring attention before merge. Issues by Severity🚫 Blocker IssuesMUST FIX BEFORE MERGE: 1. Goroutine Leak Risk in Background Proxy (
|
- Removed unnecessary logging statements in `compaction.go` to streamline message processing and improve clarity. - Updated `MigrateLegacySessionToAGUI` to handle legacy messages in JSONL format, enhancing compatibility with existing data. - Improved error handling and logging during legacy message migration, ensuring better traceability and user feedback. These changes enhance the efficiency of message compaction and improve the robustness of legacy data handling.
Claude Code ReviewSummaryThis PR introduces the AG-UI protocol for message streaming, replacing the legacy WebSocket-based communication with a standardized HTTP/SSE approach. The implementation is comprehensive (7,420 additions) and includes:
Issues by Severity🚫 Blocker IssuesNone - All critical patterns are followed correctly. 🔴 Critical Issues1. Context Leak in Background Goroutine (agui_proxy.go:145) // Line 145: Uses context.Background() instead of request context
go func() {
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Hour)
defer cancel()
// ... long-running HTTP request to runner
}()Issue: The comment justifies this as "detached from client request lifecycle", but this creates unbounded goroutines that persist even if the client disconnects. With a 2-hour timeout, this could accumulate hundreds of goroutines under heavy load. Recommendation: Use request context with appropriate cleanup: ctx, cancel := context.WithTimeout(c.Request.Context(), 2*time.Hour)
defer cancel()
// Add run state tracking to detect orphaned goroutines2. Missing Error Handling in Auto-Execute (main.py:150) # Line 150: File ends mid-function
async def auto_execute_initial_prompt(prompt: str, session_id: str):
# ... setup code
payload = {...}
# MISSING: actual HTTP POST and error handlingIssue: The Recommendation: Complete the implementation with try/except and logging. 🟡 Major Issues1. Race Condition in Run State Lookup (agui.go:114-122) // Lines 114-122: Read lock released before using activeRunState
aguiRunsMu.RLock()
for _, state := range aguiRuns {
if state.SessionID == sessionID && state.Status == "running" {
activeRunState = state
break
}
}
aguiRunsMu.RUnlock() // Lock released here
// activeRunState could be deleted/modified by another goroutine here
if activeRunState == nil {
// ... use activeRunState without lock protection
}Issue: After releasing the read lock, Recommendation: Either keep the lock held longer or copy the data under lock. 2. Unbounded Channel in AGUIRunState (agui.go:50) ch := make(chan *types.BaseEvent, 100)Issue: Hard-coded buffer size of 100. Under high event throughput (e.g., large file reads, rapid tool calls), this could block broadcasts or drop events silently. Recommendation: Either increase buffer size (1000+) or add monitoring/metrics for channel saturation. 3. Missing RBAC Check in Interrupt Endpoint (agui_proxy.go - not shown) Issue: Based on proxy pattern, Recommendation: Verify all AG-UI endpoints use 4. Frontend Type Safety Violation (use-agui-stream.ts:184) // Line 184: Using crypto.randomUUID() without fallback
const messageId = newState.currentMessage.id || crypto.randomUUID();Issue: Recommendation: Import and use 🔵 Minor Issues1. Inconsistent Logging Format (agui.go:109) log.Printf("AGUI: Event missing type field, skipping")Pattern Violation: Backend logs should include context (sessionID, runID) for debugging. See error handling patterns. Recommendation: log.Printf("AGUI: Event missing type field for session %s, skipping", sessionID)2. Magic Numbers Without Constants (agui.go:197) go scheduleRunCleanup(runID, 5*time.Minute)Recommendation: Extract to constant: const RunCleanupDelay = 5 * time.Minute
go scheduleRunCleanup(runID, RunCleanupDelay)3. Inconsistent Build Metadata Handling (Makefile:44-50) The Makefile uses different variable names ( Recommendation: Remove unused 4. Removed Dependency Not Explained (go.mod:13) - github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674Issue: Removed without migration notes. While obvious from context (WebSocket → AG-UI migration), this should be documented in PR description or commit message. 5. Frontend: Missing Loading/Error States (use-agui-stream.ts) The hook tracks Recommendation: Add Positive Highlights✅ Excellent Security Practices
✅ Proper Error Handling Patterns
✅ Type Safety Enforced
✅ Clean Architecture
✅ Comprehensive AG-UI Implementation
✅ Build Metadata Tracking
RecommendationsPriority 1 (Before Merge):
Priority 2 (Can Address Later):
Priority 3 (Nice-to-Have):
Testing RecommendationsBefore merging:
Follow-up:
Overall Assessment: This is a well-architected migration from WebSocket to AG-UI protocol. The code follows project standards closely, with proper authentication, error handling, and type safety. The critical issues (context leak, incomplete function) are fixable pre-merge. The major issues (race conditions, channel sizing) are manageable risks that can be monitored. Recommendation: Approve with changes - Address Priority 1 items before merge. 🔍 View AI decision process (logs available for 90 days) 📋 View memory system files loaded (click to expand)What Amber Loaded for Code ReviewAmber automatically loaded these repository standards from the memory system:
Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines. |
- Removed the `sendWebSocketMessageViaBackend` function from `sessions.go`, streamlining the message handling process. - Eliminated the no-op `SendMessageToSession` function in `test_helpers_test.go`, simplifying test setup. These changes enhance code clarity and maintainability by removing outdated message handling logic.
Claude Code ReviewSummaryThis PR implements the AG-UI protocol for real-time event streaming, introducing a major architectural improvement to message handling. The implementation demonstrates solid security practices with proper authentication and RBAC enforcement throughout. However, there are critical type safety issues that must be addressed before merge. Overall Assessment: APPROVE WITH REQUIRED CHANGES Issues by Severity🚫 Blocker IssuesNone - All blocking security and authentication patterns are correctly implemented. 🔴 Critical Issues (MUST FIX)1. Backend: Unsafe Type Assertions Violate Type Safety StandardLocation: // ❌ UNSAFE: Direct type assertion without checking
if spec, ok := item.Object["spec"].(map[string]interface{}); ok {
// ...
}Required Fix: Use // ✅ CORRECT pattern (already used in agui_proxy.go)
spec, found, err := unstructured.NestedMap(item.Object, "spec")
if err \!= nil || \!found {
log.Printf("AGUI: Failed to get spec for %s/%s", projectName, sessionName)
return map[string]interface{}{"phase": "Unknown"}, nil
}Why It Matters: Type assertions can panic if structure changes. This violates the established type-safety pattern used throughout the codebase. 2. Backend: Panic Recovery Without Error Event to ClientLocation: // ❌ BAD: Panic caught silently, client sees no error
defer func() {
if r := recover(); r \!= nil {
log.Printf("AGUI: panic in sendInitialSyncEvents: %v", r)
}
}()Required Fix: Handle errors explicitly, emit error events to client // ✅ CORRECT: Explicit error handling
if err := sendInitialSyncEvents(c, runState, projectName, sessionName); err \!= nil {
log.Printf("AGUI: Failed to send initial sync events: %v", err)
errorEvent := &types.RunErrorEvent{
BaseEvent: types.NewBaseEvent(types.EventTypeRunError, runState.ThreadID, runState.RunID),
Error: fmt.Sprintf("Failed to initialize stream: %v", err),
}
writeSSEEvent(c.Writer, errorEvent)
return
}Why It Matters: Silent failures leave clients in undefined state. Per CLAUDE.md: "Never panic in production code" - use explicit error returns. 3. Frontend: Use of
|
| Category | Score | Notes |
|---|---|---|
| Security | 10/10 | Perfect auth/RBAC implementation |
| Error Handling | 7/10 | Good patterns, some silent failures |
| Type Safety | 6/10 | Unsafe assertions, any usage |
| Architecture | 9/10 | Clean separation, good design |
| Testing | 4/10 | Missing critical test coverage |
| Overall | 8/10 | Solid implementation with fixable issues |
Conclusion
This PR represents a significant architectural improvement with proper security and thoughtful design. The AG-UI protocol integration is well-executed and follows established patterns from the codebase.
Fix the 3 critical issues (type safety, panic recovery, any types), then this is ready to merge. The goroutine lifecycle management should be addressed to prevent resource leaks in production.
Great work on maintaining security standards throughout! 🎉
🔍 View AI decision process (logs available for 90 days)
📋 View memory system files loaded (click to expand)
What Amber Loaded for Code Review
Amber automatically loaded these repository standards from the memory system:
- CLAUDE.md - Master project instructions, development standards
- backend-development.md - Go backend, K8s integration patterns
- frontend-development.md - NextJS, Shadcn UI, React Query patterns
- security-standards.md - Auth, RBAC, token handling
- k8s-client-usage.md - User token vs service account patterns
- error-handling.md - Consistent error patterns
- react-query-usage.md - Data fetching patterns
Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.
1 participant
No description provided.