fix: resolve three architectural gaps in wrapper layer#1867
fix: resolve three architectural gaps in wrapper layer#1867praisonai-triage-agent[bot] wants to merge 2 commits into
Conversation
Gap 1: resolve_llm_endpoint() now maps model prefixes to correct provider API keys - Added provider mapping for anthropic/, groq/, google/, openrouter/, etc. - Stops hardcoding OPENAI_API_KEY for all providers - Maintains fallback to OPENAI_API_KEY for default OpenAI models Gap 2: SubprocessSandbox now enforces SecurityPolicy and ResourceLimits - Builds child environment from policy instead of copying host environment - Applies resource limits via POSIX setrlimit where supported - Enforces max_output_size to prevent OOM attacks - Uses process groups for proper timeout cleanup - Provides warnings when isolation is limited (Windows, missing modules) Gap 3: Remove root logger mutation from inc/models.py - Removed logging.basicConfig() call that violated project logging policy - CLI logging configuration remains through _logging.py as intended - Embedders no longer have their root logger hijacked at import time Co-authored-by: Mervin Praison <MervinPraison@users.noreply.github.com>
|
@coderabbitai review |
|
/review |
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more β On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
β Action performedReview finished.
|
|
Important Review skippedBot user detected. To trigger a single review, invoke the βοΈ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
π WalkthroughWalkthroughThis PR addresses three security and provider-support gaps: removes module-level logging configuration that mutated the root logger, implements provider-aware LLM endpoint resolution (api_key and base_url) instead of hardcoding OpenAI, and enforces SecurityPolicy in SubprocessSandbox through environment isolation, resource limits, and process group timeout management. ChangesSecurity enforcement and multi-provider LLM configuration
Estimated code review effortπ― 3 (Moderate) | β±οΈ ~25 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
π₯ Pre-merge checks | β 5β Passed checks (5 passed)
βοΈ Tip: You can configure your own custom pre-merge checks in the settings. β¨ Finishing Touchesπ§ͺ Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@copilot Do a thorough review of this PR. Read ALL existing reviewer comments above from Qodo, Coderabbit, and Gemini first β incorporate their findings. Review areas:
|
Greptile SummaryThis PR addresses three architectural gaps in the wrapper layer: removing a root-logger mutation at import time in
Confidence Score: 3/5The credential-resolver and logging fixes are safe, but the sandbox still buffers the full subprocess output into memory before any size check, and the new preexec_fn path calls Python's lock-backed logging in a post-fork context. The proc.communicate() call in both execute and run_command accumulates the entire subprocess output before the max_output_size truncation runs β a gigabyte-producing child process can exhaust host memory before the check fires. This was raised in the prior review round and remains unaddressed. Additionally, _apply_rlimits calls logger.warning() inside preexec_fn; Python's logging module holds internal locks, and if a lock was held at fork time (e.g. from a ThreadPoolExecutor or concurrent log emission), the child deadlocks. The llm/env.py and inc/models.py changes are clean and low-risk. src/praisonai/praisonai/sandbox/subprocess.py β the output-buffering path and the preexec_fn logging calls both need attention before this is safe to run against untrusted code. Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[resolve_llm_endpoint called] --> B[Read MODEL_NAME / OPENAI_MODEL_NAME]
B --> C{model prefix in _PROVIDER_MAP?}
C -- yes --> D[key_var = provider key e.g. ANTHROPIC_API_KEY]
C -- no --> E[key_var = OPENAI_API_KEY]
D --> F[base_url = OPENAI_BASE_URL or provider_base or default]
E --> F
D --> G[api_key = os.environ.get provider key or None]
E --> H[api_key = os.environ.get OPENAI_API_KEY]
F --> I[Return LLMEndpoint]
G --> I
H --> I
subgraph SubprocessSandbox
J[_build_child_env] --> K{policy.allow_network?}
K -- yes --> L[include proxy vars]
K -- no --> M[skip proxy vars]
L --> N[set minimal PATH and HOME]
M --> N
N --> O[asyncio.create_subprocess_exec]
O -- POSIX --> P[start_new_session + preexec_fn=_apply_rlimits]
O -- Windows --> Q[no isolation]
P --> R[proc.communicate with timeout]
Q --> R
R -- timeout --> S{os.name == posix?}
S -- yes --> T[os.killpg SIGKILL]
S -- no --> U[proc.kill]
R -- success --> W[truncate to max_output_size]
W --> X[return COMPLETED]
end
Reviews (2): Last reviewed commit: "fix: resolve critical bugs in architectu..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| try: | ||
| # Enforce max_output_size by reading incrementally | ||
| max_output_size = self.config.security_policy.max_output_size | ||
| stdout_data = b"" | ||
| stderr_data = b"" | ||
|
|
||
| stdout, stderr = await asyncio.wait_for( | ||
| proc.communicate(), | ||
| timeout=limits.timeout_seconds, | ||
| ) | ||
|
|
||
| # Truncate output if it exceeds max_output_size | ||
| if max_output_size and max_output_size > 0: | ||
| if len(stdout) > max_output_size: | ||
| stdout = stdout[:max_output_size] + b"\n[OUTPUT TRUNCATED]" | ||
| if len(stderr) > max_output_size: | ||
| stderr = stderr[:max_output_size] + b"\n[OUTPUT TRUNCATED]" |
There was a problem hiding this comment.
The comment "Enforce max_output_size by reading incrementally" and the two initialised-but-unused variables stdout_data/stderr_data indicate an incomplete refactoring. proc.communicate() still collects the entire subprocess output into memory before the length check runs, so a malicious or runaway script generating gigabytes of output can exhaust heap memory before any truncation occurs. Incremental reading via asyncio.StreamReader.read in a loop would be needed to honour max_output_size as a true safety bound.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and canβt be posted inline due to platform limitations.
β οΈ Outside diff range comments (1)
src/praisonai/praisonai/sandbox/subprocess.py (1)
158-166:β οΈ Potential issue | π Major | β‘ Quick win
preexec_fnbreaks execution on Windows.The
preexec_fnparameter is POSIX-only. On Windows,asyncio.create_subprocess_exec(which wrapssubprocess.Popen) will raise aValueErrorwhenpreexec_fnis provided, causing all sandbox executions to fail with a generic error rather than running with weaker isolation.Consider conditionally omitting
preexec_fnon non-POSIX systems:π Proposed fix to handle Windows
+ # preexec_fn is POSIX-only; omit on Windows + popen_kwargs = { + "stdout": asyncio.subprocess.PIPE, + "stderr": asyncio.subprocess.PIPE, + "cwd": working_dir or self._temp_dir, + "env": process_env, + } + if os.name == "posix": + popen_kwargs["start_new_session"] = True + popen_kwargs["preexec_fn"] = lambda: self._apply_rlimits(limits) + else: + logger.warning("Resource limits and session isolation not available on Windows") + try: proc = await asyncio.create_subprocess_exec( *cmd, - stdout=asyncio.subprocess.PIPE, - stderr=asyncio.subprocess.PIPE, - cwd=working_dir or self._temp_dir, - env=process_env, - start_new_session=True, # new pgid so we can SIGKILL the tree - preexec_fn=lambda: self._apply_rlimits(limits), + **popen_kwargs, )π€ Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/praisonai/praisonai/sandbox/subprocess.py` around lines 158 - 166, The subprocess creation passes preexec_fn (calling self._apply_rlimits) which is POSIX-only and raises on Windows; update the code in the coroutine that calls asyncio.create_subprocess_exec so that you only include preexec_fn when running on POSIX (e.g., os.name == "posix" or sys.platform check), and on non-POSIX platforms omit preexec_fn (and ensure _apply_rlimits is not invoked there or provide a no-op alternative); keep other args like start_new_session, cwd, env, stdout/stderr unchanged and reference the create_subprocess_exec call and the _apply_rlimits method to locate the change.
π§Ή Nitpick comments (2)
src/praisonai/praisonai/sandbox/subprocess.py (1)
55-73: Subprocess sandbox env construction looks correct
- Proxy env passthrough is gated by
policy.allow_network, andPATHis pinned to a minimal value.HOMEusesself._temp_dir or "/tmp";start()sets_temp_dirbefore_build_child_envis reached viaexecute()/run_command(), so the"/tmp"fallback should only be a defensive edge case.Dict[str, str] | Noneis fine for this repo (requires-python = ">=3.10,<3.15").If Ruff S108 continues to flag this line, consider an
assert self._temp_dir(or a targeted noqa) to document the invariant.π€ Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/praisonai/praisonai/sandbox/subprocess.py` around lines 55 - 73, Ruff S108 is likely flagging the defensive HOME fallback (self._temp_dir or "/tmp") β make the invariant explicit by asserting self._temp_dir before it is used: add an assertion for self._temp_dir in _build_child_env (or earlier in start/execute/run_command where _temp_dir is set) so the code can safely use self._temp_dir for HOME; alternatively, if you prefer to keep the fallback, add a targeted "# noqa: S108" on the line with the HOME default and document why the fallback is only defensive.src/praisonai/praisonai/llm/env.py (1)
81-85: π€ Low valueComment is misleadingβfallback applies to all non-OpenAI providers.
The comment states fallback occurs "only when the model is the default OpenAI shape," but the code falls back to
OPENAI_API_KEYfor any provider wherekey_var != "OPENAI_API_KEY". For example,anthropic/claude-3will tryANTHROPIC_API_KEYthen fall back toOPENAI_API_KEY.The docstring at line 64 correctly describes this behavior. Align the inline comment:
π Proposed fix
- # api_key is read from the provider-specific var, falling back to OPENAI_API_KEY - # only when the model is the default OpenAI shape. + # Try provider-specific key first; fall back to OPENAI_API_KEY for + # OpenAI-compatible proxies that may use a single shared key.π€ Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/praisonai/praisonai/llm/env.py` around lines 81 - 85, Update the misleading inline comment above the api_key assignment: it currently says the OPENAI_API_KEY fallback applies "only when the model is the default OpenAI shape," but the code uses os.environ.get(key_var) or (os.environ.get("OPENAI_API_KEY") if key_var != "OPENAI_API_KEY" else None), which falls back to OPENAI_API_KEY for any provider whose key_var is not "OPENAI_API_KEY" (e.g., ANTHROPIC_API_KEY β OPENAI_API_KEY). Change the comment to state that the code falls back to OPENAI_API_KEY for all non-OpenAI provider-specific vars, referencing the api_key and key_var variables to make the behavior clear.
π€ Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/praisonai/praisonai/llm/env.py`:
- Around line 21-30: The _PROVIDER_MAP currently uses None for provider_base for
"anthropic/", "google/", "gemini/", and "cohere/", which lets
resolve_llm_endpoint() fall back to the OpenAI default URL and misroute
non-OpenAI providers; update _PROVIDER_MAP so those prefixes map to
provider-appropriate default base URLs (e.g., set "anthropic/" ->
("ANTHROPIC_API_KEY", "https://api.anthropic.com/v1") or another real provider
endpoint) or use an explicit sentinel (e.g., empty string) to indicate
non-OpenAI-compatible endpoints, and ensure resolve_llm_endpoint() and callers
that rely on PraisonAIModel.base_url respect that sentinel; adjust any tests or
code that assume None means OpenAI to use the new sentinel/URLs.
In `@src/praisonai/praisonai/sandbox/subprocess.py`:
- Around line 169-185: Remove the dead variables stdout_data and stderr_data
declared in the subprocess output handling and stop referencing them (they're
unused); keep using proc.communicate() to get stdout/stderr, and immediately
apply the existing truncation logic (max_output_size) to stdout/stderr. Also add
a short inline comment near the communicate() call (and/or the truncation block)
stating that truncation happens after fully reading output and thus does not
prevent OOM for extremely large subprocess output, and that true
streaming/bounded reads would require a different approach than
asyncio.subprocess.communicate().
- Around line 198-205: The asyncio.TimeoutError handler currently calls
os.killpg(proc.pid, signal.SIGKILL) which will raise on Windows because
os.killpg and signal.SIGKILL may not exist; update the timeout block in the
subprocess timeout handler to guard/feature-detect before using os.killpg and
signal.SIGKILL (e.g., check hasattr(os, "killpg") and hasattr(signal,
"SIGKILL")) and otherwise fall back to proc.kill(), and also catch
AttributeError/OSError around the killpg call so the code always proceeds to
await proc.wait() without raising on Windows; reference the existing proc,
os.killpg, signal.SIGKILL, proc.kill(), and await proc.wait() in your patch.
---
Outside diff comments:
In `@src/praisonai/praisonai/sandbox/subprocess.py`:
- Around line 158-166: The subprocess creation passes preexec_fn (calling
self._apply_rlimits) which is POSIX-only and raises on Windows; update the code
in the coroutine that calls asyncio.create_subprocess_exec so that you only
include preexec_fn when running on POSIX (e.g., os.name == "posix" or
sys.platform check), and on non-POSIX platforms omit preexec_fn (and ensure
_apply_rlimits is not invoked there or provide a no-op alternative); keep other
args like start_new_session, cwd, env, stdout/stderr unchanged and reference the
create_subprocess_exec call and the _apply_rlimits method to locate the change.
---
Nitpick comments:
In `@src/praisonai/praisonai/llm/env.py`:
- Around line 81-85: Update the misleading inline comment above the api_key
assignment: it currently says the OPENAI_API_KEY fallback applies "only when the
model is the default OpenAI shape," but the code uses os.environ.get(key_var) or
(os.environ.get("OPENAI_API_KEY") if key_var != "OPENAI_API_KEY" else None),
which falls back to OPENAI_API_KEY for any provider whose key_var is not
"OPENAI_API_KEY" (e.g., ANTHROPIC_API_KEY β OPENAI_API_KEY). Change the comment
to state that the code falls back to OPENAI_API_KEY for all non-OpenAI
provider-specific vars, referencing the api_key and key_var variables to make
the behavior clear.
In `@src/praisonai/praisonai/sandbox/subprocess.py`:
- Around line 55-73: Ruff S108 is likely flagging the defensive HOME fallback
(self._temp_dir or "/tmp") β make the invariant explicit by asserting
self._temp_dir before it is used: add an assertion for self._temp_dir in
_build_child_env (or earlier in start/execute/run_command where _temp_dir is
set) so the code can safely use self._temp_dir for HOME; alternatively, if you
prefer to keep the fallback, add a targeted "# noqa: S108" on the line with the
HOME default and document why the fallback is only defensive.
πͺ Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
βΉοΈ Review info
βοΈ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 3e62623d-3d18-4296-a658-8846d402da1c
π Files selected for processing (3)
src/praisonai/praisonai/inc/models.pysrc/praisonai/praisonai/llm/env.pysrc/praisonai/praisonai/sandbox/subprocess.py
π€ Files with no reviewable changes (1)
- src/praisonai/praisonai/inc/models.py
| # Map well-known model prefixes to their (env-var, default base_url). | ||
| _PROVIDER_MAP = { | ||
| "anthropic/": ("ANTHROPIC_API_KEY", None), | ||
| "google/": ("GOOGLE_API_KEY", None), | ||
| "gemini/": ("GEMINI_API_KEY", None), | ||
| "groq/": ("GROQ_API_KEY", "https://api.groq.com/openai/v1"), | ||
| "cohere/": ("COHERE_API_KEY", None), | ||
| "openrouter/": ("OPENROUTER_API_KEY", "https://openrouter.ai/api/v1"), | ||
| "ollama/": ("OLLAMA_API_KEY", "http://localhost:11434/v1"), | ||
| } |
There was a problem hiding this comment.
Non-OpenAI providers fall back to OpenAI's base URL.
For anthropic/, google/, gemini/, and cohere/ prefixes, provider_base is None. This causes base_url to fall through to default_base (https://api.openai.com/v1) when no env vars override it.
Looking at PraisonAIModel in models.py, these providers explicitly set base_url = "" to indicate they don't use an OpenAI-compatible endpoint. If resolve_llm_endpoint() returns OpenAI's URL for an Anthropic model and a caller constructs an OpenAI client with it, requests will be misdirected.
Consider either:
- Setting provider-appropriate default URLs (e.g.,
https://api.anthropic.com/v1for Anthropic) - Using an empty string or sentinel value to signal non-OpenAI-compatible providers
- Documenting that callers must check
api_keyvariable naming or model prefix to determine client type
π€ Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/praisonai/praisonai/llm/env.py` around lines 21 - 30, The _PROVIDER_MAP
currently uses None for provider_base for "anthropic/", "google/", "gemini/",
and "cohere/", which lets resolve_llm_endpoint() fall back to the OpenAI default
URL and misroute non-OpenAI providers; update _PROVIDER_MAP so those prefixes
map to provider-appropriate default base URLs (e.g., set "anthropic/" ->
("ANTHROPIC_API_KEY", "https://api.anthropic.com/v1") or another real provider
endpoint) or use an explicit sentinel (e.g., empty string) to indicate
non-OpenAI-compatible endpoints, and ensure resolve_llm_endpoint() and callers
that rely on PraisonAIModel.base_url respect that sentinel; adjust any tests or
code that assume None means OpenAI to use the new sentinel/URLs.
| # Enforce max_output_size by reading incrementally | ||
| max_output_size = self.config.security_policy.max_output_size | ||
| stdout_data = b"" | ||
| stderr_data = b"" | ||
|
|
||
| stdout, stderr = await asyncio.wait_for( | ||
| proc.communicate(), | ||
| timeout=limits.timeout_seconds, | ||
| ) | ||
|
|
||
| # Truncate output if it exceeds max_output_size | ||
| if max_output_size and max_output_size > 0: | ||
| if len(stdout) > max_output_size: | ||
| stdout = stdout[:max_output_size] + b"\n[OUTPUT TRUNCATED]" | ||
| if len(stderr) > max_output_size: | ||
| stderr = stderr[:max_output_size] + b"\n[OUTPUT TRUNCATED]" | ||
|
|
There was a problem hiding this comment.
Remove unused variables; note truncation timing.
Lines 171-172 declare stdout_data and stderr_data but they are never usedβoutput comes directly from communicate().
Also note: truncation occurs after the full output is read into memory. While this limits the returned size, it doesn't prevent OOM if the subprocess produces extremely large output before the timeout. True OOM prevention would require bounded incremental reads, but that's significantly more complex with asyncio.subprocess.communicate(). The current approach is a reasonable tradeoff.
π§Ή Remove dead code
try:
- # Enforce max_output_size by reading incrementally
+ # Truncate output to max_output_size after reading
max_output_size = self.config.security_policy.max_output_size
- stdout_data = b""
- stderr_data = b""
-
stdout, stderr = await asyncio.wait_for(π Committable suggestion
βΌοΈ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| # Enforce max_output_size by reading incrementally | |
| max_output_size = self.config.security_policy.max_output_size | |
| stdout_data = b"" | |
| stderr_data = b"" | |
| stdout, stderr = await asyncio.wait_for( | |
| proc.communicate(), | |
| timeout=limits.timeout_seconds, | |
| ) | |
| # Truncate output if it exceeds max_output_size | |
| if max_output_size and max_output_size > 0: | |
| if len(stdout) > max_output_size: | |
| stdout = stdout[:max_output_size] + b"\n[OUTPUT TRUNCATED]" | |
| if len(stderr) > max_output_size: | |
| stderr = stderr[:max_output_size] + b"\n[OUTPUT TRUNCATED]" | |
| # Truncate output to max_output_size after reading | |
| max_output_size = self.config.security_policy.max_output_size | |
| stdout, stderr = await asyncio.wait_for( | |
| proc.communicate(), | |
| timeout=limits.timeout_seconds, | |
| ) | |
| # Truncate output if it exceeds max_output_size | |
| if max_output_size and max_output_size > 0: | |
| if len(stdout) > max_output_size: | |
| stdout = stdout[:max_output_size] + b"\n[OUTPUT TRUNCATED]" | |
| if len(stderr) > max_output_size: | |
| stderr = stderr[:max_output_size] + b"\n[OUTPUT TRUNCATED]" |
π€ Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/praisonai/praisonai/sandbox/subprocess.py` around lines 169 - 185, Remove
the dead variables stdout_data and stderr_data declared in the subprocess output
handling and stop referencing them (they're unused); keep using
proc.communicate() to get stdout/stderr, and immediately apply the existing
truncation logic (max_output_size) to stdout/stderr. Also add a short inline
comment near the communicate() call (and/or the truncation block) stating that
truncation happens after fully reading output and thus does not prevent OOM for
extremely large subprocess output, and that true streaming/bounded reads would
require a different approach than asyncio.subprocess.communicate().
| except asyncio.TimeoutError: | ||
| proc.kill() | ||
| # Kill the whole process group, not just the leader | ||
| try: | ||
| import signal | ||
| os.killpg(proc.pid, signal.SIGKILL) | ||
| except (ProcessLookupError, PermissionError): | ||
| proc.kill() | ||
| await proc.wait() |
There was a problem hiding this comment.
os.killpg and signal.SIGKILL are unavailable on Windows.
If the subprocess creation is made Windows-compatible (per earlier comment), this timeout handler would fail with AttributeError because:
os.killpgdoesn't exist on Windowssignal.SIGKILLisn't defined on Windows
Consider adding an OSError or AttributeError fallback, or guard the entire block:
π Proposed fix for cross-platform timeout handling
except asyncio.TimeoutError:
# Kill the whole process group, not just the leader
try:
- import signal
- os.killpg(proc.pid, signal.SIGKILL)
- except (ProcessLookupError, PermissionError):
+ if os.name == "posix":
+ import signal
+ os.killpg(proc.pid, signal.SIGKILL)
+ else:
+ proc.kill()
+ except (ProcessLookupError, PermissionError, OSError):
proc.kill()π Committable suggestion
βΌοΈ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| except asyncio.TimeoutError: | |
| proc.kill() | |
| # Kill the whole process group, not just the leader | |
| try: | |
| import signal | |
| os.killpg(proc.pid, signal.SIGKILL) | |
| except (ProcessLookupError, PermissionError): | |
| proc.kill() | |
| await proc.wait() | |
| except asyncio.TimeoutError: | |
| # Kill the whole process group, not just the leader | |
| try: | |
| if os.name == "posix": | |
| import signal | |
| os.killpg(proc.pid, signal.SIGKILL) | |
| else: | |
| proc.kill() | |
| except (ProcessLookupError, PermissionError, OSError): | |
| proc.kill() | |
| await proc.wait() |
π€ Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/praisonai/praisonai/sandbox/subprocess.py` around lines 198 - 205, The
asyncio.TimeoutError handler currently calls os.killpg(proc.pid, signal.SIGKILL)
which will raise on Windows because os.killpg and signal.SIGKILL may not exist;
update the timeout block in the subprocess timeout handler to
guard/feature-detect before using os.killpg and signal.SIGKILL (e.g., check
hasattr(os, "killpg") and hasattr(signal, "SIGKILL")) and otherwise fall back to
proc.kill(), and also catch AttributeError/OSError around the killpg call so the
code always proceeds to await proc.wait() without raising on Windows; reference
the existing proc, os.killpg, signal.SIGKILL, proc.kill(), and await proc.wait()
in your patch.
|
@claude You are the FINAL architecture reviewer. If the branch is under MervinPraison/PraisonAI (not a fork), you are able to make modifications to this branch and push directly. SCOPE: Focus ONLY on Python packages (praisonaiagents, praisonai). Do NOT modify praisonai-rust or praisonai-ts. Read ALL comments above from Gemini, Qodo, CodeRabbit, and Copilot carefully before responding. Phase 1: Review per AGENTS.md
Phase 2: FIX Valid Issues Phase 3: Final Verdict |
|
Claude finished @MervinPraison's task ββ View job β Final Architecture Review CompletePhase 1: Architecture Review per AGENTS.md
Phase 2: Fix Valid Issues
Phase 3: Final Verdict
π Architecture Review Resultsβ AGENTS.md ComplianceAll changes properly follow the wrapper layer pattern:
β Critical Bugs FixedI implemented fixes for all blocking issues identified by reviewers: 1. Fixed Inverted Condition in
|
- Fix inverted boolean condition in llm/env.py causing wrong API key fallback - Add proper provider base URLs to prevent misrouting to OpenAI endpoints - Add Windows compatibility for subprocess sandbox (preexec_fn, os.killpg) - Remove unused variables and improve comments - Add defensive documentation for hardcoded /tmp fallback Co-authored-by: Mervin Praison <MervinPraison@users.noreply.github.com>
1 participant
Fixes #1866
This PR addresses the three validated architectural gaps in the wrapper layer as detailed in issue #1866:
Gap 1: OpenAI-only credential resolver
Problem: resolve_llm_endpoint() always returned OPENAI_API_KEY, causing multi-provider model selection to use wrong credentials.
Fix: Added provider mapping that correctly routes model prefixes (anthropic/, groq/, google/, etc.) to their respective API key environment variables while maintaining backward compatibility.
Gap 2: SubprocessSandbox ignores SecurityPolicy/ResourceLimits
Problem: SubprocessSandbox was not actually a sandbox - it inherited all host environment variables and ignored security policies and most resource limits.
Fix:
Gap 3: inc/models.py mutates root logger at import
Problem: inc/models.py called logging.basicConfig() at module import, violating the project's logging policy and hijacking embedders' root logger configuration.
Fix: Removed the logging.basicConfig() call. CLI logging configuration remains through _logging.py as intended.
Testing
All fixes have been validated:
π€ Generated with Claude Code
Summary by CodeRabbit
New Features
Bug Fixes