8000 Feat/ollama by orangekame3 · Pull Request #538 · oqtopus-team/qdash · GitHub
[go: up one dir, main page]
Skip to content

Feat/ollama #538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
orangekame3 merged 5 commits into from
Dec 17, 2025
Merged

Feat/ollama #538

orangekame3 merged 5 commits into from
Dec 17, 2025

Conversation

@orangekame3
Copy link
Member
@orangekame3 orangekame3 commented Dec 16, 2025

Reformatted chat route and assistant components to satisfy lint/Prettier rules, including trailing commas, consistent wrapping, and JSX layout changes without functional impact.

@orangekame3
feat(ai): switch chat assistant config to Ollama defaults
5ad7d3d 
- Replace OpenAI-specific env vars with `OLLAMA_URL` and `OLLAMA_MODEL` in `.env.example`
- Update `config/copilot.yaml` to use the Ollama provider and default model (`gpt-oss:20b`)
- Pass Ollama settings through Docker Compose and add `host.docker.internal` mapping so the UI can reach a host-running Ollama instance
- Update UI Dockerfile docs to reflect Ollama runtime configuration, enabling local model usage without an OpenAI API key
@orangekame3
style(ui): apply Prettier formatting to chat API and UI
39478f5 
Reformatted chat route and assistant components to satisfy lint/Prettier rules, including trailing commas, consistent wrapping, and JSX layout changes without functional impact.
@github-actions github-actions bot added feature Adding a new feature style Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, et labels Dec 16, 2025
@claude
Copy link
claude bot commented Dec 16, 2025
edited
Loading

Claude finished @orangekame3's task —— View job

Code Review for PR #538: Feat/ollama

Overview

This PR successfully migrates from CopilotKit to a custom Ollama-based chat implementation. The changes are well-structured and follow good architectural patterns. Below is my comprehensive review:

Strengths

Clean Architecture

  • Well-organized component structure with separation of concerns
  • Proper use of custom hooks (useChatMetrics) for metrics integration
  • Clean provider pattern for runtime management

Security Considerations

  • Server-side Ollama integration prevents exposing API credentials to client
  • Input validation for tool parameters
  • Safe environment variable handling for Ollama configuration

Code Quality

  • TypeScript interfaces well-defined (Message, ToolCall, ChatContextData)
  • Proper error handling throughout the chat flow
  • Clean component composition with reusable patterns

⚠️ Issues to Address

1. Security & Validation

High Priority - ui/src/app/api/chat/route.ts:256-257

if (context) {
  systemMessage += `\n\nCurrent context:\n${JSON.stringify(context, null, 2)}`;
}
  • Risk: Potential injection attack if context contains untrusted data
  • Fix: Sanitize context data before including in system message

2. Error Handling & Recovery

Medium Priority - ui/src/components/features/chat/AssistantRuntimeProvider.tsx:145-179

  • Tool execution failures don't propagate meaningful errors to users
  • Network failures in follow-up requests could leave conversations in inconsistent state
  • Recommendation: Implement retry logic and better error messaging
< 8000 h4 dir="auto">3. Performance Concerns

Medium Priority

  • No request debouncing - rapid successive messages could overwhelm Ollama
  • Missing caching for configuration data (TTL is only 1 minute)
  • Tool execution is synchronous and could block UI

4. Memory Management

Low Priority - ui/src/components/features/chat/ChatPopup.tsx:102-104

const handleClear = () => {
  window.location.reload(); // Crude solution
};
  • Using window.location.reload() is heavy-handed
  • Should implement proper state reset instead

📋 Test Coverage

Critical Gap: No tests found for the new chat functionality

  • Missing unit tests for tool handlers
  • No integration tests for API route
  • No error scenario testing
  • Recommendation: Add tests before merging

🔧 Recommendations

Immediate Actions

  1. Sanitize context injection in API route
  2. Add input validation for all tool parameters
  3. Implement proper message clearing without page reload

Follow-up Improvements

  1. Add comprehensive test coverage
  2. Implement request debouncing
  3. Add retry logic for failed requests
  4. Consider streaming responses for better UX

📦 Dependencies

The new dependencies look appropriate:

  • @assistant-ui/react: ^0.11.51 - Modern, maintained library
  • ollama: ^0.6.3 - Official Ollama client
  • react-markdown: ^10.1.0 - Well-established for message rendering

🎯 Overall Assessment

This is a solid implementation that successfully replaces CopilotKit with a custom solution. The architecture is clean and the functionality appears complete. However, the security issue with context injection needs to be addressed before merging.

Recommendation: Address the security concern and add basic test coverage, then this will be ready to merge.

@orangekame3
feat(chat): add chip metrics tools and fix loading state
b82997a 
- Register getChipList, getChipMetricsData, and getMetricsConfiguration tools so the assistant can fetch and analyze chip metrics autonomously.
- Update the default system prompt with guidance for evaluating/analyzing metrics (defaulting to latest chip and 7 days of data) to improve responses.
- Ensure isRunning is cleared before appending assistant/tool messages to prevent duplicate AI/loading indicators in the chat UI.
@claude
Copy link
claude bot commented Dec 16, 2025

Claude Code is working…

I'll analyze this and get back to you.

View job run

@orangekame3
feat: add JP assistant greeting and clickable suggestions
ce302ec 
- Add `language` setting and Japanese `initial_message` to Copilot config
- Introduce configurable suggestion buttons that append preset prompts into the chat thread
- Replace markdown-based empty-state prompt list with a clearer, guided onboarding UI
@claude
Copy link
claude bot commented Dec 16, 2025
edited
Loading
8000

Claude finished @orangekame3's task —— View job

Code Review for PR #538: Feat/ollama

Comprehensive review of the migration from CopilotKit to Ollama-based chat implementation.

Todo List:

  • Analyze overall architecture and migration approach
  • Review API route implementation for security issues
  • Examine chat components and runtime provider
  • Check for potential bugs and error handling
  • Assess performance considerations
  • Evaluate test coverage
  • Provide final recommendations

🚨 Critical Security Issue

Context Injection Vulnerability - ui/src/app/api/chat/route.ts:315-316

if (context) {
  systemMessage += `\n\nCurrent context:\n${JSON.stringify(context, null, 2)}`;
}
  • Risk: Direct injection of unvalidated context into system prompt
  • Impact: Potential prompt injection attacks if context contains malicious data
  • Fix Required: Sanitize context data before inclusion

🔧 Implementation Issues

Memory Management Problem

ui/src/components/features/chat/ChatPopup.tsx:108-110

const handleClear = () => {
  window.location.reload(); // Heavy-handed approach
};
  • Using page reload instead of proper state reset impacts UX

Error Handling Gaps

ui/src/components/features/chat/AssistantRuntimeProvider.tsx:145-182

  • Tool execution failures don't provide meaningful error messages to users
  • Network failures could leave conversations in inconsistent state
  • No retry mechanism for failed requests

⚡ Performance Concerns

  • No request debouncing - Rapid messages could overwhelm Ollama
  • Short cache TTL - 1-minute cache for configuration is very short
  • Synchronous tool execution - Could block UI during long operations
  • No streaming responses - Large responses will appear suddenly

🧪 Test Coverage Critical Gap

No tests found for the new chat functionality:

  • No unit tests for tool handlers
  • No integration tests for API route
  • No error scenario testing
  • Package.json has no test framework configured

🔍 Code Quality Issues

Missing Input Validation

  • Tool parameters lack validation in executeTool function
  • API route doesn't validate message structure properly
  • No rate limiting on chat endpoint

Architecture Concerns

  • Tool registry is global mutable state - could cause issues with SSR
  • Message conversion logic is complex and error-prone
  • No proper typing for tool arguments

✅ Positive Aspects

  • Clean separation of concerns between components
  • Good TypeScript interface definitions
  • Proper use of React hooks and patterns
  • Comprehensive tool definitions for QDash functionality
  • Security: Server-side Ollama integration prevents credential exposure

📋 Recommendations

🔴 Must Fix Before Merge

  1. Sanitize context injection - Add input validation/sanitization
  2. Add basic test coverage - At minimum unit tests for critical paths

🟡 Should Fix Soon

  1. Replace page reload with proper state reset
  2. Add request debouncing to prevent spam
  3. Improve error handling throughout the flow
  4. Add input validation for all tool parameters

🟢 Future Improvements

  1. Implement streaming responses for better UX
  2. Add comprehensive test suite
  3. Consider request retry logic
  4. Optimize caching strategy

🎯 Overall Assessment

This is a solid architectural migration with good separation of concerns, but the critical security vulnerability with context injection must be addressed before merging. The lack of test coverage is also concerning for production deployment.

Recommendation: Fix security issue and add basic tests, then this will be ready for merge.

@orangekame3
feat(copilot-config): add language and chat suggestions to config
3cf2001 
Add a `language` field (default `en`) and a typed `Suggestion` model with a `suggestions` list to support localized, structured prompt suggestions in the chat UI.
@claude
Copy link
claude bot commented Dec 16, 2025
edited
Loading

Claude finished @orangekame3's task —— View job

Code Review for PR #538: Feat/ollama

Comprehensive review of the migration from CopilotKit to Ollama-based chat implementation.

Todo List:

  • Analyze overall architecture and migration approach
  • Review API route implementation for security issues
  • Examine chat components and runtime provider
  • Check for potential bugs and error handling
  • Assess performance considerations
  • Evaluate test coverage
  • Provide final recommendations

🚨 Critical Security Issue

Context Injection Vulnerability - ui/src/app/api/chat/route.ts:315-316

if (context) {
  systemMessage += `\n\nCurrent context:\n${JSON.stringify(context, null, 2)}`;
}
  • Risk: Direct injection of unvalidated context into system prompt
  • Impact: Potential prompt injection attacks if context contains malicious data
  • Fix Required: Sanitize context data before inclusion

🔧 Implementation Issues

Memory Management Problem

ui/src/components/features/chat/ChatPopup.tsx:108-110

const handleClear = () => {
  window.location.reload(); // Heavy-handed approach
};
  • Using page reload instead of proper state reset impacts UX

Error Handling Gaps

ui/src/components/features/chat/AssistantRuntimeProvider.tsx:145-182

  • Tool execution failures don't provide meaningful error messages to users
  • Network failures could leave conversations in inconsistent state
  • No retry mechanism for failed requests

⚡ Performance Concerns

  • No request debouncing - Rapid messages could overwhelm Ollama
  • Short cache TTL - 1-minute cache for configuration is very short
  • Synchronous tool execution - Could block UI during long operations
  • No streaming responses - Large responses will appear suddenly

🧪 Test Coverage Critical Gap

No tests found for the new chat functionality:

  • No unit tests for tool handlers
  • No integration tests for API route
  • No error scenario testing
  • Package.json has no test framework configured

🔍 Code Quality Issues

Missing Input Validation

  • Tool parameters lack validation in executeTool function
  • API route doesn't validate message structure properly
  • No rate limiting on chat endpoint

Architecture Concerns

  • Tool registry is global mutable state - could cause issues with SSR
  • Message conversion logic is complex and error-prone
  • No proper typing for tool arguments

✅ Positive Aspects

  • Clean separation of concerns between components
  • Good TypeScript interface definitions
  • Proper use of React hooks and patterns
  • Comprehensive tool definitions for QDash functionality
  • Security: Server-side Ollama integration prevents credential exposure

📋 Recommendations

🔴 Must Fix Before Merge

  1. Sanitize context injection - Add input validation/sanitization
  2. Add basic test coverage - At minimum unit tests for critical paths

🟡 Should Fix Soon

  1. Replace page reload with proper state reset
  2. Add request debouncing to prevent spam
  3. Improve error handling throughout the flow
  4. Add input validation for all tool parameters

🟢 Future Improvements

  1. Implement streaming responses for better UX
  2. Add comprehensive test suite
  3. Consider request retry logic
  4. Optimize caching strategy

🎯 Overall Assessment

This is a solid architectural migration with good separation of concerns, but the critical security vulnerability with context injection must be addressed before merging. The lack of test coverage is also concerning for production deployment.

Recommendation: Fix security issue and add basic tests, then this will be ready for merge.

@orangekame3 orangekame3 merged commit 34529f8 into develop Dec 17, 2025
4 checks passed
@orangekame3 orangekame3 deleted the feat/ollama branch December 17, 2025 01:16
@github-actions github-actions bot mentioned this pull request Dec 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@orangekame3 orangekame3

Labels

feature Adding a new feature style Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, et

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@orangekame3
0