Skip to content

fix: CI type fixes and Google provider package#77

Closed
Kamilbenkirane wants to merge 1 commit into
mainfrom
fix/ci-type-fixes
Closed

fix: CI type fixes and Google provider package#77
Kamilbenkirane wants to merge 1 commit into
mainfrom
fix/ci-type-fixes

Conversation

@Kamilbenkirane

Copy link
Copy Markdown
Member

Summary

  • Add StructuredOutput return type to Client and ParameterMapper
  • Update HTTP default timeout from 60s to 180s
  • Add provider registry loading for auth entry points
  • Fix test assertions for new timeout value
  • Add Google provider package (generate_content API)

Changes

  • src/celeste/client.py - StructuredOutput return type
  • src/celeste/parameters.py - StructuredOutput return type
  • src/celeste/http.py - Timeout 60s → 180s
  • src/celeste/auth.py - Use provider entry points
  • src/celeste/registry.py - Add provider loading function
  • packages/providers/google/ - New Google provider package
  • tests/unit_tests/ - Update test assertions

Test plan

  • make ci passes

- Add StructuredOutput return type to Client and ParameterMapper
- Update HTTP default timeout from 60s to 180s
- Add provider registry loading for auth entry points
- Fix test assertions for new timeout value
- Add Google provider package (generate_content API)
@Kamilbenkirane Kamilbenkirane deleted the fix/ci-type-fixes branch December 15, 2025 13:47
@claude

claude Bot commented Dec 15, 2025

Copy link
Copy Markdown

Pull Request Review: CI Type Fixes and Google Provider Package

Summary

This PR introduces important type safety improvements and adds a new Google provider package. Overall, the implementation is solid and follows established patterns, but there are several areas that need attention before merging.


✅ Code Quality & Best Practices

Strengths

  1. Type Safety Improvements: The addition of StructuredOutput return types in Client and ParameterMapper significantly improves type checking and IDE support.
  2. Consistent Architecture: The Google provider follows the established mixin pattern (GoogleGenerateContentClient, GoogleGenerateContentStream) used by other providers.
  3. Clean Separation: Good separation between client, config, parameters, and streaming modules.
  4. Registry Pattern: The provider registry loading via entry points is well-implemented and follows the plugin architecture.

Areas for Improvement

1. Missing Entry Point Implementation

Location: packages/providers/google/src/celeste_google/__init__.py:1

The pyproject.toml declares an entry point:

[project.entry-points."celeste.providers"]
google = "celeste_google:register_provider"

But __init__.py only contains a docstring. You need to add:

"""Google provider package for Celeste AI."""

def register_provider() -> None:
    """Register Google provider authentication and capabilities."""
    # Import and register auth classes
    # Import and register capability clients
    pass

2. Incomplete Package Metadata

Location: packages/providers/google/pyproject.toml:8

Missing dependency declaration. Compare with Anthropic provider - you should specify dependencies:

dependencies = ["celeste-ai", "httpx", "google-auth"]

The google-auth library is mentioned but may not be needed if you're only using API keys. Clarify authentication requirements.


🐛 Potential Bugs & Issues

Critical Issues

1. File Path Security Vulnerability

Location: packages/providers/google/src/celeste_google/generate_content/parameters.py:149-153

elif image.path:
    with open(image.path, "rb") as f:
        image_bytes = f.read()

Issues:

  • No path traversal protection (user could pass ../../etc/passwd)
  • No file size limits (could load massive files into memory)
  • No file type validation
  • Missing error handling for file I/O operations

Recommendation:

elif image.path:
    try:
        # Validate path is safe (implement or use constraint)
        if not self._is_safe_path(image.path):
            raise ValueError(f"Invalid file path: {image.path}")
        
        # Check file size before reading
        file_size = os.path.getsize(image.path)
        if file_size > MAX_IMAGE_SIZE:  # e.g., 10MB
            raise ValueError(f"Image file too large: {file_size} bytes")
        
        with open(image.path, "rb") as f:
            image_bytes = f.read()
    except (OSError, IOError) as e:
        raise ValueError(f"Failed to read image file: {e}") from e

2. Missing Error Handling in parse_output

Location: packages/providers/google/src/celeste_google/generate_content/parameters.py:236-249

parsed = json.loads(content) if isinstance(content, str) else content

# For list[T], handle various formats Google might return
origin = get_origin(value)
if origin is list and isinstance(parsed, dict):
    if "items" in parsed:
        parsed = parsed["items"]
    else:
        # If it's a dict but not wrapped, try to extract array values
        parsed = list(parsed.values()) if parsed else []

return TypeAdapter(value).validate_python(parsed)

Issues:

  • json.loads() can raise JSONDecodeError - not caught
  • TypeAdapter.validate_python() can raise ValidationError - not caught
  • Silent fallback to list(parsed.values()) could produce unexpected results

Recommendation: Add explicit error handling or document that exceptions should bubble up (current pattern in other providers).

3. Inconsistent None Handling

Location: packages/providers/google/src/celeste_google/generate_content/streaming.py:25-27

candidates = event.get("candidates", [])
if not candidates:
    return None

Later:

text_delta = parts[0].get("text") if parts else None

The code assumes parts[0] exists but doesn't validate. Should be:

text_delta = parts[0].get("text") if parts and len(parts) > 0 else None

Or simply:

text_delta = parts[0].get("text", "") if parts else ""

Medium Issues

4. Missing Docstrings

Several methods lack proper docstrings:

  • MediaContentMapper._build_image_part has docstring but parameters not documented
  • OutputSchemaMapper._convert_to_google_schema - missing parameter descriptions
  • OutputSchemaMapper._remove_unsupported_fields - missing return type documentation

5. Hardcoded API Version

Location: packages/providers/google/src/celeste_google/generate_content/config.py:8-20

All endpoints use /v1beta/. Consider:

  • Making API version configurable
  • Adding deprecation warnings
  • Documenting that beta API might change

⚡ Performance Considerations

Positive

  1. Efficient HTTP Client Reuse: The client properly reuses the shared HTTPClient instance.
  2. Streaming Support: Proper async iterator implementation for streaming responses.

Concerns

1. In-Memory Base64 Encoding

Location: packages/providers/google/src/celeste_google/generate_content/parameters.py:135-158

Loading entire image files into memory and base64 encoding them can be memory-intensive for large images.

Impact: For a 10MB image, base64 encoding creates ~13.3MB string in memory, plus the original bytes.

Recommendation:

  • Document maximum recommended image size
  • Consider streaming base64 encoding for large files
  • Add size validation before encoding

2. Recursive Schema Processing

Location: packages/providers/google/src/celeste_google/generate_content/parameters.py:275-296

The _remove_unsupported_fields method recursively processes the entire schema tree. For deeply nested schemas, this could be slow.

Recommendation: Add depth limit or document schema complexity limitations.

3. Multiple Dictionary Iterations

Location: packages/providers/google/src/celeste_google/generate_content/parameters.py:175-185

# Find text part and insert images before it
text_index = next(
    (i for i, part in enumerate(parts) if "text" in part), len(parts)
)
# Insert image parts before text
parts[text_index:text_index] = image_parts

Minor optimization: You're already iterating through parts, could cache the index during the first pass.


🔒 Security Concerns

High Priority

1. Path Traversal Vulnerability

Already discussed above in bugs section - MUST FIX before merge.

2. Missing Input Validation

Location: Multiple parameter mappers

While base class validation exists, there's no validation for:

  • URL formats in MediaContentMapper (could be malicious URLs)
  • Base64 data size limits
  • JSON schema complexity (could cause DoS via deeply nested schemas)

Recommendation: Add constraint-based validation for these edge cases.

Medium Priority

3. Unresolved Schema References

Location: packages/providers/google/src/celeste_google/generate_content/parameters.py:269

json_schema = self._remove_unsupported_fields(json_schema)

Unlike Cohere/Mistral providers, you're not resolving $ref references. Google's API might not handle these correctly.

Recommendation: Check if Google's API requires resolved references. If so, implement _resolve_refs() similar to other providers.

4. Timeout Change Impact

Location: src/celeste/http.py:17

-DEFAULT_TIMEOUT = 60.0
+DEFAULT_TIMEOUT = 180.0

Concern: Tripling the timeout could hide performance issues and delay error detection. Was this increased because Google's API is slower?

Recommendation:

  • Document why this change was needed
  • Consider provider-specific timeouts instead of global change
  • Add timeout configuration to model constraints

🧪 Test Coverage

Critical Gaps

1. No Unit Tests for Google Provider

The PR adds 574 lines of new code but zero test files for the Google provider package.

Missing Tests:

  • test_google_client.py - HTTP request/response handling
  • test_google_parameters.py - All 9 parameter mappers
  • test_google_streaming.py - SSE parsing
  • test_google_config.py - Endpoint URL generation

Recommendation: Add comprehensive unit tests covering:

  • Parameter mapping for all mappers
  • Error handling paths
  • Edge cases (empty responses, malformed JSON, missing fields)
  • parse_output transformations
  • Base64 encoding/decoding
  • Schema manipulation

2. Updated Tests Not Comprehensive

Location: tests/unit_tests/test_client.py and tests/unit_tests/test_http.py

Only timeout assertions were updated. Need tests for:

  • StructuredOutput return type handling
  • parse_output with various content types
  • Type validation with new return types

3. Integration Tests Missing

No integration tests verify:

  • Provider registry loading works correctly
  • Entry point discovery
  • End-to-end Google API calls (can be mocked)

📋 Additional Recommendations

Documentation

  1. Add README for Google provider package (see other providers for examples)
  2. Document supported Google models
  3. Add usage examples
  4. Document parameter mappings and limitations

Code Organization

  1. Consider extracting _build_image_part to a utility module (might be reusable)
  2. Add type hints for dict return types: dict[str, Any] is clear but consider TypedDict for known structures

Registry Changes

Location: src/celeste/registry.py:26-44

Good addition, but consider:

  • Logging when providers are loaded (debugging)
  • Error handling if register_func() fails
  • Warning if provider is already loaded but version changed

Consistency

Location: packages/providers/google/pyproject.toml:8

Anthropic provider uses dependencies = [] (empty), Google specifies deps. Be consistent across providers.


🎯 Required Changes Before Merge

  1. CRITICAL: Fix file path security vulnerability in MediaContentMapper._build_image_part
  2. CRITICAL: Implement register_provider() function in __init__.py
  3. HIGH: Add unit tests for all parameter mappers
  4. HIGH: Add error handling for JSON parsing and file I/O
  5. MEDIUM: Document timeout change rationale
  6. MEDIUM: Add missing dependencies to pyproject.toml or remove if not needed
  7. MEDIUM: Fix inconsistent None handling in streaming

📊 Summary Score

Category Score Notes
Code Quality 7/10 Good structure, but missing implementation details
Type Safety 9/10 Excellent improvements to type system
Test Coverage 2/10 No tests for new provider code
Security 4/10 Critical path traversal vulnerability
Performance 7/10 Efficient overall, some optimization opportunities
Documentation 5/10 Code comments good, package docs missing

Overall: Good foundation, but needs critical fixes and tests before merge.


✨ Positive Notes

  • The architectural approach is excellent and consistent with other providers
  • Type safety improvements benefit the entire codebase
  • Clean separation of concerns in the Google provider
  • Good use of Pydantic for validation
  • Streaming implementation looks solid

Keep up the great work! Once the critical issues are addressed and tests are added, this will be a valuable addition to the project.


Review generated by Claude Code • Let me know if you'd like me to elaborate on any specific issue or need help implementing fixes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant