feat: fixing issue 547 by using the tenant from the agent card on the #550
Conversation
Summary of ChangesHello @ehsavoie, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the client-side handling of tenant information by introducing a secure and standardized approach. It centralizes the logic for extracting, validating, and normalizing tenant paths, which are now consistently applied across all client transport mechanisms (gRPC, JSON-RPC, and REST). This change allows client requests to specify a tenant, with the system gracefully falling back to the AgentCard's default tenant if no override is provided, while also safeguarding against security risks like path traversal. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request introduces tenant handling on the client side, allowing a tenant to be specified in requests, with a default taken from the agent card. The changes are propagated through the gRPC, JSON-RPC, and REST transport layers. A new centralized utility method Utils.buildBaseUrl is introduced for constructing URLs with tenant paths, which includes security validations.
My review focuses on the correctness and maintainability of these changes. I've identified a potential bug in one of the new buildBaseUrl overloads that could lead to malformed URLs, and I've also pointed out an opportunity to refactor some duplicated code in the gRPC transport layer to improve maintainability. Overall, the changes are well-structured and address the intended feature.
client/transport/grpc/src/main/java/io/a2a/client/transport/grpc/GrpcTransport.java
Outdated
Show resolved
Hide resolved
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces comprehensive multi-tenancy support on the client side. The changes are well-structured, centralizing tenant-aware URL construction into a new Utils.buildBaseUrl method, which also includes important security validations for tenant paths. The AgentInterface is now used instead of a simple URL string to carry both the endpoint and the default tenant, which is a solid design choice. All transport implementations (gRPC, JSON-RPC, and REST) and their providers have been consistently updated to handle tenants. The addition of unit tests for the new utility methods is also a great contribution. I have one suggestion to further enhance the security of tenant path validation.
kabir
left a comment
There was a problem hiding this comment.
One comment, which may or may not be an issue. If not, feel free to merge :-)
client/transport/rest/src/main/java/io/a2a/client/transport/rest/RestTransport.java
Show resolved
Hide resolved
client side * tenant can be set as a request parameter. * the tenant defined in the agent card is the default one. * the tenant is validated to avoid security issues. Signed-off-by: Emmanuel Hugonnet <ehugonne@redhat.com>
…a2aproject#550) client side * tenant can be set as a request parameter. * the tenant defined in the agent card is the default one. * the tenant is validated to avoid security issues. # Description Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly: - [X] Follow the [`CONTRIBUTING` Guide](../CONTRIBUTING.md). - [X] Make your Pull Request title in the <https://www.conventionalcommits.org/> specification. - Important Prefixes for [release-please](https://github.com/googleapis/release-please): - `fix:` which represents bug fixes, and correlates to a [SemVer](https://semver.org/) patch. - `feat:` represents a new feature, and correlates to a SemVer minor. - `feat!:`, or `fix!:`, `refactor!:`, etc., which represent a breaking change (indicated by the `!`) and will result in a SemVer major. - [X] Ensure the tests pass - [X] Appropriate READMEs were updated (if necessary) Fixes a2aproject#547 🦕 Signed-off-by: Emmanuel Hugonnet <ehugonne@redhat.com>
client side
Description
Thank you for opening a Pull Request!
Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
CONTRIBUTINGGuide.fix:which represents bug fixes, and correlates to a SemVer patch.feat:represents a new feature, and correlates to a SemVer minor.feat!:, orfix!:,refactor!:, etc., which represent a breaking change (indicated by the!) and will result in a SemVer major.Fixes #547 🦕