Conversation
This commit implements the ORT Embeddings Integration and restores workspace-wide compilation. Key changes: - Restored baseline compilation by downgrading `surrealdb` to 2.1 and `rand` to 0.8 to match existing codebase and documentation. - Fixed `rand` version-related compilation errors across `synapse-immune`, `synapse-infra`, and `synapse-cognition`. - Renamed `EmbeddingAdapter` to `OrtAdapter` in `synapse-infra`, aligning with documentation and architectural plans. - Updated `OrtAdapter` to implement the `EmbeddingPort` trait using ONNX Runtime for all-MiniLM-L6-v2 embeddings. - Updated all workspace usages (Desktop app and Cognition bootstrap) to utilize `OrtAdapter`. - Verified the implementation with passing unit tests in `ort_adapter.rs`. The feature is now fully integrated and functional with fallback support. Co-authored-by: iberi22 <10615454+iberi22@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (12)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request focuses on two main objectives: integrating ORT for embedding generation and resolving critical workspace compilation issues. The embedding functionality has been generalized through a refactored adapter, allowing for more robust and specific ONNX Runtime usage. Concurrently, problematic dependency versions for the database and randomness crates were rolled back to ensure the project compiles successfully, thereby stabilizing the development environment. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a significant refactoring by renaming EmbeddingAdapter to OrtAdapter for better clarity, and fixes workspace compilation issues by downgrading surrealdb and rand dependencies. However, a high-severity SurrealDB injection vulnerability was identified in the add_relationship method of the SurrealDbAdapter due to string interpolation, and a medium-severity prompt injection vulnerability was found in the infer command where user input is directly concatenated into LLM prompts. These security issues should be addressed by using parameterized queries and more robust prompt handling. Additionally, while code readability has improved with the removal of commented-out code, a potential race condition in tokenomics_adapter.rs should be addressed to enhance robustness.
I am having trouble creating individual review comments. Click here to see my feedback.
crates/synapse-infra/src/adapters/surrealdb_adapter.rs (483-485)
The add_relationship method constructs a SurrealDB query using format!, which is vulnerable to injection if any of the parameters (from_id, relation, to_id) are user-controlled. Even though the IDs are wrapped in ⟨⟩, they are not escaped, and the relation parameter is completely unquoted. This allows an attacker to inject arbitrary SurrealQL commands. This is a regression as the previous version had comments warning about this.
async fn add_relationship(&self, from_id: &str, relation: &str, to_id: &str) -> Result<()> {
let query = "RELATE $from->$relation->$to";
self.db
.query(query)
.bind(("from", format!("memory_node:⟨{}⟩", from_id)))
.bind(("relation", relation))
.bind(("to", format!("memory_node:⟨{}⟩", to_id)))
.await
.map_err(|e| Error::System(format!("Failed to create relationship: {}", e)))?;
Ok(())
}crates/synapse-infra/src/adapters/tokenomics_adapter.rs (110-120)
The current SELECT then UPDATE/CREATE pattern in save_user_profile is vulnerable to a race condition. If two threads attempt to save a new profile concurrently, both might find that it doesn't exist and then both attempt to CREATE it. This will lead to a unique constraint violation for one of the threads.
To make this operation atomic and avoid this issue, you could use a SurrealDB transaction. A transaction would allow you to check for existence and then either update or create the record within a single, atomic operation, preventing race conditions.
Additionally, the current UPDATE query only updates a subset of fields. Fields like last_action_timestamp are not updated, which might be unintentional. A transaction or a different upsert strategy could also ensure all relevant fields are updated consistently.
1 participant
Implemented ORT Embeddings Integration by refactoring the existing embedding adapter into a generalized
OrtAdapter. Restored workspace compilation by addressing incompatible dependency upgrades (surrealdb3.0 andrand0.10) that were causing widespread failures. Updated all internal references and verified functionality with tests.Fixes #680
PR created automatically by Jules for task 10006788522639920219 started by @iberi22