Skip to content

fix(azure): route gpt-5.x reasoning_effort via the v1 API (api-version=preview)#106

Open
doronkopit5 wants to merge 2 commits into
mainfrom
dk/reasoning_none
Open

fix(azure): route gpt-5.x reasoning_effort via the v1 API (api-version=preview)#106
doronkopit5 wants to merge 2 commits into
mainfrom
dk/reasoning_none

Conversation

@doronkopit5

@doronkopit5 doronkopit5 commented Jun 15, 2026

Copy link
Copy Markdown
Member

Why

gpt-5.4-mini evaluations ran full reasoning (~3072 reasoning tokens/call, ~22s) despite callers setting reasoning_effort. Root cause: the Azure provider used a 2024-vintage dated api-version (2024-10-21), which predates reasoning_effort support — Azure silently drops unsupported body params, so reasoning ran at default effort.

What

  • Migrate AzureProvider chat_completions + embeddings to Azure's v1 API (/openai/v1/...?api-version=preview), passing the deployment name as the request body model.
  • Opt-in per provider: the v1 path is taken only when the provider's api_version is "preview"/"v1". Providers on dated api-versions keep the legacy deployment-in-path behavior unchanged.
  • Add uses_v1_api() / v1_base() helpers and v1-routing unit tests.

Activation

Set the eval Azure provider's api_version to preview (management API/DB); ensure it has resource_name (or a base_url at the /openai/v1 root).

Test

cargo test — 6/6 azure provider tests pass (2 new v1-routing + 4 existing); cargo fmt clean.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • New Features
    • Added support for Azure “v1” API routing for chat completions and embeddings, with automatic version detection and dynamic URL/request handling.
    • Expanded ReasoningConfig effort validation to accept additional levels: none, minimal, and xhigh.
  • Tests
    • Added unit tests covering v1 API detection and legacy routing behavior.
    • Added unit tests for the updated effort validation rules.

…n=preview)

The Azure provider used a legacy dated api-version (e.g. 2024-10-21), which
predates reasoning_effort support, so Azure silently dropped the parameter and
ran reasoning models (gpt-5.4-mini) at full/default effort.

Migrate chat_completions and embeddings to Azure's v1 API
(/openai/v1/...?api-version=preview), passing the deployment as the body `model`.
Opt-in per provider: the v1 path is used only when the provider's api_version is
"preview" or "v1", so providers on dated api-versions are unchanged. Adds
v1-routing unit tests.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

src/providers/azure/provider.rs gains two private helper methods (is_v1 and v1_base_url) that detect whether api_version signals the v1 surface and compute the corresponding base URL. chat_completions and embeddings both branch on is_v1: the v1 path sets model in the request body and routes to /openai/v1/{operation}, while the legacy path retains deployment in the URL path. Additionally, src/models/chat.rs expands the set of valid effort values in ReasoningConfig::validate to include none, minimal, and xhigh alongside the existing low, medium, high. Both files include updated documentation and new unit tests.

Changes

Azure v1 API Routing

Layer / File(s) Summary
v1 detection and base URL helpers
src/providers/azure/provider.rs
Adds is_v1 (checks api_version for "preview" or "v1") and v1_base_url (returns configured base_url stripped of trailing / or constructs a resource-based default) as private methods on AzureProvider.
Conditional v1/legacy URL routing + tests
src/providers/azure/provider.rs
chat_completions and embeddings each branch on is_v1: v1 moves deployment into the Azure request body's model field and targets {v1_base}/chat/completions or {v1_base}/embeddings; legacy keeps {endpoint}/{deployment}/{operation}. New test module adds two unit tests asserting api_version=preview selects the v1 URL and a dated api version keeps the legacy deployments path.

Reasoning Effort Expansion

Layer / File(s) Summary
Expanded effort validation and documentation
src/models/chat.rs
ReasoningConfig.effort documentation now reflects accepted model-dependent values (none, minimal, low, medium, high, xhigh). The validate method updates rejection logic to accept the expanded set when max_tokens is not provided, with updated error messaging. Unit tests verify acceptance of none, minimal, and xhigh, continued acceptance of existing values, and rejection of unknown and empty effort strings.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐇 Hopping through Azure's routing maze,
v1 paths now get their praise.
"preview" or "v1" — I know the sign,
Deployment hops into the body just fine.
Reasoning gears spin with wider might,
Six effort levels glowing bright!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main change: migrating Azure provider to v1 API for routing reasoning_effort parameter in chat completions.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dk/reasoning_none

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

🔒 Container Vulnerability Scan (hub-migrations - amd64)

Click to expand results

For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


hub-migrations:4242495625e3b0d57279dc21caf071bdedd4996e-amd64 (debian 13.5)
===========================================================================
Total: 12 (UNKNOWN: 0, LOW: 7, MEDIUM: 5, HIGH: 0, CRITICAL: 0)

┌─────────┬──────────────────┬──────────┬──────────┬─────────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │  Vulnerability   │ Severity │  Status  │      Installed Version      │ Fixed Version │                            Title                             │
├─────────┼──────────────────┼──────────┼──────────┼─────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libc6   │ CVE-2026-5435    │ MEDIUM   │ affected │ 2.41-12+deb13u3             │               │ glibc: glibc: Out-of-bounds write via TSIG record processing │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5435                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-5450    │          │          │                             │               │ glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc`     │
│         │                  │          │          │                             │               │ format specifier and...                                      │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5450                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-5928    │          │          │                             │               │ glibc: glibc: Information disclosure or denial of service    │
│         │                  │          │          │                             │               │ via ungetwc function with...                                 │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5928                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-6238    │          │          │                             │               │ glibc: glibc: Application crash or uninitialized memory read │
│         │                  │          │          │                             │               │ via crafted DNS response...                                  │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-6238                    │
│         ├──────────────────┼──────────┤          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2010-4756    │ LOW      │          │                             │               │ glibc: glob implementation can cause excessive CPU and       │
│         │                  │          │          │                             │               │ memory consumption due to...                                 │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2010-4756                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2018-20796   │          │          │                             │               │ glibc: uncontrolled recursion in function                    │
│         │                  │          │          │                             │               │ check_dst_limits_calc_pos_1 in posix/regexec.c               │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2018-20796                   │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010022 │          │          │                             │               │ glibc: stack guard protection bypass                         │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010022                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010023 │          │          │                             │               │ glibc: running ldd on malicious ELF leads to code execution  │
│         │                  │          │          │                             │               │ because of...                                                │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010023                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010024 │          │          │                             │               │ glibc: ASLR bypass using cache of thread stack and heap      │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010024                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010025 │          │          │                             │               │ glibc: information disclosure of heap addresses of           │
│         │                  │          │          │                             │               │ pthread_created thread                                       │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010025                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-9192    │          │          │                             │               │ glibc: uncontrolled recursion in function                    │
│         │                  │          │          │                             │               │ check_dst_limits_calc_pos_1 in posix/regexec.c               │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-9192                    │
├─────────┼──────────────────┼──────────┤          ├─────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ zlib1g  │ CVE-2026-27171   │ MEDIUM   │          │ 1:1.3.dfsg+really1.3.1-1+b1 │               │ zlib: zlib: Denial of Service via infinite loop in CRC32     │
│         │                  │          │          │                             │               │ combine functions...                                         │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-27171                   │
└─────────┴──────────────────┴──────────┴──────────┴─────────────────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

OS Packages (license)
=====================
Total: 29 (UNKNOWN: 0, LOW: 11, MEDIUM: 0, HIGH: 18, CRITICAL: 0)

┌─────────────┬───────────────────┬────────────────┬──────────┐
│   Package   │      License      │ Classification │ Severity │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ base-files  │ GPL-2.0-or-later  │ restricted     │ HIGH     │
├─────────────┤                   │                │          │
│ gcc-14-base │                   │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-3.0-only      │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Artistic-2.0      │ notice         │ LOW      │
│             ├───────────────────┼────────────────┼──────────┤
│             │ LGPL-2.0-or-later │ restricted     │ HIGH     │
├─────────────┼───────────────────┤                │          │
│ libc6       │ LGPL-2.1-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-2.0-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-3.0-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-2.0-or-later  │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-2.0-only      │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-3.0-or-later  │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Unicode-DFS-2016  │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ BSL-1.0           │                │          │
│             ├───────────────────┤                │          │
│             │ BSD-2-Clause      │                │          │
│             ├───────────────────┤                │          │
│             │ ISC               │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-3.0-only      │ restricted     │ HIGH     │
│             ├───────────────────┤                │          │
│             │ LGPL-2.0-only     │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-2.1-only     │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-3.0-only     │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ libssl3t64  │ Apache-2.0        │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ Artistic-2.0      │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-1.0-or-later  │ restricted     │ HIGH     │
│             ├───────────────────┤                │          │
│             │ GPL-1.0-only      │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ libzstd1    │ BSD-3-Clause      │ notice         │ LOW      │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-2.0-only      │ restricted     │ HIGH     │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Zlib              │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ MIT               │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ netbase     │ GPL-2.0-only      │ restricted     │ HIGH     │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ zlib1g      │ Zlib              │ notice         │ LOW      │
└─────────────┴───────────────────┴────────────────┴──────────┘

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

🔒 Container Vulnerability Scan (hub-migrations - arm64)

Click to expand results

For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


hub-migrations:4242495625e3b0d57279dc21caf071bdedd4996e-arm64 (debian 13.5)
===========================================================================
Total: 12 (UNKNOWN: 0, LOW: 7, MEDIUM: 5, HIGH: 0, CRITICAL: 0)

┌─────────┬──────────────────┬──────────┬──────────┬─────────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │  Vulnerability   │ Severity │  Status  │      Installed Version      │ Fixed Version │                            Title                             │
├─────────┼──────────────────┼──────────┼──────────┼─────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libc6   │ CVE-2026-5435    │ MEDIUM   │ affected │ 2.41-12+deb13u3             │               │ glibc: glibc: Out-of-bounds write via TSIG record processing │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5435                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-5450    │          │          │                             │               │ glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc`     │
│         │                  │          │          │                             │               │ format specifier and...                                      │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5450                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-5928    │          │          │                             │               │ glibc: glibc: Information disclosure or denial of service    │
│         │                  │          │          │                             │               │ via ungetwc function with...                                 │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5928                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-6238    │          │          │                             │               │ glibc: glibc: Application crash or uninitialized memory read │
│         │                  │          │          │                             │               │ via crafted DNS response...                                  │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-6238                    │
│         ├──────────────────┼──────────┤          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2010-4756    │ LOW      │          │                             │               │ glibc: glob implementation can cause excessive CPU and       │
│         │                  │          │          │                             │               │ memory consumption due to...                                 │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2010-4756                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2018-20796   │          │          │                             │               │ glibc: uncontrolled recursion in function                    │
│         │                  │          │          │                             │               │ check_dst_limits_calc_pos_1 in posix/regexec.c               │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2018-20796                   │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010022 │          │          │                             │               │ glibc: stack guard protection bypass                         │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010022                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010023 │          │          │                             │               │ glibc: running ldd on malicious ELF leads to code execution  │
│         │                  │          │          │                             │               │ because of...                                                │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010023                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010024 │          │          │                             │               │ glibc: ASLR bypass using cache of thread stack and heap      │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010024                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010025 │          │          │                             │               │ glibc: information disclosure of heap addresses of           │
│         │                  │          │          │                             │               │ pthread_created thread                                       │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010025                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-9192    │          │          │                             │               │ glibc: uncontrolled recursion in function                    │
│         │                  │          │          │                             │               │ check_dst_limits_calc_pos_1 in posix/regexec.c               │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-9192                    │
├─────────┼──────────────────┼──────────┤          ├─────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ zlib1g  │ CVE-2026-27171   │ MEDIUM   │          │ 1:1.3.dfsg+really1.3.1-1+b1 │               │ zlib: zlib: Denial of Service via infinite loop in CRC32     │
│         │                  │          │          │                             │               │ combine functions...                                         │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-27171                   │
└─────────┴──────────────────┴──────────┴──────────┴─────────────────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

OS Packages (license)
=====================
Total: 29 (UNKNOWN: 0, LOW: 11, MEDIUM: 0, HIGH: 18, CRITICAL: 0)

┌─────────────┬───────────────────┬────────────────┬──────────┐
│   Package   │      License      │ Classification │ Severity │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ base-files  │ GPL-2.0-or-later  │ restricted     │ HIGH     │
├─────────────┤                   │                │          │
│ gcc-14-base │                   │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-3.0-only      │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Artistic-2.0      │ notice         │ LOW      │
│             ├───────────────────┼────────────────┼──────────┤
│             │ LGPL-2.0-or-later │ restricted     │ HIGH     │
├─────────────┼───────────────────┤                │          │
│ libc6       │ LGPL-2.1-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-2.0-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-3.0-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-2.0-or-later  │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-2.0-only      │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-3.0-or-later  │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Unicode-DFS-2016  │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ BSL-1.0           │                │          │
│             ├───────────────────┤                │          │
│             │ BSD-2-Clause      │                │          │
│             ├───────────────────┤                │          │
│             │ ISC               │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-3.0-only      │ restricted     │ HIGH     │
│             ├───────────────────┤                │          │
│             │ LGPL-2.0-only     │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-2.1-only     │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-3.0-only     │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ libssl3t64  │ Apache-2.0        │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ Artistic-2.0      │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-1.0-or-later  │ restricted     │ HIGH     │
│             ├───────────────────┤                │          │
│             │ GPL-1.0-only      │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ libzstd1    │ BSD-3-Clause      │ notice         │ LOW      │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-2.0-only      │ restricted     │ HIGH     │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Zlib              │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ MIT               │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ netbase     │ GPL-2.0-only      │ restricted     │ HIGH     │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ zlib1g      │ Zlib              │ notice         │ LOW      │
└─────────────┴───────────────────┴────────────────┴──────────┘

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/providers/azure/provider.rs`:
- Around line 71-83: The v1_base method in the Azure provider lacks validation
to ensure that the base_url parameter is properly formatted for v1 API mode
(must point to the /openai/v1 root). Add validation logic at configuration
initialization time to verify that when api_version is "preview" or "v1", the
provided base_url ends with "/openai/v1" or is empty (so the default is used).
If validation fails, raise an error with a clear message stating the required
format. Alternatively, if validation is deferred to operators, enhance the
documentation comment for v1_base to explicitly specify the exact format
requirement and consequences of misconfiguration.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eed9cdf5-ee51-4b54-b69e-bae183d44011

📥 Commits

Reviewing files that changed from the base of the PR and between 00722df and 27e5803.

📒 Files selected for processing (1)
  • src/providers/azure/provider.rs

Comment on lines +71 to +83
/// Base URL for the v1 API. When `base_url` is configured it is used verbatim
/// (operators point it at the `/openai/v1` root); otherwise it is built from
/// `resource_name`.
fn v1_base(&self) -> String {
if let Some(base_url) = self.config.params.get("base_url") {
base_url.trim_end_matches('/').to_string()
} else {
format!(
"https://{}.openai.azure.com/openai/v1",
self.config.params.get("resource_name").unwrap(),
)
}
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read-only verification: find Azure preview/v1 configs that might still use legacy-style base URLs.
# Expected: preview/v1 configs should point to /openai/v1 (or be empty so resource_name-derived URL is used).

rg -n -C2 '"api_version"\s*:\s*"(preview|v1)"' 
rg -n -C2 '"base_url"\s*:\s*"'

Repository: traceloop/hub

Length of output: 39


🏁 Script executed:

# Find where v1_base() is called and how the result is used
rg -n "v1_base\(\)" src/providers/azure/provider.rs

# Check if base_url is validated during config construction/parsing
rg -n "base_url" src/providers/azure/provider.rs -A 2 -B 2

# Search for test coverage of base_url handling
rg -n "base_url" --type rust | grep -i test

Repository: traceloop/hub

Length of output: 4532


🏁 Script executed:

# Find uses_v1_api() definition to understand when v1 mode is triggered
rg -n "fn uses_v1_api" src/providers/azure/provider.rs -A 5

# Check api_version extraction/parsing and validation
rg -n "api_version" src/providers/azure/provider.rs -B 2 -A 2

# Search for any config validation that checks base_url format
rg -n "validate\|check\|ensure" src/providers/azure/ -i

# Look at the broader Azure config structure
fd "azure" --type f src/ | xargs rg "struct.*Config" -l

Repository: traceloop/hub

Length of output: 3312


🏁 Script executed:

# Check for config validation logic or documentation about base_url format
rg -n "base_url" src/config/ -A 3 -B 3

# Check if there's any documentation or comments about base_url configuration for Azure
rg -n "base_url" --type md

# Look for where base_url gets validated or checked in the provider chain
rg -n "transform_provider_dto\|AzureProviderConfig" src/ -A 10 -B 2 | head -80

Repository: traceloop/hub

Length of output: 192


Document base_url format requirement for v1 API mode.

When using api_version "preview" or "v1", the base_url must point to the /openai/v1 root. The code delegates this validation to operators (as noted in the docstring), but there is no operator-facing validation or error handling if misconfigured. Consider adding a check at config initialization time to catch and report base_url mismatches early, rather than failing silently at request time. Alternatively, enhance the configuration documentation to explicitly state the required base_url format for v1 mode.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/providers/azure/provider.rs` around lines 71 - 83, The v1_base method in
the Azure provider lacks validation to ensure that the base_url parameter is
properly formatted for v1 API mode (must point to the /openai/v1 root). Add
validation logic at configuration initialization time to verify that when
api_version is "preview" or "v1", the provided base_url ends with "/openai/v1"
or is empty (so the default is used). If validation fails, raise an error with a
clear message stating the required format. Alternatively, if validation is
deferred to operators, enhance the documentation comment for v1_base to
explicitly specify the exact format requirement and consequences of
misconfiguration.

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

🔒 Container Vulnerability Scan (hub - amd64)

Click to expand results

For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


hub:4242495625e3b0d57279dc21caf071bdedd4996e-amd64 (debian 13.5)
================================================================
Total: 12 (UNKNOWN: 0, LOW: 7, MEDIUM: 5, HIGH: 0, CRITICAL: 0)

┌─────────┬──────────────────┬──────────┬──────────┬─────────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │  Vulnerability   │ Severity │  Status  │      Installed Version      │ Fixed Version │                            Title                             │
├─────────┼──────────────────┼──────────┼──────────┼─────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libc6   │ CVE-2026-5435    │ MEDIUM   │ affected │ 2.41-12+deb13u3             │               │ glibc: glibc: Out-of-bounds write via TSIG record processing │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5435                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-5450    │          │          │                             │               │ glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc`     │
│         │                  │          │          │                             │               │ format specifier and...                                      │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5450                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-5928    │          │          │                             │               │ glibc: glibc: Information disclosure or denial of service    │
│         │                  │          │          │                             │               │ via ungetwc function with...                                 │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5928                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-6238    │          │          │                             │               │ glibc: glibc: Application crash or uninitialized memory read │
│         │                  │          │          │                             │               │ via crafted DNS response...                                  │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-6238                    │
│         ├──────────────────┼──────────┤          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2010-4756    │ LOW      │          │                             │               │ glibc: glob implementation can cause excessive CPU and       │
│         │                  │          │          │                             │               │ memory consumption due to...                                 │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2010-4756                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2018-20796   │          │          │                             │               │ glibc: uncontrolled recursion in function                    │
│         │                  │          │          │                             │               │ check_dst_limits_calc_pos_1 in posix/regexec.c               │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2018-20796                   │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010022 │          │          │                             │               │ glibc: stack guard protection bypass                         │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010022                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010023 │          │          │                             │               │ glibc: running ldd on malicious ELF leads to code execution  │
│         │                  │          │          │                             │               │ because of...                                                │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010023                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010024 │          │          │                             │               │ glibc: ASLR bypass using cache of thread stack and heap      │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010024                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010025 │          │          │                             │               │ glibc: information disclosure of heap addresses of           │
│         │                  │          │          │                             │               │ pthread_created thread                                       │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010025                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-9192    │          │          │                             │               │ glibc: uncontrolled recursion in function                    │
│         │                  │          │          │                             │               │ check_dst_limits_calc_pos_1 in posix/regexec.c               │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-9192                    │
├─────────┼──────────────────┼──────────┤          ├─────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ zlib1g  │ CVE-2026-27171   │ MEDIUM   │          │ 1:1.3.dfsg+really1.3.1-1+b1 │               │ zlib: zlib: Denial of Service via infinite loop in CRC32     │
│         │                  │          │          │                             │               │ combine functions...                                         │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-27171                   │
└─────────┴──────────────────┴──────────┴──────────┴─────────────────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

OS Packages (license)
=====================
Total: 29 (UNKNOWN: 0, LOW: 11, MEDIUM: 0, HIGH: 18, CRITICAL: 0)

┌─────────────┬───────────────────┬────────────────┬──────────┐
│   Package   │      License      │ Classification │ Severity │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ base-files  │ GPL-2.0-or-later  │ restricted     │ HIGH     │
├─────────────┤                   │                │          │
│ gcc-14-base │                   │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-3.0-only      │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Artistic-2.0      │ notice         │ LOW      │
│             ├───────────────────┼────────────────┼──────────┤
│             │ LGPL-2.0-or-later │ restricted     │ HIGH     │
├─────────────┼───────────────────┤                │          │
│ libc6       │ LGPL-2.1-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-2.0-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-3.0-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-2.0-or-later  │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-2.0-only      │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-3.0-or-later  │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Unicode-DFS-2016  │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ BSL-1.0           │                │          │
│             ├───────────────────┤                │          │
│             │ BSD-2-Clause      │                │          │
│             ├───────────────────┤                │          │
│             │ ISC               │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-3.0-only      │ restricted     │ HIGH     │
│             ├───────────────────┤                │          │
│             │ LGPL-2.0-only     │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-2.1-only     │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-3.0-only     │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ libssl3t64  │ Apache-2.0        │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ Artistic-2.0      │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-1.0-or-later  │ restricted     │ HIGH     │
│             ├───────────────────┤                │          │
│             │ GPL-1.0-only      │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ libzstd1    │ BSD-3-Clause      │ notice         │ LOW      │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-2.0-only      │ restricted     │ HIGH     │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Zlib              │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ MIT               │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ netbase     │ GPL-2.0-only      │ restricted     │ HIGH     │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ zlib1g      │ Zlib              │ notice         │ LOW      │
└─────────────┴───────────────────┴────────────────┴──────────┘

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

🔒 Container Vulnerability Scan (hub - arm64)

Click to expand results

For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


hub:4242495625e3b0d57279dc21caf071bdedd4996e-arm64 (debian 13.5)
================================================================
Total: 12 (UNKNOWN: 0, LOW: 7, MEDIUM: 5, HIGH: 0, CRITICAL: 0)

┌─────────┬──────────────────┬──────────┬──────────┬─────────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │  Vulnerability   │ Severity │  Status  │      Installed Version      │ Fixed Version │                            Title                             │
├─────────┼──────────────────┼──────────┼──────────┼─────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libc6   │ CVE-2026-5435    │ MEDIUM   │ affected │ 2.41-12+deb13u3             │               │ glibc: glibc: Out-of-bounds write via TSIG record processing │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5435                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-5450    │          │          │                             │               │ glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc`     │
│         │                  │          │          │                             │               │ format specifier and...                                      │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5450                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-5928    │          │          │                             │               │ glibc: glibc: Information disclosure or denial of service    │
│         │                  │          │          │                             │               │ via ungetwc function with...                                 │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-5928                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2026-6238    │          │          │                             │               │ glibc: glibc: Application crash or uninitialized memory read │
│         │                  │          │          │                             │               │ via crafted DNS response...                                  │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-6238                    │
│         ├──────────────────┼──────────┤          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2010-4756    │ LOW      │          │                             │               │ glibc: glob implementation can cause excessive CPU and       │
│         │                  │          │          │                             │               │ memory consumption due to...                                 │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2010-4756                    │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2018-20796   │          │          │                             │               │ glibc: uncontrolled recursion in function                    │
│         │                  │          │          │                             │               │ check_dst_limits_calc_pos_1 in posix/regexec.c               │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2018-20796                   │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010022 │          │          │                             │               │ glibc: stack guard protection bypass                         │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010022                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010023 │          │          │                             │               │ glibc: running ldd on malicious ELF leads to code execution  │
│         │                  │          │          │                             │               │ because of...                                                │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010023                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010024 │          │          │                             │               │ glibc: ASLR bypass using cache of thread stack and heap      │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010024                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-1010025 │          │          │                             │               │ glibc: information disclosure of heap addresses of           │
│         │                  │          │          │                             │               │ pthread_created thread                                       │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-1010025                 │
│         ├──────────────────┤          │          │                             ├───────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2019-9192    │          │          │                             │               │ glibc: uncontrolled recursion in function                    │
│         │                  │          │          │                             │               │ check_dst_limits_calc_pos_1 in posix/regexec.c               │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2019-9192                    │
├─────────┼──────────────────┼──────────┤          ├─────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ zlib1g  │ CVE-2026-27171   │ MEDIUM   │          │ 1:1.3.dfsg+really1.3.1-1+b1 │               │ zlib: zlib: Denial of Service via infinite loop in CRC32     │
│         │                  │          │          │                             │               │ combine functions...                                         │
│         │                  │          │          │                             │               │ https://avd.aquasec.com/nvd/cve-2026-27171                   │
└─────────┴──────────────────┴──────────┴──────────┴─────────────────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

OS Packages (license)
=====================
Total: 29 (UNKNOWN: 0, LOW: 11, MEDIUM: 0, HIGH: 18, CRITICAL: 0)

┌─────────────┬───────────────────┬────────────────┬──────────┐
│   Package   │      License      │ Classification │ Severity │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ base-files  │ GPL-2.0-or-later  │ restricted     │ HIGH     │
├─────────────┤                   │                │          │
│ gcc-14-base │                   │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-3.0-only      │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Artistic-2.0      │ notice         │ LOW      │
│             ├───────────────────┼────────────────┼──────────┤
│             │ LGPL-2.0-or-later │ restricted     │ HIGH     │
├─────────────┼───────────────────┤                │          │
│ libc6       │ LGPL-2.1-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-2.0-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-3.0-or-later │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-2.0-or-later  │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-2.0-only      │                │          │
│             ├───────────────────┤                │          │
│             │ GPL-3.0-or-later  │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Unicode-DFS-2016  │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ BSL-1.0           │                │          │
│             ├───────────────────┤                │          │
│             │ BSD-2-Clause      │                │          │
│             ├───────────────────┤                │          │
│             │ ISC               │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-3.0-only      │ restricted     │ HIGH     │
│             ├───────────────────┤                │          │
│             │ LGPL-2.0-only     │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-2.1-only     │                │          │
│             ├───────────────────┤                │          │
│             │ LGPL-3.0-only     │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ libssl3t64  │ Apache-2.0        │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ Artistic-2.0      │                │          │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-1.0-or-later  │ restricted     │ HIGH     │
│             ├───────────────────┤                │          │
│             │ GPL-1.0-only      │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ libzstd1    │ BSD-3-Clause      │ notice         │ LOW      │
│             ├───────────────────┼────────────────┼──────────┤
│             │ GPL-2.0-only      │ restricted     │ HIGH     │
│             ├───────────────────┼────────────────┼──────────┤
│             │ Zlib              │ notice         │ LOW      │
│             ├───────────────────┤                │          │
│             │ MIT               │                │          │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ netbase     │ GPL-2.0-only      │ restricted     │ HIGH     │
├─────────────┼───────────────────┼────────────────┼──────────┤
│ zlib1g      │ Zlib              │ notice         │ LOW      │
└─────────────┴───────────────────┴────────────────┴──────────┘

…g.effort

The nested `reasoning.effort` validator rejected any value outside low/medium/high, so `reasoning.effort="none"` was blocked at the gateway before reaching the provider — even though gpt-5.1+ default to and accept `none`. This was inconsistent with the unvalidated top-level `reasoning_effort` field.

Widen the accepted set to none/minimal/low/medium/high/xhigh (the union across current OpenAI reasoning models) and let the provider be the source of truth on per-model support; genuinely unknown values are still rejected locally.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/models/chat.rs`:
- Around line 31-37: The validate() method now accepts the expanded effort set
including minimal and xhigh values, but the to_thinking_prompt() method (line 81
onward) still only handles low, medium, and high effort values. Update the
to_thinking_prompt() method to map the newly accepted effort values (minimal and
xhigh) to appropriate conversions for non-OpenAI providers (Anthropic/Bedrock
paths) instead of silently treating them as None. Additionally, ensure the same
expansion is applied at line 43 so that all accepted effort values are properly
handled across both validation and conversion paths.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f62f590d-0d93-491a-99ad-9dce476c8c16

📥 Commits

Reviewing files that changed from the base of the PR and between 27e5803 and 3a79c9b.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (1)
  • src/models/chat.rs

Comment thread src/models/chat.rs
Comment on lines +31 to 37
// Only validate effort if max_tokens is not present (since max_tokens takes priority).
// The accepted set is the union across OpenAI reasoning models — values are
// model-dependent (`none` on gpt-5.1+, `minimal` on the original GPT-5 series,
// `xhigh` on gpt-5.1-codex-max), so we accept any of them here and let the upstream
// provider be the source of truth on per-model support (it returns a clear 400 for a
// value a given model doesn't accept).
if let Some(effort) = &self.effort {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Expanded accepted effort set is not propagated to non-OpenAI conversion path.

After this change, validate() accepts minimal and xhigh, but to_thinking_prompt() (Line 81 onward) still only handles low|medium|high, so newly accepted values are silently treated as no prompt (None). This creates a behavior gap for Anthropic/Bedrock-style paths.

Suggested fix
     pub fn to_thinking_prompt(&self) -> Option<String> {
         if self.max_tokens.is_some() {
             // If max_tokens is specified, use a generic thinking prompt
             Some("Think through this step-by-step with detailed reasoning.".to_string())
         } else {
             match self.effort.as_deref() {
                 Some(effort) if !effort.trim().is_empty() => match effort {
-                    "high" => {
+                    "high" | "xhigh" => {
                         Some("Think through this step-by-step with detailed reasoning.".to_string())
                     }
                     "medium" => Some("Consider this problem thoughtfully.".to_string()),
-                    "low" => Some("Think about this briefly.".to_string()),
+                    "low" | "minimal" => Some("Think about this briefly.".to_string()),
+                    "none" => None,
                     _ => None,
                 },
                 _ => None,
             }
         }
     }

Also applies to: 43-43

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/models/chat.rs` around lines 31 - 37, The validate() method now accepts
the expanded effort set including minimal and xhigh values, but the
to_thinking_prompt() method (line 81 onward) still only handles low, medium, and
high effort values. Update the to_thinking_prompt() method to map the newly
accepted effort values (minimal and xhigh) to appropriate conversions for
non-OpenAI providers (Anthropic/Bedrock paths) instead of silently treating them
as None. Additionally, ensure the same expansion is applied at line 43 so that
all accepted effort values are properly handled across both validation and
conversion paths.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant