Skip to content

feat: CLI support for upsonic#468

Merged
onuratakan merged 4 commits intomasterfrom
cli
Nov 13, 2025
Merged

feat: CLI support for upsonic#468
onuratakan merged 4 commits intomasterfrom
cli

Conversation

@DoganK01
Copy link
Copy Markdown
Member

@DoganK01 DoganK01 commented Nov 12, 2025

  • CLI support for upsonic

@claude
Copy link
Copy Markdown

claude bot commented Nov 12, 2025

Pull Request Review: CLI Support for Upsonic

Thank you for adding CLI support to Upsonic! This is a valuable feature that will improve the developer experience. Below is my comprehensive review.

Strengths

  1. Well-structured architecture: The CLI is properly organized into separate modules (commands, main, printer) following clean code principles
  2. Good user experience: Using rich library for beautiful terminal output with panels, colors, and tables
  3. Comprehensive functionality: Implements init, add, and run commands covering the core workflow
  4. Error handling: Proper exception handling with user-friendly error messages
  5. Documentation: Functions have clear docstrings with type hints

🐛 Critical Issues

1. Typo in Configuration (src/upsonic/cli/commands.py:80)

"envinroment_variables": {  # Should be "environment_variables"

Impact: This typo in the JSON key could cause issues if other parts of the codebase expect the correct spelling.

2. Missing Dependency in pyproject.toml

The printer.py module uses rich library, but rich is not listed in the project dependencies. This will cause import errors when users install upsonic.

Fix needed: Add rich>=13.0.0 to the dependencies in pyproject.toml

3. Unsafe Dynamic Module Loading (src/upsonic/cli/commands.py:707-709)

agent_module = importlib.util.module_from_spec(spec)
sys.modules["agent"] = agent_module
spec.loader.exec_module(agent_module)

Security Risk: Loading and executing arbitrary Python files without validation could lead to code injection if a malicious agent.py is present. Consider:

  • Adding a warning that this executes code
  • Sandboxing or validation of the agent file
  • At minimum, document this security consideration

4. Incomplete Dependency Installation Error Handling (src/upsonic/cli/commands.py:612-645)

The _install_dependencies function silently falls through if uv fails, but doesn't check the stderr from the initial uv attempt. This could hide important errors.

⚠️ Performance & Design Concerns

5. Installing Dependencies Every Time on run (src/upsonic/cli/commands.py:674-678)

dependencies = config_data.get("dependencies", {}).get("api", [])
if dependencies:
    if not _install_dependencies(dependencies):

Problem: This installs dependencies on every run command, which is slow and unnecessary.

Recommendation:

  • Check if dependencies are already installed first
  • Or provide a separate upsonic install command
  • Or at least skip if all packages are already satisfied

6. Excessive Debug Output in Production (src/upsonic/cli/commands.py:739-760)

Multiple print_info statements with "=== LIFESPAN: ..." are debug messages that shouldn't be in production code. Consider:

  • Using proper logging with debug level
  • Removing or making them conditional on a --verbose flag

7. Complex OpenAPI Schema Modification

The schema modification logic (lines 510-591, 735-832) is quite complex with nested try-except blocks and state management. This could be refactored for maintainability:

  • Extract into a separate class
  • Add unit tests
  • Simplify the caching logic

🔧 Code Quality Issues

8. Inconsistent Type Hints (src/upsonic/cli/commands.py:425)

def _map_inputs_props(inputs_schema: List[Dict[str, Any]]) -> tuple[Dict[str, Any], Dict[str, Any], List[str]]:

Using lowercase tuple is Python 3.9+ syntax, but List and Dict are from typing. Be consistent:

  • Either use all typing module: Tuple[Dict[str, Any], Dict[str, Any], List[str]]
  • Or use all built-in: tuple[dict[str, Any], dict[str, Any], list[str]] (requires Python 3.9+)

9. Unused Imports (src/upsonic/cli/commands.py)

from typing import Any, Callable, Dict, List, Optional  # Optional is unused
from types import FunctionType  # FunctionType is imported but never used (line 392)
from fastapi import FastAPI, File, Form, Request  # Request is unused (line 683)

10. Exception Too Broad (src/upsonic/cli/commands.py:323-328)

try:
    inputs[key] = value
except Exception:
    inputs[key] = None

This catches all exceptions silently. Be more specific about what exceptions you expect.

11. Magic Values (src/upsonic/cli/commands.py:79-153)

The entire config template is hardcoded with specific version numbers and defaults. Consider:

  • Extracting to a template file or constant
  • Making versions configurable
  • Allowing users to customize the template

🧪 Testing Concerns

12. No Tests for CLI

There are no tests for the new CLI functionality. This is a significant gap. Recommended tests:

  • Unit tests for each command function
  • Tests for error handling paths
  • Integration tests for the full CLI flow
  • Tests for the FastAPI server creation
  • Tests for dependency installation logic

13. No Input Validation Tests

The input schema processing code should have comprehensive tests for edge cases:

  • Empty schemas
  • Invalid types
  • Missing required fields
  • Malformed JSON

📋 Minor Suggestions

14. Missing --help Flag (src/upsonic/cli/main.py)

The CLI doesn't handle --help or -h flags. Consider adding help text support.

15. No Version Command

Consider adding upsonic --version to show the installed version.

16. Port Validation (src/upsonic/cli/main.py:50-55)

Add validation that port is in valid range (1-65535):

port = int(args[i + 1])
if not 1 <= port <= 65535:
    print_error(f"Port must be between 1 and 65535: {port}")
    return 1

17. Host Validation

Consider validating that host is a valid IP address or hostname.

18. Hardcoded Defaults (src/upsonic/cli/commands.py:103-105)

"icon": "book",
"language": "book",  # This looks like a copy-paste error - language shouldn't be "book"

🔒 Security Considerations

19. File Overwrite Without Backup

When overwriting files, consider creating backups first.

20. No Input Sanitization

User input (agent name, library names) should be sanitized before being written to files or used in commands.

📊 Summary

Category Count
Critical Issues 4
Performance Concerns 3
Code Quality Issues 6
Testing Gaps 2
Minor Suggestions 6

🎯 Recommendations Priority

Must Fix Before Merge:

  1. Add rich to dependencies
  2. Fix typo: "envinroment_variables" → "environment_variables"
  3. Add tests for CLI functionality

Should Fix:

  1. Optimize dependency installation (don't reinstall every run)
  2. Remove debug print statements or add verbose flag
  3. Add security warning about dynamic code execution
  4. Fix type hint consistency

Nice to Have:

  1. Add --help and --version support
  2. Add input validation for port/host
  3. Refactor OpenAPI schema modification logic
  4. Extract config template to constant

Overall Assessment

This is a solid first implementation of CLI support that adds significant value to Upsonic. The code is generally well-structured and follows good practices. However, there are some critical issues (missing dependency, typo, no tests) that should be addressed before merging. With these fixes, this will be a great addition to the project!

Recommendation: Request changes for critical issues, then approve once addressed.

@onuratakan onuratakan merged commit d52c2ee into master Nov 13, 2025
6 checks passed
@onuratakan onuratakan deleted the cli branch November 13, 2025 11:32
@claude claude bot mentioned this pull request Nov 13, 2025
Merged
DoganK01 pushed a commit that referenced this pull request Jan 5, 2026
@onuratakan
Merge pull request #468 from Upsonic/cli
2b7da12 
feat: CLI support for upsonic
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DoganK01 @onuratakan