You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AgentExecutorBlock stores the input data in the data field of the hardcoded value.
Currently, the AgentExecutorBlock is validating the metadata instead of the actual data.
Changes ποΈ
Fixed the false-negative validation error on the agent block executor.
Propagated the error of the validation error to the user instead of throwing a blanket Invalid credentials or inputs error.
Added open agent context menu item on the agent block executor.
Checklist π
For code changes:
I have clearly listed my changes in the PR description
I have made a test plan
I have tested my changes according to the test plan:
...
Example test plan
Create from scratch and execute an agent with at least 3 blocks
Import an agent from file upload, and confirm it executes correctly
Upload agent to marketplace
Import an agent from marketplace and confirm it executes correctly
Edit an agent from monitor, and confirm it executes correctly
For configuration changes:
.env.example is updated or already compatible with my changes
docker-compose.yml is updated or already compatible with my changes
I have included a list of my configuration changes in the PR description (under Changes)
Examples of configuration changes
Changing ports
Adding new services that need to communicate with each other
Here are some key observations to aid the review process:
β±οΈΒ Estimated effort to review: 2 π΅π΅βͺβͺβͺ
π§ͺΒ No relevant tests
πΒ Security concerns
XSS vulnerability: The PR introduces a new feature that opens URLs using window.open() with a flowID parameter. If the nodeFlowId is not properly sanitized, this could potentially lead to XSS attacks. The code should ensure that nodeFlowId only contains valid characters and is properly encoded before being used in the URL.
β‘Β Recommended focus areas for review
Error Handling The validation error message is now exposed directly to the user interface. Need to verify that no sensitive information could be leaked through validation error messages.
Security Check The new 'Open agent' feature opens URLs directly using window.open(). Need to validate that the nodeFlowId is properly sanitized to prevent potential XSS attacks.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
github-actions
bot
added
platform/frontend
aarushik93
deleted the
zamilmajdy/center-initial-canvas-open-graph-option
branch
AgentExecutorBlock stores the input data in the
datafield of the hardcoded value.Currently, the AgentExecutorBlock is validating the metadata instead of the actual data.
Changes ποΈ
Invalid credentials or inputserror.agent block executor.Checklist π
For code changes:
Example test plan
For configuration changes:
.env.exampleis updated or already compatible with my changesdocker-compose.ymlis updated or already compatible with my changesExamples of configuration changes