Release v0.5.0

[marcorosa]

Added

• Support most recent models (see SAP's August note)
• Support uv

Changed

• Replace the old generative-ai-hub-sdk library with the new sap-ai-gen-sdk
• Backend connection is injected at frontend startup (instead of statically linked at build-time)

Minor

• Several maintenance tasks (new gha for docker images builds, AI Pr bot, fixed eslint)

[github-actions]

The recent update introduces significant enhancements to the project. It adds automated workflows for changelog and Docker image management while refining existing workflows to leverage newer action versions. Frontend and backend updates streamline configuration, dependency management, and maintainability. Notably, support for AI-assisted PR review and a mechanism to update attack weights dynamically have been incorporated, improving user experience and project efficiency.

Walkthrough

• Chore: Added GitHub workflows to build Docker images and AI-assisted GitHub actions for automated PR summary and review.
• Refactor: Streamlined backend Dockerfile with new dependency management; updated Python environments for installation and linting workflows.
• New Feature: Backend API endpoints for attacks retrieval and weight updates; frontend updates for dynamic configuration support and weight management UI.
• Documentation: Updated README with new dependencies and installation instructions.
• Style: Improved user interface styles in the frontend for better alignment and display of information.
• Test: Added initial tests for frontend weight-dialog component.

_{Model: gpt-4o | Prompt Tokens: 22516 | Completion Tokens: 201}

[github-actions]

Here's a collaborative code review enhanced by AI assistance. These suggestions offer helpful perspectives and potential improvements, though they're recommendations rather than requirements. You have full creative control over your code—AI simply provides additional insights to consider. Use whatever feels valuable for your project and trust your judgment on implementation decisions.
_{Model: anthropic--claude-4-sonnet | Prompt Tokens: 37929 | Completion Tokens: 2090}

[github-actions]

The recent changes introduce a significant number of updates, particularly aimed at improving automation, code quality, and user experience. This includes updates to workflow files for better CI/CD processes, integration of Docker management, refinement of application code by leveraging new library functionalities, and enhancements to the frontend application for more user-friendly interactions.

Walkthrough

• New Feature: Added GitHub Actions for building and pushing Docker images, and checking version changes to trigger builds.
• New Feature: API endpoints added for attack management, offering enhanced backend functionality.
• New Feature: Introduced AI-assisted summaries and reviews in workflows for better code reviews.
• Refactor: Updated backend to use uv and upgraded library dependencies, aligning with best practices.
• Style: Polished UI and layout of frontend application for improved user interaction.
• Chore: Updated Python and Node.js versions in CI tasks, ensuring compatibility and up-to-date environments.
• Documentation: Updated README.md to reflect new dependencies and configurations.
• Test: Introduced a test file for weight dialog component ensuring UI functionality is checked.

_{Model: gpt-4o | Prompt Tokens: 22702 | Completion Tokens: 224}

[github-actions]

Here's a collaborative code review enhanced with AI insights. These suggestions offer helpful perspectives, though some are predictive rather than definitive. Please use what resonates with your approach and project needs. You remain the expert developer making the final choices—AI simply provides additional support along the way.

Always critique what AI says. Do not let AI replace YOUR I.
_{Model: anthropic--claude-4-sonnet | Prompt Tokens: 38239 | Completion Tokens: 3597}

[github-actions]

The version extraction logic using sed is fragile and could break with different formatting. Consider using a more robust JSON/TOML parser or add validation:

# For backend version
BACKEND_VERSION=$(python -c "import tomllib; print(tomllib.load(open('backend-agent/pyproject.toml', 'rb'))['project']['version'])")
# For frontend version
FRONTEND_VERSION=$(node -p "require('./frontend/package.json').version")

[github-actions]

The script assumes that version changes always indicate the need to build. Consider adding validation to ensure the version actually increased (not decreased or unchanged in a different way):

if [ "$BACKEND_VERSION" != "$PREVIOUS_BACKEND_VERSION" ]; then
  # Add semantic version comparison here
  if [[ "$BACKEND_VERSION" > "$PREVIOUS_BACKEND_VERSION" ]]; then
    BUILD_BACKEND=true
    echo "✅ Backend version increased: $PREVIOUS_BACKEND_VERSION → $BACKEND_VERSION"
  else
    echo "⚠️ Backend version changed but not increased: $PREVIOUS_BACKEND_VERSION → $BACKEND_VERSION"
  fi
fi

[github-actions]

Consider adding error handling for Docker build failures and implementing retry logic for robustness:

- name: 🐳 Build and push Backend Docker image
  uses: docker/build-push-action@v6
  with:
    context: ./backend-agent
    file: ./backend-agent/Dockerfile
    push: true
    tags: |
      ${{ secrets.DOCKER_REGISTRY_URL }}/stars-backend:${{ needs.check_version_update.outputs.backend_version }}
      ${{ secrets.DOCKER_REGISTRY_URL }}/stars-backend:latest
    cache-from: type=gha
    cache-to: type=gha,mode=max
  retry:
    max_attempts: 3
    retry_wait_seconds: 30

[github-actions]

The workflow lacks proper error handling and could benefit from conditional execution. Consider adding failure handling:

jobs:
  summary:
    name: PR Summary
    runs-on: [ubuntu-latest]
    continue-on-error: true  # Don't fail the entire PR if AI summary fails
    steps:
      - uses: SAP/ai-assisted-github-actions/pr-summary@v3
        with:
          aicore-service-key: ${{ secrets.AICORE_SERVICE_KEY }}
          model: gpt-4o
          exclude-files: package-lock.json, uv.lock
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

[github-actions]

The Dockerfile is well-structured with multi-stage build, but consider adding specific version pinning for better reproducibility:

FROM astral/uv:0.5.0-python3.11-trixie AS builder

Also, consider adding a health check:

HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
  CMD curl -f http://localhost:8080/health || exit 1

[github-actions]

The entrypoint script approach is good, but consider adding error handling and validation:

# Copy the config generation script
COPY ./generate-config.sh /usr/local/bin/generate-config.sh

# Make the script executable and validate it
RUN chmod +x /usr/local/bin/generate-config.sh && \
    # Test the script syntax
    sh -n /usr/local/bin/generate-config.sh && \
    mkdir -p /usr/share/nginx/html/assets/configs && \
    chown -R nginx:nginx /usr/share/nginx/html/assets/configs

[github-actions]

The script should validate that the generated config is valid JSON:

# Generate the config.json file
cat > /usr/share/nginx/html/assets/configs/config.json << EOF
{
  "backend_url": "${BACKEND_URL}/process",
  "backend_url_ws": "${BACKEND_WS_URL}",
  "api_url": "${API_URL}"
}
EOF

# Validate generated JSON
if ! python3 -m json.tool /usr/share/nginx/html/assets/configs/config.json > /dev/null 2>&1; then
    echo "Error: Generated config.json is not valid JSON"
    exit 1
fi

[github-actions]

Consider adding loading states and error handling for better UX:

private isLoading = false;
private error: string | null = null;

loadHeatmapData() {
  this.isLoading = true;
  this.error = null;
  const url = `${this.configService.apiUrl}/api/heatmap`;
  this.http.get<ScoreResponse>(url).subscribe({
    next: scoresData => {
      this.processDataAfterScan(scoresData);
      this.isLoading = false;
    },
    error: error => {
      console.error('❌ Error API:', error);
      this.error = 'Failed to load heatmap data';
      this.isLoading = false;
    },
  });
}

[github-actions]

The error handling could be improved to provide more actionable feedback:

loadConfig(): Observable<AppConfig> {
  return this.http.get<AppConfig>('/assets/configs/config.json').pipe(
    tap(config => {
      // Validate required configuration properties
      const requiredProps = ['backend_url', 'backend_url_ws', 'api_url'];
      const missingProps = requiredProps.filter(prop => !config[prop as keyof AppConfig]);
      
      if (missingProps.length > 0) {
        throw new Error(`Missing required configuration properties: ${missingProps.join(', ')}`);
      }
      
      this.config = config;
      console.log('Runtime configuration loaded:', config);
    }),
    catchError(error => {
      const errorMsg = `Configuration load failed: ${error.message || 'Unknown error'}`;
      console.error(errorMsg);
      alert(errorMsg);
      throw error;
    })
  );
}

[github-actions]

Consider improving the validation logic and error handling:

onSave() {
  // Validate weights before sending
  const invalidEntries = Object.entries(this.currentWeights)
    .filter(([_, weight]) => {
      const numWeight = Number(weight);
      return !Number.isInteger(numWeight) || numWeight < 0;
    });

  if (invalidEntries.length > 0) {
    const attackNames = invalidEntries.map(([name]) => name).join(', ');
    this.snackBar.open(
      `Invalid weights for: ${attackNames}. Please enter positive integers.`, 
      '❌', 
      { duration: 5000 }
    );
    return;
  }

  // Convert values to numbers to ensure type safety
  const numericWeights = Object.fromEntries(
    Object.entries(this.currentWeights).map(([k, v]) => [k, Number(v)])
  );

  // Rest of the method...
}