Skip to content

fix(audit): code audit, health check, and performance improvements#66

Open
dimakis wants to merge 7 commits intomainfrom
fix/multi-bug-sprint
Open

fix(audit): code audit, health check, and performance improvements#66
dimakis wants to merge 7 commits intomainfrom
fix/multi-bug-sprint

Conversation

@dimakis
Copy link
Owner

@dimakis dimakis commented Mar 12, 2026

Summary

  • Feature 41 — Code Audit: Comprehensive review of 270+ Python files (28,500 LOC) identifying code smells, error handling issues, modularity problems, and performance bottlenecks
  • P0/P1 fixes implemented: Mutable default arg, N+1 query elimination, boilerplate extraction, narrowed error handling, fast-model orchestrator classification, concurrent discovery sync
  • Feature 42 spec: Agent Memory Layer specification

Changes

Bug Fixes

  • Fix mutable default body: dict = {} in proposals YAML update endpoint (security/correctness)
  • Fix N+1 query in list_proposals — replaced per-status loop with single list_recent() query
  • Fix orchestrator session management — use async with get_session() instead of manual factory

Performance

  • Orchestrator uses fast-tier model for intent classification instead of user's frontier model
  • Discovery sync: concurrent automation/script config fetches via asyncio.gather() with semaphore (10 concurrent)

Refactoring

  • Extracted _inherited_model_context() helper — eliminated 45 lines of 3× duplication
  • Narrowed except Exception in all 6 agent tools to specific exception types with proper logging
  • Removed redundant logging import and duplicate env var in sandbox runner

Documentation

  • Feature 41 code audit spec and implementation plan
  • Feature 42 Agent Memory Layer spec

Test plan

  • All 3,372 unit tests pass
  • Coverage at 80.02% (meets 80% threshold)
  • make ci-local passes (format, lint, mypy, bandit, tests)

Made with Cursor

dimakis added 7 commits March 15, 2026 02:33
@dimakis
docs(spec): add Feature 42 — Agent Memory Layer
30f0974 
pgvector-based persistent memory for cross-session recall of user
preferences, decisions, corrections, and device patterns. Explicit
tool-call storage (no background extraction), semantic retrieval
injected into agent context, user management via UI and API.

Made-with: Cursor
@dimakis
docs(spec): add hybrid vector+graph memory to Feature 42
43c4be9 
Replace flat vector-only memory with a hybrid approach: MemoryNode
table with pgvector embeddings for semantic search, plus MemoryEdge
table for typed relationships to other memories and domain entities
(devices, areas, automations, insights). Graph traversal via recursive
CTEs, bounded to 2 hops. No external graph DB — all within PostgreSQL.

Made-with: Cursor
@dimakis
docs(spec): add Feature 41 — code audit findings and plan
1279dea 
Comprehensive code audit across 270+ Python files (28,500 LOC):
- 7 oversized files needing modularization (P2-P3)
- 33 bare except-Exception instances swallowing errors (P0)
- N+1 queries, sequential I/O, expensive orchestrator model (P1)
- Positive: zero f-string logging, no TODOs, good security posture

Prioritized plan with T1-T14 tasks across 4 phases.

Made-with: Cursor
@dimakis
fix(proposals): mutable default arg and N+1 query in list_proposals
97f53ea 
T1: Replace `body: dict = {}` (B006) with `Body(default={})` in the
YAML update endpoint — mutable default is a correctness bug.

T3: Replace per-status loop (N separate DB queries) with a single
`ProposalRepository.list_recent()` query for unfiltered listing.

Made-with: Cursor
@dimakis
refactor(tools): extract model_context helper and narrow error handling
e060198 
T2+T4: Replace 3× duplicated 15-line model_context boilerplate with
a single `_inherited_model_context()` context manager.

Narrow every `except Exception` in agent tools from a generic catch-all
to specific `httpx.HTTPError | TimeoutError | ConnectionError` for
network errors (with logging), with a final `except Exception` that
logs at ERROR and returns a generic safe message instead of leaking
internal details.

Made-with: Cursor
@dimakis
perf(orchestrator): use fast model for classification and fix session…
9a3f5a7 
… mgmt

T5: Force a fast-tier model (e.g. gpt-4o-mini) for intent classification
regardless of the user's selected model. Classification is simple JSON
output — using frontier models adds latency and cost for no benefit.

T7: Replace manual session factory + try/finally with
`async with get_session()` context manager. Also use the existing
`list_routable()` DAL method instead of filtering in Python.

Made-with: Cursor
@dimakis
perf(sync): concurrent automation/script config fetches in discovery
b350753 
T6: Replace sequential automation and script config HTTP fetches with
asyncio.gather() bounded by a semaphore (max 10 concurrent). For a
typical HA instance with 50+ automations, this reduces sync time from
O(n × latency) to O(latency + n/10 × latency).

Also: remove redundant `import logging` in sandbox runner and fix
duplicate MPLCONFIGDIR env var.

Made-with: Cursor
@dimakis dimakis force-pushed the fix/multi-bug-sprint branch from 090bdea to b350753 Compare March 15, 2026 02:33
@github-actions github-actions bot removed the frontend label Mar 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

agents backend database docs size/xl tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dimakis