fix: removed client_ip and user_client for internal stuff, updated tests

[HardMax71]

---

Summary by cubic

Removed client_ip and user_agent from execution/event flows, enforced typed Kafka publishing with explicit keys, and removed the unused Events API. Updated backend, tests, OpenAPI, and frontend SDK; switched editor theme options to light/dark with smarter auto detection.

• Refactors

  • Removed Events API (routes, schemas, tests) and dropped related endpoints from OpenAPI and frontend SDK/types.
  • KafkaEventService now exposes publish_event(event, key) only; updated call sites (notifications, pod monitor, tests).
  • EventMetadata: removed ip_address/user_agent; correlation_id now sourced from CorrelationContext (empty until publish).
  • ExecutionService no longer accepts client_ip, user_agent, or timeout_override; uses effective settings.
  • Frontend: editor theme keys updated to light/dark with improved auto mode detection.

• Migration

  • Remove any usage of Events API endpoints and related client calls.
  • Update consumers that read EventMetadata to handle removal of ip_address/user_agent and possibly empty correlation_id pre-publish.
  • Publishers must construct a typed DomainEvent and provide a Kafka key.
  • POST /api/v1/executions/{id}/retry no longer accepts a request body.

^{Written for commit 8b46dfd. Summary will update on new commits.}

Summary by CodeRabbit

• Improvements

  • Enhanced user privacy by removing IP and user-agent from event metadata.
  • Simplified execution submission and retry flow (fewer request parameters).

• Removed Features

  • Events API endpoints (query, publish, statistics, correlation/current-request, replay, delete) removed from backend and frontend SDK.
  • Many event-related request/response types and tests removed.

• Breaking Changes

  • Event-related types adjusted (narrowed metadata, new enums for cancel/replay statuses).

[cubic-dev-ai]

No issues found across 9 files

[coderabbitai]

📝 Walkthrough

Walkthrough

Removed the events HTTP surface and related schemas; simplified EventMetadata (removed ip_address/user_agent, correlation_id sourced from CorrelationContext); ExecutionService and routes no longer carry client IP/user-agent or timeout_override; KafkaEventService now publishes pre-built DomainEvent objects with explicit keys; callsites and tests updated accordingly.

Changes

Cohort / File(s)	Summary
Removed routes & tests backend/app/api/routes/events.py, backend/tests/e2e/test_events_routes.py, backend/tests/load/monkey_runner.py	Deleted the events API router, its e2e tests, and removed related monkey-runner paths.
Event core schemas & types backend/app/domain/events/typed.py, backend/app/schemas_pydantic/events.py, frontend/src/lib/api/types.gen.ts	Trimmed EventMetadata (removed ip_address, user_agent), changed correlation_id default to CorrelationContext; removed many event-list/publish/replay schemas and narrowed several frontend event types.
Kafka publishing refactor backend/app/services/kafka_event_service.py, backend/tests/e2e/services/events/test_kafka_event_service.py	publish_event now accepts a pre-built DomainEvent and key; removed payload-based assembly; tests updated to construct typed events (e.g., UserRegisteredEvent).
Execution service & routes backend/app/services/execution_service.py, backend/app/api/routes/execution.py, backend/app/schemas_pydantic/execution.py, backend/tests/e2e/.../test_execution_service.py, backend/tests/e2e/test_execution_routes.py, backend/tests/e2e/services/saga/test_saga_service.py	Removed client_ip, user_agent, and timeout_override from ExecutionService signatures and route usages; removed RetryExecutionRequest model and route body usages; tests updated.
Callsite updates using events backend/app/services/notification_service.py, backend/app/services/pod_monitor/monitor.py, backend/app/services/user_settings_service.py	Replaced generic payload publishes with typed DomainEvent publishing via publish_event(event, key); user_settings builds UserSettingsUpdatedEvent with EventMetadata.
Tests & unit adjustments backend/tests/unit/events/test_metadata_model.py, backend/tests/unit/schemas_pydantic/test_events_schemas.py	Updated tests to expect empty/default correlation_id and removed tests for deleted EventFilter/related schemas.
Frontend SDK & exports frontend/src/lib/api/sdk.gen.ts, frontend/src/lib/api/index.ts, frontend/src/lib/api/types.gen.ts	Removed multiple events-related API functions from generated SDK and index; adjusted exported types (e.g., CancelStatus); type narrowing and many event-related type removals.
Editor/theme tweaks frontend/src/components/editor/CodeMirrorEditor.svelte, frontend/src/components/editor/__tests__/CodeMirrorEditor.test.ts, frontend/src/routes/Editor.svelte	Theme logic and tests adjusted: 'one-dark' → 'dark', 'github' → 'light', and tightened default theme literal.

Sequence Diagram(s)

sequenceDiagram
    participant Service as Service (e.g., UserSettings/Notification)
    participant KafkaSvc as KafkaEventService.publish_event
    participant Kafka as Kafka Broker
    participant DB as Consumer / EventStore

    Service->>Service: construct DomainEvent + EventMetadata
    Service->>KafkaSvc: publish_event(DomainEvent, key)
    KafkaSvc->>Kafka: produce(topic, key, DomainEvent)
    KafkaSvc-->>Service: return publish result / event_id
    Kafka->>DB: consumer processes & persists event (async)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• chore: type fixes #74: Overlapping changes to event domain/types, metadata, and event publishing/storage (same modules affected).
• fix: event bus #128: Related refactor removing in-process EventBus and converting callsites to Kafka/typed DomainEvent publishing.
• chore/test: add more tests for frontend #100: Changes to event models and frontend API/types that overlap with the event-type and route removals here.

Poem

🐰 I trimmed the hops of IP and name,
Correlation threads still hold their flame,
Typed events bound, they leap on key,
To Kafka fields where consumers be,
A rabbit cheers — small changes, big game! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main objective: removing client_ip and user_agent from internal flows and updating tests, though it contains a typo ('user_client' instead of 'user_agent').
Docstring Coverage	✅ Passed	Docstring coverage is 83.33% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/misc

---

No actionable comments were generated in the recent review. 🎉

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

1 issue found across 9 files (changes from recent commits).

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="backend/app/api/routes/events.py">

<violation number="1" location="backend/app/api/routes/events.py:231">
P2: Payload expansion happens after explicit fields, so payload keys can override event_type/aggregate_id/metadata and spoof event metadata. Filter out reserved keys (or move payload first) before merging.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

backend/app/domain/events/typed.py (2)

31-41: ⚠️ Potential issue | 🟡 Minor

Frontend EventMetadata type is now out of sync with the backend model.

The relevant code snippet from frontend/src/lib/api/types.gen.ts (lines 1814-1840) still includes ip_address and user_agent in EventMetadata. Since these fields were removed from the backend Pydantic model, the frontend type definition should be regenerated to stay consistent, or consumers relying on those fields will encounter undefined values.

---

259-272: ⚠️ Potential issue | 🔴 Critical

Remove unused UserLoginEvent and UserLoggedInEvent event classes.

These events are defined with ip_address and user_agent fields, but they are never instantiated or published anywhere in the codebase. The login flow in backend/app/api/routes/auth.py only logs to the application logger and does not emit domain events. Either implement event publishing in the auth flow or remove these unused event definitions and their union type entries.

backend/tests/e2e/services/execution/test_execution_service.py (1)

74-95: ⚠️ Potential issue | 🟡 Minor

Test no longer exercises custom timeout behavior.

With timeout_override removed, test_execute_script_with_custom_timeout is now functionally identical to test_execute_simple_script. The name and docstring are misleading. Either rename/repurpose it (e.g., verify that the effective default timeout is applied) or remove it to avoid a redundant test.

🤖 Fix all issues with AI agents

In `@backend/app/api/routes/events.py`:
- Around line 227-233: The payload spread can override reserved fields; sanitize
event_request.payload before merging by removing reserved keys ("metadata",
"event_type", "aggregate_id") and then build event_data using the explicit keys
plus the sanitized_payload, and pass that into
DomainEventAdapter.validate_python to ensure payload keys cannot overwrite the
explicit fields.

🧹 Nitpick comments (3)

backend/app/services/user_settings_service.py (1)

105-109: Hardcoded service_name / service_version — use self.settings for consistency.

Other services in this PR (e.g., notification_service.py line 210-211, events.py line 217-218) use settings.SERVICE_NAME and settings.SERVICE_VERSION for EventMetadata. This file hardcodes "integr8scode-user-settings" and "1.0.0", which will drift if the centralized settings change.

♻️ Suggested fix

         metadata=EventMetadata(
-            service_name="integr8scode-user-settings",
-            service_version="1.0.0",
+            service_name=self.settings.SERVICE_NAME,
+            service_version=self.settings.SERVICE_VERSION,
             user_id=user_id,
         ),

Apply the same change at lines 182-185 in restore_settings_to_point.

backend/app/services/execution_service.py (1)

87-93: Hardcoded service_name / service_version — same inconsistency as user_settings_service.

self.settings is available and likely has SERVICE_NAME / SERVICE_VERSION. Hardcoding "execution-service" and "2.0.0" diverges from the centralized config and from other services that use settings.SERVICE_NAME.

♻️ Suggested fix

     def _create_event_metadata(self, user_id: str) -> EventMetadata:
         """Create standardized event metadata."""
         return EventMetadata(
-            service_name="execution-service",
-            service_version="2.0.0",
+            service_name=self.settings.SERVICE_NAME,
+            service_version=self.settings.SERVICE_VERSION,
             user_id=user_id,
         )

backend/tests/e2e/services/execution/test_execution_service.py (1)

57-63: Trailing blank line after user_id argument looks like a removal artifact.

Several call sites (e.g., lines 60, 85, 108, 116, …) have a stray blank line between user_id=… and lang=…. This is consistent across all calls and is cosmetically harmless, but it hints that client_ip/user_agent lines were deleted without collapsing the gap.

Example cleanup (repeat for other call sites)

         result = await svc.execute_script(
             script="print('hello world')",
             user_id=user_id,
-
             lang="python",
             lang_version="3.11",
         )

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

backend/app/schemas_pydantic/events.py (1)

48-54: ⚠️ Potential issue | 🟡 Minor

Example event_type values don't match the actual EventType enum values.

EventType members have lowercase snake_case values (e.g., EXECUTION_REQUESTED = "execution_requested"), but the example uses the uppercase names ("EXECUTION_REQUESTED"). Pydantic v2 serializes StringEnum by value, so the OpenAPI example will be misleading in Swagger UI.

Proposed fix

                 "events_by_type": [
-                    {"event_type": "EXECUTION_REQUESTED", "count": 523},
-                    {"event_type": "EXECUTION_COMPLETED", "count": 498},
-                    {"event_type": "POD_CREATED", "count": 522},
+                    {"event_type": "execution_requested", "count": 523},
+                    {"event_type": "execution_completed", "count": 498},
+                    {"event_type": "pod_created", "count": 522},
                 ],

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[cubic-dev-ai]

1 issue found across 3 files (changes from recent commits).

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="frontend/src/components/editor/CodeMirrorEditor.svelte">

<violation number="1" location="frontend/src/components/editor/CodeMirrorEditor.svelte:35">
P2: The new theme check only honors 'dark'/'light', but editor settings still supply 'one-dark' and 'github', so explicit editor theme selections are no longer respected (e.g., 'one-dark' won’t force dark, 'github' can turn dark in dark mode).</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P2: The new theme check only honors 'dark'/'light', but editor settings still supply 'one-dark' and 'github', so explicit editor theme selections are no longer respected (e.g., 'one-dark' won’t force dark, 'github' can turn dark in dark mode).

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At frontend/src/components/editor/CodeMirrorEditor.svelte, line 35:

<comment>The new theme check only honors 'dark'/'light', but editor settings still supply 'one-dark' and 'github', so explicit editor theme selections are no longer respected (e.g., 'one-dark' won’t force dark, 'github' can turn dark in dark mode).</comment>

<file context>
@@ -32,8 +32,8 @@
         // Only use dark theme if explicitly set OR auto + dark mode active
-        const useDark = settings.theme === 'one-dark' ||
-            (settings.theme !== 'github' && document.documentElement.classList.contains('dark'));
+        const useDark = settings.theme === 'dark' ||
+            (settings.theme !== 'light' && document.documentElement.classList.contains('dark'));
         return useDark ? oneDark : githubLight;
</file context>

Suggested change

	const useDark = settings.theme === 'dark' ||
	(settings.theme !== 'light' && document.documentElement.classList.contains('dark'));
	const useDark = settings.theme === 'dark' || settings.theme === 'one-dark' ||
	((settings.theme === 'auto' || !settings.theme) && document.documentElement.classList.contains('dark'));