Conversation
- Add custom prompt API, model, CRUD and template prompt support - Add is_full_template migration for custom_prompt - Add statistics API and frontend statistics page - Add Helm chart for K8s deployment (deploy/helm/sqlbot) - Add build-k8s.sh and update build scripts - Update prompt management UI and menu (i18n, router, Menu.vue) - Add DsDetailPanel, update ChatList and Datasource views - Integrate custom prompt in chat LLM task and template.yaml - Add backend/logs/ to .gitignore Made-with: Cursor
Add fixed STATISTICS_MENU_SPEC and insertStatisticsMenu() so that 「统计分析」 is always visible in the sidebar when not under /system, following the same decoupled menu pattern as custom prompt (SET_MENU_SPEC). Made-with: Cursor
- 新增 schemas/statistics.py 与 crud/statistics.py - API 层仅做路由与权限,业务逻辑下沉到 CRUD - 支持趋势、数据源 Top、失败分析、用户明细、问数记录等接口 Made-with: Cursor
- 统计 API 对接新后端接口(趋势、数据源 Top、失败分析、用户/数据源明细、记录分页) - 统计页支持时间范围、趋势指标、排序、分页与问数明细抽屉 Made-with: Cursor
- 设置菜单由固定配置生成,自定义提示词与统计分析仅系统管理员(uid=1)可见 - 统计分析从系统管理侧栏移至「设置」下,路由增加 /set/statistics - 增加 menu.statistics 多语言文案 Made-with: Cursor
- 更新 menu-mechanism 与 qa-custom-menu-xpack - 新增 qa-set-menu-permission-and-xpack 说明设置菜单权限与 xpack 关系 Made-with: Cursor
- 移除 smart detect 与 sync 相关 v-if="ds.type !== 'excel'" 限制 Made-with: Cursor
Made-with: Cursor
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 5 potential issues.
Bugbot Free Tier Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| from apps.db.db import exec_sql, get_version, check_connection | ||
| from apps.system.crud import custom_prompt as custom_prompt_crud | ||
| from apps.system.crud.assistant import AssistantOutDs, AssistantOutDsFactory, get_assistant_ds | ||
| from apps.system.crud import custom_prompt as system_custom_prompt_crud |
There was a problem hiding this comment.
Duplicate unused import of custom_prompt module
Low Severity
The module apps.system.crud.custom_prompt is imported twice under two different aliases: custom_prompt_crud on line 43 and system_custom_prompt_crud on line 45. Only system_custom_prompt_crud is actually used (at line 333 in build_rule_snippets). The custom_prompt_crud alias is dead code that adds confusion about which reference is canonical.
| user_msg = f"请优化以下提示词:\n\n{body.prompt}" | ||
| try: | ||
| messages = [SystemMessage(content=system), HumanMessage(content=user_msg)] | ||
| result = llm.invoke(messages) |
There was a problem hiding this comment.
Blocking synchronous LLM call in async endpoint
High Severity
The optimize_prompt endpoint is declared async but calls llm.invoke(messages) synchronously on line 103. LangChain's invoke is a blocking call that can take seconds during LLM inference. This blocks the FastAPI event loop, preventing all other concurrent requests from being served until the LLM call completes. The call needs to use await llm.ainvoke(messages) or be offloaded to a thread executor.
| all_rows = list(session.exec(stmt).all()) | ||
| total = len(all_rows) | ||
| start = (page - 1) * size | ||
| page_rows = all_rows[start : start + size] |
There was a problem hiding this comment.
Statistics records query loads all rows into memory
Medium Severity
get_records executes the full query and materializes all matching rows into a Python list (all_rows = list(session.exec(stmt).all())), then paginates in Python with slice. For large deployments with many chat records, this loads potentially millions of rows into memory for every page request. The count and pagination belong in the SQL query via COUNT(*) and LIMIT/OFFSET.
| meta: { title: i18n.global.t('prompt.customize_prompt_words') }, | ||
| }) | ||
| } | ||
| } |
There was a problem hiding this comment.
Missing route guard for statistics under /set
Medium Severity
ensureSetPromptRoute re-adds the prompt child route under /set after xpack may have removed it, but does not do the same for the newly added statistics route. If xpack's LicenseGenerator.generateRouters removes non-standard children of /set, clicking "统计分析" in the sidebar would navigate to a non-existent route, resulting in a blank page or unmatched route.
| if not row: | ||
| from fastapi import HTTPException | ||
| raise HTTPException(status_code=404, detail="Not Found") | ||
| return _row_to_dict(row) |
There was a problem hiding this comment.
FastAPI route /{id} may shadow type-based paths
Medium Severity
The GET /{id} route (line 59, parameter typed as int) is declared after GET /{type}/page/... but before GET /{type}/export. In FastAPI, if a single-segment request like GET /system/custom_prompt/GENERATE_SQL is made, it matches /{id} first. Since GENERATE_SQL cannot be parsed as int, FastAPI returns a 422 validation error rather than a meaningful 404. This could confuse API consumers and may interfere if future single-segment string routes are added.
Additional Locations (1)
|
fix some bug |
2 participants
你正在以 Merger 角色处理 Pull Request,负责在合并前做最后确认并执行合并。
合并前必须确认:
执行合并时:
禁止:
收到一个 PR 链接或分支名时,先逐条对照上述清单说明你的结论,再给出是否可合并及建议的合并方式。
Note
Medium Risk
Adds new database column plus new backend APIs (custom prompts, prompt optimization, and chat statistics) and changes prompt injection in the LLM pipeline, which can affect query generation and runtime performance. Also introduces a new Helm chart/build flow, increasing deployment/configuration surface area.
Overview
Adds first-party custom prompt management (DB migration
custom_prompt.is_full_template, newcustom_promptmodel/CRUD, and/system/custom_prompt/*API with Excel export) plus/system/default-promptsand/system/prompt/optimizeto fetch default templates/variables and optionally LLM-optimize prompt text.Updates LLM prompt assembly so
custom_promptis always a string, injects it into the YAML templates inside rule sections, and merges licensed (xpack) prompts with systemcustom_promptrules wrapped as<rule>...</rule>snippets.Introduces admin statistics (
/system/statistics/*) with aggregation overChatRecord/ChatLog(tokens, success/failure, latency percentiles, top/detailed breakdowns, and record listing), and updates the frontend to add a/set/statisticsroute plus a settings menu that’s decoupled fromgetRoutes()and hidesprompt/statisticsfor non-system-admin users (with a guard to re-add the/set/promptroute if xpack removes it).Adds deployment tooling:
build-k8s.shand a newdeploy/helm/sqlbotchart (ConfigMap/Secret/PVC/Ingress/Service/Deployment) for Kubernetes installs, and minor UI enhancements like bulk chat history deletion and datasource multi-select delete.Written by Cursor Bugbot for commit bca26fb. This will update automatically on new commits. Configure here.