Fix: Fix revision commit endpoints silently discard unknown fields in…

[justin212407]

Summary

What changed: Set model_config = ConfigDict(extra="forbid") on every *RevisionData DTO so revision-commit endpoints reject unknown top-level fields under data instead of silently dropping them. Pydantic now returns HTTP 422 naming the offending field.

Strict configuration applied to all six revision-commit domains:

Domain	API DTO	SDK DTO
workflows	inherited via BaseWorkflowRevisionData	sdks/python/agenta/sdk/models/workflows.py — WorkflowRevisionData
applications	api/oss/src/core/applications/dtos.py — ApplicationRevisionData	sdks/python/agenta/sdk/models/workflows.py — ApplicationRevisionData
evaluators	api/oss/src/core/evaluators/dtos.py — EvaluatorRevisionData	sdks/python/agenta/sdk/models/workflows.py — EvaluatorRevisionData
testsets	api/oss/src/core/testsets/dtos.py — TestsetRevisionData	sdks/python/agenta/sdk/models/testsets.py — TestsetRevisionData
queries	api/oss/src/core/queries/dtos.py — QueryRevisionData	—
environments	api/oss/src/core/environments/dtos.py — EnvironmentRevisionData	—

Although Pydantic v2 inherits model_config from a strict parent, the explicit declarations on ApplicationRevisionData and EvaluatorRevisionData make the contract grep-friendly per domain.

Why: Fixes #4315. POST /{applications,workflows,evaluators,testsets,queries,environments}/revisions/commit used to accept unknown top-level fields inside data (e.g. the legacy ag_config wrapper) and silently discard them while returning HTTP 200 with count: 1. Users got a false success signal and lost their payload.

Additional changes

• Removed _normalize_configuration_for_legacy_paths from api/oss/src/core/embeds/service.py. That helper injected a top-level configuration key into embed-resolution payloads, which extra="forbid" would have rejected at WorkflowsService.resolve_workflow_revision. Legacy configuration.parameters.* shapes are no longer supported — the canonical parameters.* path is the only one.

Behavior change

• Before: data: {"ag_config": {...}} → HTTP 200, count: 1, stored data: {}.
• After: same payload → HTTP 422 with ag_config named in the validation error.

This is a breaking change for any client still sending stale envelope shapes. Detection is straightforward: callers match on the 422 and migrate.

Testing

New SDK unit tests — sdks/python/oss/tests/pytest/unit/test_revision_data_extra_forbid.py:

• WorkflowRevisionData accepts known fields, rejects ag_config and other unknowns.
• TestsetRevisionData accepts testcase_ids, rejects csvdata.

New acceptance tests — api/oss/tests/pytest/acceptance/test_revision_commit_extra_forbid.py:

• One test per domain, covering all six /revisions/commit endpoints.
• Each test creates the parent artifact + variant, then POSTs an unknown top-level data field and asserts the response is 422 with the offending field named in the error body.

Verified locally with curl:

{
  "detail": [
    {
      "type": "extra_forbidden",
      "loc": ["body", "application_revision_commit", "data", "ag_config"],
      "msg": "Extra inputs are not permitted",
      "input": { "prompt": { "messages": [{"role": "system", "content": "sys"}] } }
    }
  ]
}

Valid payloads with data: {"parameters": {...}} continue to return HTTP 200 with count: 1.

Related issues

• Fixes Revisions commit endpoints silently discard unknown fields in data #4315 — Revisions commit endpoints silently discard unknown fields in data
• Related: Tracing: query↔ingest schema asymmetry on ag.metrics.duration.cumulative #4172, Tracing ingest: per-span validation errors drop the whole batch instead of landing in unsupported #4173, POST /testsets/revisions/{id}/upload silently fails when testset_id is not set on the commit #4176 — sibling silent-failure-on-write bugs

[vercel]

@justin212407 is attempting to deploy a commit to the agenta projects Team on Vercel.

A member of the Team first needs to authorize it.

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 3e78d860-a12d-43b4-9d17-f439f98a4123

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR enforces strict Pydantic validation across revision data models by adding model_config = ConfigDict(extra="forbid") to WorkflowRevisionData, QueryRevisionData, and TestsetRevisionData, adds WorkflowRevisionCommitData, and updates workflow DTO data fields to use the new base/commit types.

Changes

Strict validation enforcement

Layer / File(s)	Summary
SDK model strict validation contract sdks/python/agenta/sdk/models/workflows.py	WorkflowRevisionData adds model_config = ConfigDict(extra="forbid") to reject unknown fields during SDK-level validation.
API DTO enforcement across revision types api/oss/src/core/workflows/dtos.py, api/oss/src/core/queries/dtos.py, api/oss/src/core/testsets/dtos.py	Each API DTO file imports ConfigDict and configures its respective RevisionData model (WorkflowRevisionData, QueryRevisionData, TestsetRevisionData) with extra="forbid". The workflows DTO also defines WorkflowRevisionCommitData (forbids extra fields) and updates WorkflowRevisionCommit.data to use the stricter commit type.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Revisions commit endpoints silently discard unknown fields in data #4315: PR directly addresses the reported silent-dropping-of-unknown-fields by adding ConfigDict(extra="forbid") to revision data models and introducing a stricter commit-data type for workflows.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 60.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly relates to the main change: fixing revision commit endpoints to reject unknown fields instead of silently discarding them.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The PR description clearly explains the changes: adding strict validation via ConfigDict(extra='forbid') to multiple RevisionData DTOs across six domains to prevent silent data loss when unknown fields are sent.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR tightens validation for workflow revision data payloads so unknown fields are rejected instead of silently discarded during commit operations.

Changes:

• Adds extra="forbid" to SDK WorkflowRevisionData.
• Adds a server-side strict WorkflowRevisionData wrapper.
• Adds an application revision regression test for stale ag_config payloads returning 422.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
sdks/python/agenta/sdk/models/workflows.py	Makes SDK workflow revision data reject unknown fields.
api/oss/src/core/workflows/dtos.py	Makes server workflow revision data reject unknown fields.
api/oss/tests/pytest/acceptance/applications/test_application_variants_and_revisions.py	Adds an acceptance test for application revision commit validation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[justin212407]

@jp-agenta Could you review these changes once you are free?

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ee7999e1-9f30-4a60-85ac-4edb138434e3

📥 Commits

Reviewing files that changed from the base of the PR and between bb3ce13 and 41777ce.

📒 Files selected for processing (1)

• api/oss/src/core/workflows/dtos.py

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

Comments suppressed due to low confidence (2)

api/oss/src/core/testsets/dtos.py:160

• extra="forbid" on TestsetRevisionData changes request validation behavior for /testsets/revisions/commit (unknown keys under data will now return 422 instead of being ignored). Please add/adjust acceptance tests to cover this new rejection path, so clients get a clear, stable error contract and we don’t regress back to silently dropping fields.

class TestsetRevisionData(BaseModel):
    model_config = ConfigDict(extra="forbid")

    testcase_ids: Optional[List[UUID]] = None
    testcases: Optional[List[Testcase]] = None

api/oss/src/core/queries/dtos.py:146

• With extra="forbid" on QueryRevisionData, unknown keys under data will now be rejected with 422 for /queries/revisions/commit. Add acceptance test coverage for this failure mode (assert status 422 and that the response mentions the offending key) to lock in the intended behavior and avoid future silent-drop regressions.

class QueryRevisionData(BaseModel):
    model_config = ConfigDict(extra="forbid")

    formatting: Optional[Formatting] = None
    filtering: Optional[Filtering] = None
    windowing: Optional[Windowing] = None

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

Comments suppressed due to low confidence (3)

sdks/python/agenta/sdk/models/workflows.py:135

• The PR description claims a new acceptance test test_commit_application_revision_rejects_unknown_data_field was added, but it is not present in api/oss/tests/pytest/acceptance/applications/test_application_variants_and_revisions.py in this branch. Please add the described test (or update the PR description) so the stricter extra="forbid" behavior is protected against regressions.

class WorkflowRevisionData(BaseModel):
    model_config = ConfigDict(extra="forbid")

    uri: Optional[str] = None

    url: Optional[str] = None
    headers: Optional[Dict[str, Union[str, Reference]]] = None

    runtime: Optional[Literal["python", "typescript", "javascript"]] = None
    script: Optional[str] = None

    schemas: Optional[JsonSchemas] = None

    parameters: Optional[Data] = None

api/oss/src/core/testsets/dtos.py:160

• This changes TestsetRevisionData validation to reject unknown keys (extra="forbid"), which will make /testsets/revisions/commit (and any other endpoints consuming this DTO) return 422 for stale payload shapes. Please add an acceptance/regression test that exercises the commit endpoint with an unknown field and asserts the 422 error contains the offending key, to prevent reintroducing silent drops.

class TestsetRevisionData(BaseModel):
    model_config = ConfigDict(extra="forbid")

    testcase_ids: Optional[List[UUID]] = None
    testcases: Optional[List[Testcase]] = None

api/oss/src/core/workflows/dtos.py:71

• The PR description says extra="forbid" is set on WorkflowRevisionData in this file, but the only explicit ConfigDict(extra="forbid") is on WorkflowRevisionCommitData (which is not used by WorkflowRevisionCommit.data). If the goal is to make commit endpoints reject unknown fields via the server-side DTO, please apply the config on the actual WorkflowRevisionData type used by the commit/request models (or update the description to match the implementation).

class WorkflowRevisionData(BaseWorkflowRevisionData):
    pass


WorkflowRevisionCommitData = WorkflowRevisionData


class WorkflowRevisionCommitData(BaseWorkflowRevisionData):
    model_config = ConfigDict(extra="forbid")

[justin212407]

this one got a little messy with all the commits opening the new one with the right changes.

[justin212407]

Hey I have made the new PR here - #4415. Please check this out.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.