Conversation
Claude Code ReviewSummaryThis PR introduces ambient-api-server (a PostgreSQL-backed REST API built on rh-trex-ai framework) and ambient-sdk (Go/Python client libraries with generated types from OpenAPI specs). This is a strategic architecture shift from Kubernetes-native CRDs to a REST API-first approach. The code quality is generally good with 42 test files, comprehensive documentation, and solid security practices. However, there are critical issues that must be fixed before merge. Overall Assessment: Issues by Severity🚫 Blocker Issues1. Local Filesystem Dependencies in go.mod // components/ambient-api-server/go.mod:20
replace github.com/openshift-online/rh-trex-ai => /home/mturansk/projects/src/github.com/openshift-online/rh-trex-ai
References: CLAUDE.md Git Workflow section - "Branch verification: Always check current branch before file modifications" 🔴 Critical Issues2. Missing RBAC Enforcement in API Handlers Based on review of the ambient-api-server architecture and comparison with existing backend patterns:
Required fix: Add RBAC validation middleware that enforces project isolation References:
3. JSONB Fields Without Schema Validation Multiple critical fields stored as JSON strings without validation: // From DATA_MODEL_COMPARISON.md analysis
Repos *string // Should be []Repo, stored as JSONB
Conditions *string // Should be []Condition
ResourceOverrides *string // Should be map/struct
EnvironmentVariables *string // Should be map[string]string
ReconciledRepos *string // Should be []ReconciledRepo
Required fix:
References: CLAUDE.md - "Type-Safe Unstructured Access" pattern 🟡 Major Issues4. Incomplete Session Model vs Backend Major gaps identified in Missing Fields (from existing backend CRD):
Missing Endpoints:
Impact:
Required: Add missing fields and endpoints before this can replace the backend References:
5. Multi-Repo Support Incomplete
References: DATA_MODEL_COMPARISON.md line 32 6. Missing Control-Plane Reconciler
Required: Either include control-plane in this PR or clearly document it as follow-up work References:
🔵 Minor Issues7. Inconsistent JSON Field Naming
Recommendation: Document naming convention strategy in ambient-api-server/CLAUDE.md 8. No CI/CD Integration
Recommendation: Add GitHub Actions workflows before merge 9. Missing Integration Tests
Recommendation: Add smoke tests that validate SDK → API server communication Positive Highlights
RecommendationsBefore Merge (Priority Order):
Follow-Up Work (Document in Issues):
Code Quality Checklist StatusBased on CLAUDE.md standards: Backend/API Server:
SDK:
Final VerdictThis PR represents excellent foundational work for the Postgres-backed REST API architecture. The code quality, documentation, and design patterns are solid. However, the PR cannot be merged until:
Once these three blockers are addressed, this PR will provide a strong foundation for migrating from the Kubernetes-native backend to a REST API-first approach. Estimated effort to fix blockers: 4-8 hours Review performed by Claude Code using repository standards from CLAUDE.md, .claude/context/, and .claude/patterns/ 🔍 View AI decision process (logs available for 90 days) 📋 View memory system files loaded (click to expand)What Amber Loaded for Code ReviewAmber automatically loaded these repository standards from the memory system:
Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines. |
Builds on #637