Skip to content

Add ZohoDeskAgent #1453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
whoisarpit merged 4 commits into from
Mar 10, 2025
Merged

Add ZohoDeskAgent #1453

whoisarpit merged 4 commits into from
Mar 10, 2025

Conversation

@whoisarpit
Copy link
Contributor

@whoisarpit whoisarpit commented Mar 10, 2025

PR Checklist

  • The commit message follows our guidelines: Code of conduct
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • Does this PR introduce a breaking change?
  • Include PR in release notes?

PR Type

  • Bugfix
  • Feature
  • Refactoring
  • Build /CI
  • Documentation
  • Others

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Other information

@whoisarpit whoisarpit requested a review from CTY-git March 10, 2025 06:01
@whoisarpit whoisarpit merged commit 5a9627a into main Mar 10, 2025
2 of 4 checks passed
@whoisarpit whoisarpit deleted the feature/ZohoDeskAgent branch March 10, 2025 08:32
@patched-admin
Copy link
Contributor

patched-admin commented Mar 10, 2025

File Changed: patchwork/common/tools/api_tool.py

Rule 1: Do not ignore potential bugs in the code

Details: Potential bug in HTTP version formatting. The division operation response.raw.version / 10 assumes the version will always be a valid integer multiple of 10. This could cause floating-point arithmetic issues or crashes if the version number is unexpected.

Affected Code Snippet:

f"HTTP/{response.raw.version / 10:.1f} {status_code} {response.reason}\n"

Start Line: 97
End Line: 97

Rule 2: Do not overlook possible security vulnerabilities

Details: Potential security vulnerability in logging sensitive HTTP data. The code logs the complete HTTP response including headers and body, which might contain sensitive information (auth tokens, personal data, etc.) in debug logs.

Affected Code Snippet:

msg = (
    f"HTTP/{response.raw.version / 10:.1f} {status_code} {response.reason}\n"
    f"{header_string}\n"
    f"\n"
    f"{response_text}"
)

logger.debug(msg)

Start Line: 96
End Line: 103

File Changed: patchwork/common/utils/zoho_token_manager.py

Rule 1: Do not ignore potential bugs in the code

Details: The code contains potential bugs in error handling and token validation:

  1. No validation of response data from Zoho API
  2. Silent error handling in _save_tokens() could mask critical issues

Affected Code Snippet:

def _save_tokens(self, token_data: Dict):
    if self._on_save:
        try:
            self._on_save(token_data)
        except Exception as e:
            print(f"Error in token save callback: {e}")  # Only prints error

Start Line: 40
End Line: 49

Affected Code Snippet:

token_data = response.json()
self.access_token = token_data.get("access_token")
self.refresh_token = token_data.get("refresh_token")
self.expires_at = time.time() + token_data.get("expires_in", 3600)

Start Line: 77
End Line: 80

Rule 2: Do not overlook possible security vulnerabilities

Details: Several security vulnerabilities identified:

  1. Sensitive data exposure in YAML file without encryption
  2. No HTTPS validation in requests
  3. Sensitive data in exception messages

Affected Code Snippet:

def create_yml_save_callback(config_path: Path) -> Callable[[Dict], None]:
    def save_callback(token_updates: Dict):
        with open(config_path, "r") as f:
            config = yaml.safe_load(f)
        config.update(token_updates)
        with open(config_path, "w") as f:
            yaml.dump(config, f)

Start Line: 161
End Line: 192

Affected Code Snippet:

response = requests.post(url, params=params)
if response.status_code != 200:
    raise Exception(f"Failed to refresh access token: {response.text}")

Start Line: 113
End Line: 115

File Changed: patchwork/steps/ZohoDeskAgent/README.md

Rule 1: Do not ignore potential bugs in the code

Details: The example code contains a potential bug where error handling is not demonstrated for invalid API tokens or failed API calls. This could lead to unhandled exceptions in production.

Affected Code Snippet:

# Initialize the agent
agent = ZohoDeskAgent({
    "zoho_access_token": "your_zoho_access_token",
    "org_id": "your_organization_id",
    "user_prompt": "Get information about ticket https://github.com/patched-codes/patchwork/pull/1453/files#diff-f5c0b31273d413bd8620da2de9b228d1dd97e07cb8ef95528431503ba4cca463",
    "prompt_value": {"ticket_id": "12345"},
    "anthropic_api_key": "your_anthropic_api_key",
    "max_agent_calls": 3
})

# Run the agent
result = agent.run()
print(result)

Start Line: 41
End Line: 53

Rule 2: Do not overlook possible security vulnerabilities

Details: The code example shows sensitive information being passed directly as parameters without any mention of secure handling of API tokens. There should be warnings about not hardcoding tokens and using environment variables or secure secret management.

Affected Code Snippet:

agent = ZohoDeskAgent({
    "zoho_access_token": "your_zoho_access_token",
    "org_id": "your_organization_id",
    "user_prompt": "Get information about ticket https://github.com/patched-codes/patchwork/pull/1453/files#diff-f5c0b31273d413bd8620da2de9b228d1dd97e07cb8ef95528431503ba4cca463",
    "prompt_value": {"ticket_id": "12345"},
    "anthropic_api_key": "your_anthropic_api_key",
    "max_agent_calls": 3
})

Start Line: 42
End Line: 49

File Changed: patchwork/steps/ZohoDeskAgent/ZohoDeskAgent.py

Rule 1: Do not ignore potential bugs in the code

Details: Potential bug found in user_prompt template rendering. The mustache_render function is called with inputs.get("prompt_value") which might be None, potentially causing rendering issues.

Affected Code Snippet:

user_prompt_template=mustache_render(inputs.get("user_prompt"), inputs.get("prompt_value")),

Start Line: 48
End Line: 48

Details: Potential bug in error handling. The code doesn't validate the response from API calls or handle API failures gracefully.

Affected Code Snippet:

def run(self) -> dict:
    # Execute the agentic strategy
    result = self.agentic_strategy.execute(limit=self.conversation_limit)
    # Return results with usage information
    return {**result, **self.agentic_strategy.usage()}

Start Line: 92
End Line: 96

Rule 2: Do not overlook possible security vulnerabilities

Details: Security vulnerability in access token handling. The Zoho access token is stored in plaintext and passed directly to headers without any encryption or secure storage mechanism.

Affected Code Snippet:

self.headers = {
    "Authorization": f"Zoho-oauthtoken {inputs.get('zoho_access_token')}",
    "orgId": inputs.get("org_id"),
    "Content-Type": "application/json",
    "Accept": "application/json",
}

Start Line: 33
End Line: 39

File Changed: patchwork/steps/ZohoDeskAgent/typed.py

Rule 1: Do not ignore potential bugs in the code

Details: The code exposes potential bugs due to unvalidated dictionary values in prompt_value and unspecified maximal size limits for lists in the outputs.

Affected Code Snippet:

class __ZohoDeskAgentInputsRequired(TypedDict):
    prompt_value: Dict[str, Any]

class ZohoDeskAgentOutputs(TypedDict):
    conversation_history: List[Dict]
    tool_records: List[Dict]

Start Line: 8
End Line: 28

Explanation: The use of Dict[str, Any] for prompt_value and unbounded List[Dict] for output fields could lead to memory issues or unexpected behavior due to arbitrary data structures. Consider adding validation or more specific type constraints.

Rule 2: Do not overlook possible security vulnerabilities

Details: Sensitive API keys are exposed as plain string inputs without additional security constraints or validation.

Affected Code Snippet:

class ZohoDeskAgentInputs(__ZohoDeskAgentInputsRequired, total=False):
    openai_api_key: Annotated[str, StepTypeConfig(or_op=["google_api_key", "anthropic_api_key"])]
    anthropic_api_key: Annotated[str, StepTypeConfig(or_op=["google_api_key", "openai_api_key"])]
    google_api_key: Annotated[str, StepTypeConfig(or_op=["openai_api_key", "anthropic_api_key"])]

Start Line: 13
End Line: 16

Explanation: API keys should be handled with additional security measures, such as encryption annotations or secure string types. Consider using a secure credential management system or adding validation for key format/strength.

File Changed: patchwork/steps/__init__.py

Rule 2: Do not overlook possible security vulnerabilities

Details: Potential security consideration - Adding a new integration with Zoho Desk API could introduce security risks if not properly configured. While the import itself is safe, implementers should ensure proper API authentication and data handling in the ZohoDeskAgent class.

Affected Code Snippet:

from patchwork.steps.ZohoDeskAgent.ZohoDeskAgent import ZohoDeskAgent

Start Line: 55

End Line: 55

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@CTY-git CTY-git CTY-git approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@whoisarpit @patched-admin @CTY-git