Langent v3: Security hardening, logging, testing, and CI/CD#1
Merged
AlexAI-MCP merged 2 commits intomainfrom Feb 25, 2026
Merged
Langent v3: Security hardening, logging, testing, and CI/CD#1AlexAI-MCP merged 2 commits intomainfrom
AlexAI-MCP merged 2 commits intomainfrom
Conversation
Analyzes all 15 source files across architecture, code quality, type safety, error handling, testing, security, documentation, CI/CD, and dependency management. Identifies critical issues including hardcoded credentials, Cypher injection risks, a variable interpolation bug in workflows.py, and near-zero test coverage. Overall score: 5.7/10 (C+). https://claude.ai/code/session_016U1fwL9D4aZQaF6rsrThpC
…haul
P0 — Critical bug fixes:
- Remove hardcoded Neo4j password from config.py and graph.py
- Fix ${query} interpolation bug in workflows.py (was not substituting variables)
- Fix mcp_server.py calling nonexistent agent.graph.query() -> agent.graph_query()
- Remove hardcoded Windows path fallback in mcp_server.py
P1 — Security & quality:
- Add Cypher injection prevention with _validate_identifier() in GraphStore
- Replace all print() with structured logging module across all 15 source files
- Add optional API key authentication middleware for write endpoints
- Add Pydantic request models for FastAPI (IngestRequest, GraphQueryRequest)
- Add FastAPI dependency injection (replace global singleton pattern)
- Add input validation with Query() constraints on API parameters
- Add /health endpoint
- Add requests timeout for Ollama proxy
- Add missing 'requests' to dependencies
P1 — Testing:
- Add comprehensive pytest suite: 47 test cases across 7 test files
- conftest.py with shared fixtures (tmp_workspace, vector_store, config)
- test_config.py: config loading, no hardcoded creds verification
- test_chunker.py: chunking logic, edge cases, metadata preservation
- test_ingest.py: file scanning, text extraction, ingestion pipeline
- test_graph_store.py: Cypher injection prevention validation
- test_vector_store.py: CRUD, search, deduplication, collections
- test_llm_proxy.py: all LLM modes, v3 branding
- test_workflows.py: verifies ${} bug is fixed via source inspection
P2 — DevOps & tooling:
- Add GitHub Actions CI (lint + test on Python 3.10/3.11/3.12)
- Add Dockerfile for containerized deployment
- Add .dockerignore
- Add ruff config (pyproject.toml) for linting
- Add mypy config for type checking
- Add pytest config (testpaths, asyncio_mode)
- Remove sys.path.insert() hacks from api.py and mcp_server.py
- Add 'status' CLI command
- Update README with v3 changes, Docker instructions, dev workflow
All 47 tests pass.
https://claude.ai/code/session_016U1fwL9D4aZQaF6rsrThpC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR upgrades Langent from v2 to v3 with comprehensive security fixes, structured logging, test coverage, and CI/CD infrastructure. The codebase is now production-ready with hardened input validation, removed credentials, and automated quality checks.
Key Changes
Security (Critical)
password: str = "yw02280228"with safe default"password"inconfig.pyandgraph.py_validate_identifier()function ingraph.pyto sanitize Neo4j labels and property keys against injection attacksverify_api_key()dependency inapi.pyIngestRequest,GraphQueryRequest) instead of raw query parameterssys.path.insert()calls inapi.pyandmcp_server.pythat indicated packaging issuesLogging & Observability
print()withloggingmodule: Converted custom_log()methods and print statements across all modules to use Python's standardloggingframeworklogger = logging.getLogger(__name__)for structured logginglogger.info(),logger.warning(),logger.error()instead of silent exception swallowingTesting (New)
test_vector_store.py: VectorStore deduplication, search, deletiontest_graph_store.py: Cypher injection prevention validationtest_chunker.py: Document chunking with overlap and size constraintstest_ingest.py: File scanning and text extractiontest_config.py: Configuration loading and defaultstest_llm_proxy.py: LLM proxy modes (fake, mcp, ollama)test_workflows.py: AgentState structure and f-string interpolation fixconftest.pywith reusable fixtures (tmp_workspace,vector_store,config)Bug Fixes
${query},${context},${graph_str}to proper Python f-string syntax{query},{context},{graph_str}(lines 95-101)agent.graph.query()toagent.graph_query()inmcp_server.py:137import jsoninapi.pymcp_server.pyCode Quality & Architecture
Depends(get_langent)andDepends(verify_api_key)Query(default=5, ge=1, le=100)Optional[str] = Noneinstead ofstr = None)_init_graph()method for better error handlingCI/CD & DevOps (New)
.github/workflows/ci.ymlwith:ruff checkon Python 3.11https://claude.ai/code/session_016U1fwL9D4aZQaF6rsrThpC