codeant-ai-for-open-source[bot] commented on code in PR #40442:
URL: https://github.com/apache/superset/pull/40442#discussion_r3304457804
##########
superset-frontend/src/extensions/ExtensionsList.tsx:
##########
@@ -50,6 +61,54 @@ const ExtensionsList: FunctionComponent<ExtensionsListProps>
= ({
addDangerToast,
);
+ const [settings, setSettings] = useState<ExtensionSettings>({
+ active_chatbot_id: null,
+ enabled: {},
+ });
+
+ const [chatbotRegistryVersion, setChatbotRegistryVersion] = useState(0);
+ useEffect(
+ () =>
+ subscribeToLocation(CHATBOT_LOCATION, () =>
+ setChatbotRegistryVersion(v => v + 1),
+ ),
+ [],
+ );
+
+ useEffect(() => {
+ SupersetClient.get({ endpoint: '/api/v1/extensions/settings' })
+ .then(({ json }) => setSettings(json.result))
+ .catch(() => addDangerToast(t('Failed to load extension settings.')));
+ }, [addDangerToast]);
+
+ const saveSettings = useCallback(
+ (patch: Partial<ExtensionSettings>) => {
+ const next = { ...settings, ...patch };
+ SupersetClient.put({
+ endpoint: '/api/v1/extensions/settings',
+ jsonPayload: next,
+ })
+ .then(({ json }) => {
+ setSettings(json.result);
+ addSuccessToast(t('Settings saved.'));
+ })
+ .catch(() => addDangerToast(t('Failed to save extension settings.')));
+ },
+ [settings, addDangerToast, addSuccessToast],
+ );
Review Comment:
**Suggestion:** `saveSettings` builds `next` from a captured `settings`
snapshot, so rapid consecutive toggles/selections can race and overwrite each
other with stale data (last response wins, not latest user intent). Use a
functional state update and serialize/merge in-flight writes so each save is
based on the latest state. [race condition]
<details>
<summary><b>Severity Level:</b> Major ⚠️</summary>
```mdx
- ⚠️ Rapid toggling yields incorrect enabled state persisted server-side.
- ⚠️ Admins may misconfigure chatbot choice under concurrent changes.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. Load the Extensions admin UI so that `ExtensionsList` mounts and
initializes `settings`
state at `superset-frontend/src/extensions/ExtensionsList.tsx:64-67` with
`active_chatbot_id: null` and an empty `enabled` map.
2. Note that `saveSettings` at
`superset-frontend/src/extensions/ExtensionsList.tsx:84-98`
builds `next` from the captured `settings` closure (`const next = {
...settings, ...patch
};` line 86) and sends this full object in a PUT to
`/api/v1/extensions/settings` (lines
87-90), only updating local state after the server responds (lines 91-93).
3. With two or more extensions, quickly toggle extension A and then
extension B before the
first PUT resolves: `toggleEnabled` at
`superset-frontend/src/extensions/ExtensionsList.tsx:100-104` uses the same
captured
`settings.enabled` snapshot (`{ ...settings.enabled, [extensionId]: enabled
}` line 102)
to compute each patch, so both requests are based on the same pre-toggle
baseline.
4. This yields two concurrent PUTs whose payloads each reflect only one of
the toggles
(e.g., first `{A:false,B:true}`, second `{A:true,B:false}` instead of
`{A:false,B:false}`); whichever response arrives last and is applied via
`setSettings(json.result)` (line 92) becomes the final state, meaning the
latest user
intent (both toggles) can be lost.
```
</details>
[Fix in
Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=f3af2f7ae8d14e85b6f8cdf867689a81&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
| [Fix in VSCode
Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=f3af2f7ae8d14e85b6f8cdf867689a81&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** superset-frontend/src/extensions/ExtensionsList.tsx
**Line:** 84:98
**Comment:**
*Race Condition: `saveSettings` builds `next` from a captured
`settings` snapshot, so rapid consecutive toggles/selections can race and
overwrite each other with stale data (last response wins, not latest user
intent). Use a functional state update and serialize/merge in-flight writes so
each save is based on the latest state.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40442&comment_hash=b230a350410c2456c9a46bd76ed3681fc3034d665125595b86976ec81a92a016&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40442&comment_hash=b230a350410c2456c9a46bd76ed3681fc3034d665125595b86976ec81a92a016&reaction=dislike'>👎</a>
##########
superset-frontend/src/extensions/ExtensionsList.tsx:
##########
@@ -50,6 +61,54 @@ const ExtensionsList: FunctionComponent<ExtensionsListProps>
= ({
addDangerToast,
);
+ const [settings, setSettings] = useState<ExtensionSettings>({
+ active_chatbot_id: null,
+ enabled: {},
+ });
+
+ const [chatbotRegistryVersion, setChatbotRegistryVersion] = useState(0);
+ useEffect(
+ () =>
+ subscribeToLocation(CHATBOT_LOCATION, () =>
+ setChatbotRegistryVersion(v => v + 1),
+ ),
+ [],
+ );
+
+ useEffect(() => {
+ SupersetClient.get({ endpoint: '/api/v1/extensions/settings' })
+ .then(({ json }) => setSettings(json.result))
+ .catch(() => addDangerToast(t('Failed to load extension settings.')));
Review Comment:
**Suggestion:** This page calls `GET`/`PUT` on
`/api/v1/extensions/settings`, but that route is not implemented in the current
backend, so these requests will consistently fail at runtime and the UI cannot
persist settings. Point this UI to an existing API contract (or gate rendering
behind backend availability) before shipping. [api mismatch]
<details>
<summary><b>Severity Level:</b> Critical 🚨</summary>
```mdx
- ❌ Extensions admin page cannot load or save settings.
- ⚠️ Admins see repeated error toasts on Extensions page.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. Navigate to the Extensions admin page, which renders the `ExtensionsList`
component
exported from `superset-frontend/src/extensions/ExtensionsList.tsx:50-53`
and wired into
routing via the lazy `Extensions` import in
`superset-frontend/src/views/routes.tsx:22-24`.
2. On component mount, the effect at
`superset-frontend/src/extensions/ExtensionsList.tsx:78-82` executes
`SupersetClient.get({
endpoint: '/api/v1/extensions/settings' })` (line 79) to load settings.
3. Backend code under `superset/` contains no implementation of
`/api/v1/extensions/settings`; a global search for this path (via Grep over
`/workspace/superset`) finds only frontend usages in
`src/components/ChatbotMount/index.tsx:39` and
`src/extensions/ExtensionsList.tsx:79`, and
no Flask or REST API route definitions, so the GET request returns a 404/5xx.
4. Because the endpoint is missing, the GET and any subsequent PUT at
`superset-frontend/src/extensions/ExtensionsList.tsx:87-90` will
consistently fail,
causing the page to show "Failed to load/save extension settings." toasts
and making it
impossible for admins to persist extension enablement or default chatbot
selection.
```
</details>
[Fix in
Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=4e162dae3cea47a193262f14c789043f&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
| [Fix in VSCode
Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=4e162dae3cea47a193262f14c789043f&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** superset-frontend/src/extensions/ExtensionsList.tsx
**Line:** 79:81
**Comment:**
*Api Mismatch: This page calls `GET`/`PUT` on
`/api/v1/extensions/settings`, but that route is not implemented in the current
backend, so these requests will consistently fail at runtime and the UI cannot
persist settings. Point this UI to an existing API contract (or gate rendering
behind backend availability) before shipping.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40442&comment_hash=c6c3e8ab420b4c03e1366520525cbea8421aace8f47678548060374968fe2e6e&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40442&comment_hash=c6c3e8ab420b4c03e1366520525cbea8421aace8f47678548060374968fe2e6e&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
