feat : enable observability

[rajadilipkolli]

No description provided.

[coderabbitai]

Walkthrough

This pull request introduces configuration enhancements for a chatbot application. A new SwaggerConfig class has been added to provide OpenAPI documentation configuration, specifying the API title and version. The application.properties file has been updated with multiple new properties, including observability settings, management endpoints, tracing configurations, and database connection details. These changes aim to improve the application's configurability, observability, and documentation.

Changes

File	Change Summary
chatbot/.../SwaggerConfig.java	Added new configuration class with @OpenAPIDefinition to set API metadata
chatbot/.../application.properties	- Updated spring.ai.ollama.init.pull-model-strategy property - Added observability properties for vector store and chat interactions - Introduced management and tracing endpoint configurations - Added PostgreSQL database connection properties

Possibly related PRs

• polish chat and move to pgvector #129: The changes in application.properties related to the spring.ai.ollama.init.pull-model-strategy property are relevant as they both involve configuration adjustments in the same file, indicating a focus on enhancing the application's configuration management.

Poem

🐰 A Swagger of Config, a Rabbit's Delight
Properties dancing, configs so bright
OpenAPI singing its version so clear
Endpoints exposed, observability near
A chatbot's symphony, coded with might! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

chatbot/chatbot-ollama-springai/src/main/java/com/example/chatbot/config/SwaggerConfig.java (1)

10-10: Add JavaDoc or explanatory comment
Consider adding a brief JavaDoc or code comment on the class to describe its purpose and usage. This helps future maintainers understand the file’s role in generating the API docs.

chatbot/chatbot-ollama-springai/src/main/resources/application.properties (1)

21-25: Management endpoints, tracing, and metrics
Exposing all management endpoints (management.endpoints.web.exposure.include=*) is convenient for development but may pose security concerns in production. Consider restricting these endpoints or securing them with proper authentication.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 09c1cb4 and 373e62f.

⛔ Files ignored due to path filters (5)

• .gitpod.yml is excluded by !**/*.yml
• .vscode/launch.json is excluded by !**/*.json
• chatbot/chatbot-ollama-springai/docker/docker-compose.yml is excluded by !**/*.yml
• chatbot/chatbot-ollama-springai/pom.xml is excluded by !**/*.xml
• chatbot/chatbot-ollama-springai/src/main/resources/logback-spring.xml is excluded by !**/*.xml

📒 Files selected for processing (2)

• chatbot/chatbot-ollama-springai/src/main/java/com/example/chatbot/config/SwaggerConfig.java (1 hunks)
• chatbot/chatbot-ollama-springai/src/main/resources/application.properties (1 hunks)

🔇 Additional comments (6)

chatbot/chatbot-ollama-springai/src/main/java/com/example/chatbot/config/SwaggerConfig.java (4)

1-1: Ensure package scope is intended
Since SwaggerConfig is declared at package level (no public modifier), confirm that only classes within com.example.chatbot.config need to access it. If you intend for other packages or external modules to use this config, consider making it public.

---

3-5: Good usage of OpenAPI annotations
The imports for OpenAPIDefinition, Info, and Server are straightforward, aligning well with modern Spring-based OpenAPI usage.

---

8-8: Configuration best practices
Annotating the class with @Configuration(proxyBeanMethods = false) is an efficient practice as it avoids the overhead of using CGLIB proxies for bean methods. This is recommended for configuration classes that do not need proxying.

---

9-9: Comprehensive API metadata
Defining the API title and version clearly sets up a good foundation for documentation. Including the server URL "/" ensures all endpoints are discovered correctly.

chatbot/chatbot-ollama-springai/src/main/resources/application.properties (2)

6-6: Case-sensitive property change
Changing spring.ai.ollama.init.pull-model-strategy to WHEN_MISSING (uppercase) is valid as long as the underlying code or library expects this exact case. Verify that the application logic respects the new capitalization.

---

13-13: Schema validation approach
Enabling spring.ai.vectorstore.pgvector.schema-validation ensures the schema is validated for PgVector usage, which can prevent runtime surprises. Confirm you have the correct migration scripts or schema definitions in place.

[coderabbitai]

⚠️ Potential issue

Observability enhancements
The newly introduced properties for including query responses, completions, prompts, and inputs signal a robust approach to observability. Ensure that any sensitive or personally identifiable information is properly sanitized before being logged or recorded.

Data leakage risk can be mitigated by anonymizing or obfuscating PII in logs to safeguard user privacy.

[coderabbitai]

⚠️ Potential issue

Handle credentials securely
Storing DB credentials (spring.datasource.username and spring.datasource.password) in plain text can pose a security risk. In production environments, consider using environment variables or a secret store (e.g., HashiCorp Vault or AWS Secrets Manager).

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

chatbot/chatbot-ollama-springai/src/main/resources/application.properties (1)

28-30: 🛠️ Refactor suggestion

Externalize database credentials

Database credentials should not be stored in plain text in properties files.

Consider these Spring Boot security best practices:

1. Use environment variables:

spring.datasource.url=${DB_URL:jdbc:postgresql://localhost:5432/appdb}
spring.datasource.username=${DB_USER}
spring.datasource.password=${DB_PASSWORD}

2. Or use Spring Cloud Config Server with encryption:

spring.config.import=configserver:
spring.cloud.config.uri=http://config-server:8888

3. Or use Jasypt for property encryption:

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
</dependency>

spring.datasource.password=ENC(encrypted_password_here)

🧹 Nitpick comments (1)

chatbot/chatbot-ollama-springai/src/main/resources/application.properties (1)

20-24: Restrict management endpoint exposure for production

Several security and performance considerations:

1. Exposing all management endpoints (*) could be a security risk
2. 100% tracing sampling might impact performance
3. OTLP endpoints are hardcoded to localhost

Consider:

1. Limiting exposed endpoints in production:

# Development
management.endpoints.web.exposure.include=health,info,metrics,prometheus

# Add endpoint security
management.endpoints.web.base-path=/actuator
management.endpoints.web.exposure.exclude=env,beans

2. Adjusting sampling rate per environment:

# Development
management.tracing.sampling.probability=1.0
# Production
management.tracing.sampling.probability=0.1

3. Externalizing OTLP configuration:

management.otlp.tracing.endpoint=${OTLP_ENDPOINT:http://localhost:4318/v1/traces}
management.otlp.logging.endpoint=${OTLP_ENDPOINT:http://localhost:4318/v1/logs}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 373e62f and 5dce2b7.

📒 Files selected for processing (1)

• chatbot/chatbot-ollama-springai/src/main/resources/application.properties (1 hunks)

🔇 Additional comments (2)

chatbot/chatbot-ollama-springai/src/main/resources/application.properties (2)

6-6: LGTM: Enum value correction

The change to uppercase WHEN_MISSING aligns with Spring's enum value conventions.

---

14-19: Consider adding data masking configuration

While the observability settings are comprehensive, consider adding configuration options to mask sensitive data in:

• Query responses
• Chat completions
• Prompts
• User inputs

Let's check if Spring AI provides masking capabilities:

#!/bin/bash
# Search for masking/sanitization configuration options
rg -i "mask|sanitize|sensitive|pii" --type properties