ambient-code
diff --git a/‎COMPREHENSIVE_FIELD_USAGE_ANALYSIS.md‎
Lines changed: 376 additions & 0 deletions b/‎COMPREHENSIVE_FIELD_USAGE_ANALYSIS.md‎
Lines changed: 376 additions & 0 deletions
@@ -0,0 +1,376 @@
+# Comprehensive Field Usage Analysis: All Session Operations
+
+## Summary
+Complete analysis of field usage across all session-related operations:
+- **CreateSession** (POST)
+- **UpdateSession** (PUT)
+- **PatchSession** (PATCH)
+- **CloneSession** (POST /clone)
+- **StartSession** (POST /start)
+- **StopSession** (POST /stop)
+- **Other operations**
+
+---
+
+## 1. CreateSession (POST /api/projects/:projectName/agentic-sessions)
+
+### ✅ USED FIELDS
+
+| Field | Frontend Sends | Backend Uses | Handler Lines |
+|-------|---------------|--------------|---------------|
+| `prompt` | ✅ page.tsx, dialog.tsx | ✅ | 358 |
+| `llmSettings.model` | ✅ Both | ✅ | 312-313 |
+| `llmSettings.temperature` | ✅ Both | ✅ | 315-316 |
+| `llmSettings.maxTokens` | ✅ Both | ✅ | 318-319 |
+| `timeout` | ✅ Both | ✅ | 324-325 |
+| `interactive` | ✅ page.tsx | ✅ | 411-412 |
+| `autoPushOnComplete` | ✅ page.tsx | ✅ | 416-417 |
+| `repos` | ✅ page.tsx | ✅ | 424-444 |
+| `mainRepoIndex` | ✅ page.tsx | ✅ | 446-447 |
+| `environmentVariables` | ✅ page.tsx | ✅ | 375-377 |
+| `labels` | ✅ page.tsx | ✅ | 338-343 |
+| `parent_session_id` | ❌ Not sent | ✅ | 380-402 (if provided) |
+
+### ⚠️ PARTIALLY USED
+
+| Field | Frontend | Backend | Notes |
+|-------|----------|---------|-------|
+| `displayName` | ❌ Not sent | ✅ Line 359 | Read but often empty string |
+| `userContext` | ❌ Not sent | ⚠️ Lines 470-475 | **userId ALWAYS overwritten** from auth token. Only `displayName`/`groups` used as fallback if auth doesn't provide them |
+| `annotations` | ❌ Not sent | ✅ Lines 345-350 | Handler supports it, but frontend never sends |
+
+### ❌ UNUSED FIELDS
+
+| Field | Type Definition | Handler Usage | Frontend Sends |
+|-------|----------------|---------------|----------------|
+| `WorkspacePath` | Line 71 | ❌ **NEVER referenced** | ✅ page.tsx sends it (line 126) |
+| `BotAccount` | Line 78 | ✅ Lines 485-488 | ❌ Never sent |
+| `ResourceOverrides` | Line 79 | ✅ Lines 492-508 | ❌ Never sent |
+
+### Frontend Form Fields (Never Sent)
+
+| Field | Location | Status |
+|-------|----------|--------|
+| `agentPersona` | page.tsx defaultValues (line 91) | ❌ Form field exists, **never added to request** |
+| `anthropicApiKey` | dialog.tsx (line 80) | ❌ Form field, **explicitly not sent** (TODO comment line 99) |
+| `saveApiKeyForFuture` | dialog.tsx (line 81) | ❌ Form field, **explicitly not sent** (TODO comment line 99) |
+
+---
+
+## 2. UpdateSession (PUT /api/projects/:projectName/agentic-sessions/:sessionName)
+
+### ✅ USED FIELDS
+
+| Field | Backend Handler | Lines |
+|-------|----------------|-------|
+| `prompt` | ✅ | 934 |
+| `displayName` | ✅ | 935 |
+| `llmSettings.model` | ✅ | 939-940 |
+| `llmSettings.temperature` | ✅ | 942-943 |
+| `llmSettings.maxTokens` | ✅ | 945-946 |
+| `timeout` | ✅ | 951-952 |
+
+### ❌ UNUSED FIELDS (Handler Ignores)
+
+| Field | Type Definition | Handler Usage |
+|-------|----------------|---------------|
+| `Interactive` | Line 70 | ❌ **Not updated** - UpdateSession only updates prompt, displayName, llmSettings, timeout |
+| `WorkspacePath` | Line 71 | ❌ Not used |
+| `ParentSessionID` | Line 72 | ❌ Not used |
+| `Repos` | Line 74 | ❌ Not used |
+| `MainRepoIndex` | Line 75 | ❌ Not used |
+| `AutoPushOnComplete` | Line 76 | ❌ Not used |
+| `UserContext` | Line 77 | ❌ Not used |
+| `BotAccount` | Line 78 | ❌ Not used |
+| `ResourceOverrides` | Line 79 | ❌ Not used |
+| `EnvironmentVariables` | Line 80 | ❌ Not used |
+| `Labels` | Line 81 | ❌ Not used |
+| `Annotations` | Line 82 | ❌ Not used |
+
+**Note**: UpdateSession uses `CreateAgenticSessionRequest` type but only processes 4 fields. All other fields are ignored.
+
+### Frontend Usage
+- **No frontend calls UpdateSession** - The route exists but no React Query hook or component uses it
+- Frontend uses `UpdateSessionDisplayName` instead (dedicated endpoint)
+
+---
+
+## 3. PatchSession (PATCH /api/projects/:projectName/agentic-sessions/:sessionName)
+
+### ✅ USED FIELDS
+
+| Field | Backend Handler | Lines |
+|-------|----------------|-------|
+| `metadata.annotations` | ✅ | 873-883 |
+
+### ❌ UNUSED FIELDS
+
+| Field | Handler Behavior |
+|-------|------------------|
+| `spec.*` | ❌ **Not patched** - Only metadata.annotations supported |
+| `status.*` | ❌ **Not patched** - Only metadata.annotations supported |
+| `metadata.labels` | ❌ **Not patched** - Only metadata.annotations supported |
+| `metadata.name` | ❌ **Not patched** - Only metadata.annotations supported |
+
+**Note**: PatchSession only supports patching `metadata.annotations`. All other fields are ignored.
+
+### Frontend Usage
+- **No frontend calls PatchSession** - Route exists but unused
+
+---
+
+## 4. CloneSession (POST /api/projects/:projectName/agentic-sessions/:sessionName/clone)
+
+### ✅ USED FIELDS
+
+| Field | Frontend Sends | Backend Handler | Lines |
+|-------|---------------|----------------|-------|
+| `targetProject` | ✅ clone-session-dialog.tsx (line 78) | ✅ | 1629, 1682, 1692, 1703 |
+| `newSessionName` | ✅ clone-session-dialog.tsx (line 79) | ✅ | 1653, 1660, 1681 |
+
+### ❌ UNUSED FIELDS
+
+| Field | Type Definition | Handler Usage |
+|-------|----------------|---------------|
+| `DisplayName` | CloneAgenticSessionRequest line 100 | ❌ **Not used** - Uses source session's displayName |
+| `Prompt` | CloneAgenticSessionRequest line 101 | ❌ **Not used** - Uses source session's spec |
+| `TargetSessionName` | CloneAgenticSessionRequest line 99 | ❌ **Not used** - Uses `newSessionName` instead |
+
+**Note**: `CloneAgenticSessionRequest` has unused fields. Handler only uses `targetProject` and `newSessionName` from `CloneSessionRequest`.
+
+### Frontend Usage
+- Frontend sends: `{ targetProject, newSessionName }`
+- Backend type has extra fields that are never used
+
+---
+
+## 5. StartSession (POST /api/projects/:projectName/agentic-sessions/:sessionName/start)
+
+### Request Body
+- **No body** - Frontend sends empty POST (sessions.ts line 90)
+- Handler doesn't read any request body
+
+### Handler Logic
+- Reads current session from CRD
+- Updates status to "Pending" to trigger operator
+- Handles continuation logic (parent session annotation)
+- Regenerates runner token
+- Deletes old job if continuation
+
+---
+
+## 6. StopSession (POST /api/projects/:projectName/agentic-sessions/:sessionName/stop)
+
+### Request Body
+- **Optional body** - Frontend can send `StopAgenticSessionRequest` (sessions.ts line 74)
+- **Handler ignores body** - No code reads request body (lines 1939-2078)
+
+### Handler Logic
+- Reads current session from CRD
+- Deletes Job and Pods
+- Updates status to "Stopped"
+- Sets `interactive: true` in spec for restart capability
+
+### Unused Type
+- `StopAgenticSessionRequest` type exists but handler never reads it
+
+---
+
+## 7. UpdateSessionDisplayName (PUT /api/projects/:projectName/agentic-sessions/:sessionName/displayname)
+
+### ✅ USED FIELDS
+
+| Field | Backend Handler | Lines |
+|-------|----------------|-------|
+| `displayName` | ✅ | 989, 1016 |
+
+### Frontend Usage
+- **No frontend calls this** - Route exists but unused
+
+---
+
+## 8. SelectWorkflow (POST /api/projects/:projectName/agentic-sessions/:sessionName/workflow)
+
+### ✅ USED FIELDS
+
+| Field | Backend Handler | Lines |
+|-------|----------------|-------|
+| `gitUrl` | ✅ | 1078 |
+| `branch` | ✅ | 1080-1083 |
+| `path` | ✅ | 1085-1086 |
+
+### Frontend Usage
+- **No frontend calls this** - Route exists but unused
+
+---
+
+## 9. AddRepo (POST /api/projects/:projectName/agentic-sessions/:sessionName/repos)
+
+### ✅ USED FIELDS
+
+| Field | Backend Handler | Lines |
+|-------|----------------|-------|
+| `url` | ✅ | 1172 |
+| `branch` | ✅ | 1173 |
+| `output.url` | ✅ | 1178 |
+| `output.branch` | ✅ | 1179 |
+
+### Frontend Usage
+- **No frontend calls this** - Route exists but unused
+
+---
+
+## 10. RemoveRepo (DELETE /api/projects/:projectName/agentic-sessions/:sessionName/repos/:repoName)
+
+### Request Body
+- **No body** - Uses URL param `repoName`
+
+### Frontend Usage
+- **No frontend calls this** - Route exists but unused
+
+---
+
+## 📊 SUMMARY STATISTICS
+
+### CreateSession
+- **Total fields in type**: 13
+- **Fields sent by frontend**: 8-9 (varies by form)
+- **Fields used by handler**: 10
+- **Fields ignored**: 3 (`WorkspacePath`, `UserContext.userId`, `status`)
+
+### UpdateSession
+- **Total fields in type**: 13
+- **Fields used by handler**: 4 (`prompt`, `displayName`, `llmSettings.*`, `timeout`)
+- **Fields ignored**: 9 (all others)
+
+### CloneSession
+- **Total fields in type**: 4
+- **Fields used by handler**: 2 (`targetProject`, `newSessionName`)
+- **Fields ignored**: 2 (`displayName`, `prompt`)
+
+### StopSession
+- **Request body**: Optional, but **never read by handler**
+
+---
+
+## 🚨 CRITICAL FINDINGS
+
+### 1. Type Mismatch: UpdateSession
+- **Type**: Uses `CreateAgenticSessionRequest` (13 fields)
+- **Reality**: Only processes 4 fields (`prompt`, `displayName`, `llmSettings.*`, `timeout`)
+- **Impact**: Misleading API contract - clients might send fields that are silently ignored
+
+### 2. Unused Request Types
+- `UpdateAgenticSessionRequest` (line 90-95) - **Defined but never used**
+  - UpdateSession uses `CreateAgenticSessionRequest` instead
+  - Should use `UpdateAgenticSessionRequest` for clarity
+- `StopAgenticSessionRequest` - **Defined but handler never reads body**
+
+### 3. Frontend Form Fields Never Sent
+- `agentPersona` - Form field exists, never added to request
+- `anthropicApiKey` - Form field exists, explicitly not sent (TODO)
+- `saveApiKeyForFuture` - Form field exists, explicitly not sent (TODO)
+
+### 4. Backend Fields Never Used
+- `WorkspacePath` - Frontend sends it, backend **never references it**
+- `UserContext.userId` - **Always overwritten** from auth token (security)
+- `UpdateSession` ignores 9 out of 13 fields in request type
+
+### 5. Unused Endpoints
+- `UpdateSession` - No frontend calls it
+- `PatchSession` - No frontend calls it
+- `UpdateSessionDisplayName` - No frontend calls it
+- `SelectWorkflow` - No frontend calls it
+- `AddRepo` - No frontend calls it
+- `RemoveRepo` - No frontend calls it
+
+---
+
+## 🎯 RECOMMENDATIONS
+
+### High Priority
+
+1. **Fix UpdateSession Type Mismatch**
+   - Use `UpdateAgenticSessionRequest` instead of `CreateAgenticSessionRequest`
+   - Or document that UpdateSession only supports 4 fields
+
+2. **Remove or Implement Unused Frontend Fields**
+   - Remove `agentPersona` from form OR wire it into request
+   - Remove `anthropicApiKey` fields OR implement backend support
+
+3. **Remove WorkspacePath**
+   - Frontend sends it but backend never uses it
+   - Remove from request type or document why it's sent but ignored
+
+### Medium Priority
+
+4. **Document Security Overrides**
+   - Clearly document that `userContext.userId` is ALWAYS overwritten
+   - Document that `metadata.name` and `metadata.namespace` are controlled
+
+5. **Clean Up Unused Endpoints**
+   - Remove or document endpoints that frontend never calls
+   - Or implement frontend support for them
+
+6. **Fix CloneSession Type**
+   - Remove unused fields from `CloneAgenticSessionRequest`
+   - Or use `CloneSessionRequest` consistently
+
+### Low Priority
+
+7. **Consider Separate Types**
+   - Create-specific fields vs Update-specific fields
+   - Reduces confusion about what fields are actually used
+
+---
+
+## 📋 FIELD USAGE BY OPERATION
+
+| Operation | Request Type | Fields Used | Fields Ignored | Frontend Calls |
+|-----------|-------------|-------------|----------------|----------------|
+| **CreateSession** | `CreateAgenticSessionRequest` | 10/13 | 3 | ✅ Yes |
+| **UpdateSession** | `CreateAgenticSessionRequest` | 4/13 | 9 | ❌ No |
+| **PatchSession** | `map[string]interface{}` | 1 (annotations) | All others | ❌ No |
+| **CloneSession** | `CloneSessionRequest` | 2/2 | 0 | ✅ Yes |
+| **StartSession** | No body | 0 | N/A | ✅ Yes |
+| **StopSession** | Optional body | 0 | Body ignored | ✅ Yes |
+| **UpdateDisplayName** | `{displayName}` | 1/1 | 0 | ❌ No |
+| **SelectWorkflow** | `WorkflowSelection` | 3/3 | 0 | ❌ No |
+| **AddRepo** | `{url, branch, output?}` | 4/4 | 0 | ❌ No |
+| **RemoveRepo** | URL param only | 0 | N/A | ❌ No |
+
+---
+
+## 🔍 DETAILED FIELD BREAKDOWN
+
+### CreateAgenticSessionRequest (13 fields)
+
+| Field | CreateSession | UpdateSession | Frontend Sends |
+|-------|---------------|---------------|----------------|
+| `Prompt` | ✅ Used | ✅ Used | ✅ Yes |
+| `DisplayName` | ⚠️ Read (often empty) | ✅ Used | ❌ No |
+| `LLMSettings` | ✅ Used | ✅ Used | ✅ Yes |
+| `Timeout` | ✅ Used | ✅ Used | ✅ Yes |
+| `Interactive` | ✅ Used | ❌ Ignored | ✅ Yes |
+| `WorkspacePath` | ❌ **Never referenced** | ❌ Ignored | ✅ Yes (page.tsx) |
+| `ParentSessionID` | ✅ Used | ❌ Ignored | ❌ No |
+| `Repos` | ✅ Used | ❌ Ignored | ✅ Yes |
+| `MainRepoIndex` | ✅ Used | ❌ Ignored | ✅ Yes |
+| `AutoPushOnComplete` | ✅ Used | ❌ Ignored | ✅ Yes |
+| `UserContext` | ⚠️ Partial (userId overwritten) | ❌ Ignored | ❌ No |
+| `BotAccount` | ✅ Supported | ❌ Ignored | ❌ No |
+| `ResourceOverrides` | ✅ Supported | ❌ Ignored | ❌ No |
+| `EnvironmentVariables` | ✅ Used | ❌ Ignored | ✅ Yes |
+| `Labels` | ✅ Used | ❌ Ignored | ✅ Yes |
+| `Annotations` | ✅ Supported | ❌ Ignored | ❌ No |
+
+---
+
+## 💡 KEY INSIGHTS
+
+1. **UpdateSession is broken** - Uses wrong type, ignores 9/13 fields
+2. **WorkspacePath is dead code** - Sent but never used
+3. **Many endpoints unused** - 6 endpoints have no frontend calls
+4. **Type system doesn't match reality** - Types suggest more fields are used than actually are
+5. **Security fields always overridden** - `userContext.userId`, `metadata.name`, `metadata.namespace` cannot be set by clients
+