Skip to content

feat(dotAI): Dot AI LangChain4J - Anthropic#36138

Draft
ihoffmann-dot wants to merge 3 commits into
mainfrom
dot-ai-langchain-anthropic
Draft

feat(dotAI): Dot AI LangChain4J - Anthropic#36138
ihoffmann-dot wants to merge 3 commits into
mainfrom
dot-ai-langchain-anthropic

Conversation

@ihoffmann-dot

@ihoffmann-dot ihoffmann-dot commented Jun 12, 2026

Copy link
Copy Markdown
Member

Summary

Adds Anthropic as a supported provider, talking directly to the Anthropic Messages
API with an API key — distinct from accessing Claude models through AWS Bedrock,
which requires AWS infrastructure and IAM credentials.

  • Add langchain4j-anthropic dependency (version via langchain4j BOM)
  • Add AnthropicModelProviderStrategy registered in LangChain4jModelFactory.STRATEGIES
  • Chat + streaming chat via AnthropicChatModel / AnthropicStreamingChatModel
  • Embeddings and image throw UnsupportedOperationException (Anthropic has no such APIs)
  • endpoint config field overrides the default base URL (proxies/gateways)
  • Add 8 unit tests in LangChain4jModelFactoryTest

Configuration

{
  "chat": {
    "provider": "anthropic",
    "model": "claude-sonnet-4-6",
    "apiKey": "sk-ant-...",
    "maxTokens": 4096,
    "temperature": 0.7
  }
}

Notes

  • Model IDs use the Anthropic form: claude-sonnet-4-6, claude-opus-4-8, claude-haiku-4-5.
  • maxRetries is not supported by the streaming chat model and is ignored with a warning (same behavior as the OpenAI provider).

Related Issue

This PR fixes #36135
EPIC: dotAI Multi-Provider Support #33970

@github-actions github-actions Bot mentioned this pull request Jun 12, 2026
Open
5 tasks
@github-actions github-actions Bot added the Area : Backend PR changes Java/Maven backend code label Jun 12, 2026
@claude

claude Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Claude finished @ihoffmann-dot's task in 1m 12s —— View job

Rollback Safety Analysis

  • Read rollback-unsafe categories reference
  • Get full PR diff
  • Analyze diff against each category
  • Apply appropriate label

Result: ✅ Safe To Rollback

This PR adds Anthropic as a new AI provider by introducing a new Java class (AnthropicModelProviderStrategy), a new Maven dependency, and test coverage. No changes to database schema, Elasticsearch mappings, content data models, REST API contracts, or any stored/persistent data structures.

Category-by-category analysis:

Category Verdict
C-1 Structural Data Model Change ✅ No DB changes of any kind
C-2 Elasticsearch Mapping Change ✅ No ES mapping code touched
C-3 Content JSON Model Version Bump ✅ No ImmutableContentlet or CURRENT_MODEL_VERSION changes
C-4 DROP TABLE / DROP COLUMN ✅ No schema DDL
H-1 One-Way Data Migration ✅ No runonce task, no data transforms
H-2 RENAME TABLE / RENAME COLUMN ✅ Not present
H-3 PK Restructuring ✅ Not present
H-4 New ContentType Field Type ✅ Not present
H-5 Binary Storage Provider Change ✅ Not present
H-6 DROP PROCEDURE / FUNCTION ✅ Not present
H-7 NOT NULL Column Without Default ✅ Not present
H-8 VTL Viewtool Contract Change ✅ No viewtool changes
M-1 Non-Broadening Column Type Change ✅ Not present
M-2 Push Publishing Bundle Format ✅ Not present
M-3 REST/GraphQL API Contract Change ✅ No REST endpoints changed
M-4 OSGi Plugin API Breakage ✅ No public interfaces changed

Changes in this PR are purely additive:

  • dotCMS/pom.xml — new langchain4j-anthropic dependency added (no version conflicts with BOM)
  • AnthropicModelProviderStrategy.java — new class, registered in the existing strategy list
  • LangChain4jModelFactory.java — doc update + one new strategy entry in the STRATEGIES list
  • ProviderConfig.java — Javadoc-only update
  • LangChain4jModelFactoryTest.java — new unit tests only

Rolling back to the previous release simply removes the Anthropic provider option — no data written, no schema changed, N-1 starts and operates identically to before.

Label applied: AI: Safe To Rollback

@github-actions

github-actions Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🤖 Codex Review — openai.gpt-5.5

**[> [🟡 Medium] dotCMS/pom.xml:517 — New dependency is added directly to dotCMS/pom.xml without a corresponding change in bom/application/pom.xml. dotCMS convention requires dependency version management to be added in bom/application/pom.xml only; if this artifact is not already managed, Maven builds will fail or dependency resolution will be inconsistent.

Run: #27393355787 · tokens: in: 3665 · out: 605 (reasoning: 516) · total: 4270

@github-actions

github-actions Bot commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🤖 Bedrock Review — qwen.qwen3-next-80b-a3b

New Issues

  • 🔴 Critical: dotCMS/pom.xml:535-540 — Adding langchain4j-anthropic dependency to dotCMS/pom.xml instead of bom/application/pom.xml violates dotCMS convention that dependency versions must be declared only in the BOM. This risks version drift and inconsistent transitive dependency resolution across modules.
  • 🟠 High: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:45config.apiKey() is passed directly to AnthropicChatModel.builder().apiKey() without validation or redaction. If the API key is logged (e.g., via debug logging or exception stack traces), it exposes a sensitive credential. No logging or masking is implemented per dotCMS security policy for secrets.
  • 🟠 High: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:67maxRetries is silently ignored in streaming mode without any user-facing warning or exception. This creates a silent misconfiguration risk: users may believe retries are enabled when they are not, leading to unhandled API failures.
  • 🟡 Medium: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:77buildEmbeddingModel and buildImageModel throw UnsupportedOperationException without a @WrapInTransaction guard or fallback mechanism. If this code path is invoked in a transactional context (e.g., via REST API), the exception may leave a transaction in an inconsistent state. No rollback or error recovery is implemented.
  • 🟡 Medium: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:82validate() uses ModelProviderStrategy.requireNonBlank() but does not check if config.endpoint() is a valid URL. A malformed endpoint (e.g., http:// without host) could cause a MalformedURLException at runtime, which is not caught or logged. This is a silent failure point.
  • 🟡 Medium: dotCMS/src/test/java/com/dotcms/ai/client/langchain4j/LangChain4jModelFactoryTest.java:550 — Test uses hardcoded "test-key" as API key. If this key is ever accidentally committed to a public repo or leaked in CI logs, it becomes a credential exposure risk. dotCMS requires test secrets to be mocked or injected via environment variables, never hardcoded.

Existing

  • 🟡 Medium: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/LangChain4jModelFactory.java:23 — The class still lacks @WrapInTransaction on any method that mutates state (e.g., model caching). This is a pre-existing issue not fixed by this PR.

Resolved

  • dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/ProviderConfig.java:18 — Updated documentation to include anthropic as supported provider — now accurate.

Run: #28260035928 · tokens: in: 4460 · out: 1007 · total: 5467

@github-actions

github-actions Bot commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🤖 Bedrock Review — qwen.qwen3-next-80b-a3b

New Issues

  • 🔴 Critical: dotCMS/pom.xml:535-540 — Adding langchain4j-anthropic dependency to dotCMS/pom.xml instead of bom/application/pom.xml violates version management convention (same as prior finding, still present)
  • 🟠 High: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:45 — Anthropic API key is passed directly without redaction or masking, risking credential leakage in logs (same as prior finding, still present)
  • 🟠 High: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:67 — maxRetries is silently ignored in streaming model builder, creating silent misconfiguration risk (same as prior finding, still present)
  • 🟡 Medium: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:77 — UnsupportedOperationException thrown without transaction guard, risking inconsistent state in transactional contexts (same as prior finding, still present)
  • 🟡 Medium: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:82 — Endpoint validation does not check for URL validity, risking runtime MalformedURLException (same as prior finding, still present)
  • 🟡 Medium: dotCMS/src/test/java/com/dotcms/ai/client/langchain4j/LangChain4jModelFactoryTest.java:550 — Hardcoded API key 'test-key' in test creates credential exposure risk (same as prior finding, still present)

Existing

  • 🔴 Critical: dotCMS/pom.xml:535-540 — Adding langchain4j-anthropic dependency to dotCMS/pom.xml instead of bom/application/pom.xml violates version management convention
  • 🟠 High: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:45 — Anthropic API key is passed directly without redaction or masking, risking credential leakage in logs
  • 🟠 High: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:67 — maxRetries is silently ignored in streaming model builder, creating silent misconfiguration risk
  • 🟡 Medium: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:77 — UnsupportedOperationException thrown without transaction guard, risking inconsistent state in transactional contexts
  • 🟡 Medium: dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/AnthropicModelProviderStrategy.java:82 — Endpoint validation does not check for URL validity, risking runtime MalformedURLException
  • 🟡 Medium: dotCMS/src/test/java/com/dotcms/ai/client/langchain4j/LangChain4jModelFactoryTest.java:550 — Hardcoded API key 'test-key' in test creates credential exposure risk

Resolved

  • dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/ProviderConfig.java:18 — Documentation updated to include anthropic provider; prior finding about missing provider in doc is resolved
  • dotCMS/src/main/java/com/dotcms/ai/client/langchain4j/LangChain4jModelFactory.java:23 — AnthropicModelProviderStrategy added to STRATEGIES; prior finding about missing strategy registration is resolved

Run: #28260166934 · tokens: in: 5092 · out: 1101 · total: 6193

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

AI: Safe To Rollback Area : Backend PR changes Java/Maven backend code

Projects

dotCMS - Product Planning
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] dotAI: LangChain4J integration — Phase 2 (Anthropic)

1 participant

@ihoffmann-dot