Main to dev by ea-rus · Pull Request #11863 · mindsdb/minds-platform

ea-rus · 2025-11-11T09:32:01Z

Description

Update develop from main

Co-authored-by: Hamish Fagg <ivdata+github@ivdata.net>

…#11490) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Stepanov <stpmax@yandex.ru>

Co-authored-by: Andrey <elkin.andr@gmail.com> Co-authored-by: Hamish Fagg <hamish@mindsdb.com>

)

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Hamish Fagg <ivdata+github@ivdata.net> Co-authored-by: Max Stepanov <stpmax@yandex.ru> Co-authored-by: Hamish Fagg <hamish@mindsdb.com> Co-authored-by: Daniel Usvyat <usvyat@gmail.com> Co-authored-by: Raahim Lone <raahimlone@gmail.com> Co-authored-by: martyna-mindsdb <109554435+martyna-mindsdb@users.noreply.github.com> Co-authored-by: Lucas Koontz <lucas.emanuel.koontz@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Konstantin Sivakov <konstantin.sivakov@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Zoran Pandovski <zoran.pandovski@gmail.com> Co-authored-by: Vignesh S.M <90998381+vigbav36@users.noreply.github.com> Co-authored-by: Michael Olayemi Olawepo <154475559+sejubar@users.noreply.github.com> Co-authored-by: Chandre Van Der Westhuizen <32901682+chandrevdw31@users.noreply.github.com> Co-authored-by: Sebastián Tobón Hernández <setohe.09@gmail.com> Co-authored-by: Jorge Torres <jorge.torres.maldonado@gmail.com>

Co-authored-by: Minura Punchihewa <49385643+MinuraPunchihewa@users.noreply.github.com>

Co-authored-by: Minura Punchihewa <49385643+MinuraPunchihewa@users.noreply.github.com> Co-authored-by: Zoran Pandovski <zoran.pandovski@gmail.com>

# Conflicts: # mindsdb/__about__.py # mindsdb/api/a2a/agent.py # mindsdb/api/a2a/task_manager.py # mindsdb/api/executor/utilities/sql.py # mindsdb/api/http/namespaces/databases.py # mindsdb/api/http/namespaces/handlers.py # mindsdb/api/http/namespaces/sql.py # mindsdb/api/mysql/mysql_proxy/mysql_proxy.py # mindsdb/integrations/handlers/huggingface_handler/requirements.txt # mindsdb/integrations/handlers/huggingface_handler/requirements_cpu.txt # mindsdb/integrations/handlers/mssql_handler/mssql_handler.py # mindsdb/integrations/handlers/mysql_handler/mysql_handler.py # mindsdb/integrations/handlers/shopify_handler/shopify_handler.py # mindsdb/integrations/utilities/rag/rerankers/base_reranker.py # mindsdb/interfaces/knowledge_base/controller.py # mindsdb/interfaces/storage/db.py # mindsdb/utilities/log.py # requirements/requirements-test.txt # requirements/requirements.txt # tests/unit/api/http/byom_test.py # tests/unit/api/http/files_test.py

entelligence-ai-pr-reviews · 2025-11-11T09:41:09Z

🔒 Entelligence AI Vulnerability Scanner

✅ No security vulnerabilities found!

Your code passed our comprehensive security analysis.

📊 Files Analyzed: 58 files

entelligence-ai-pr-reviews · 2025-11-11T10:10:20Z

Review Summary

🏷️ Draft Comments (99)

Skipped posting 99 draft comments that were valid but scored below your review threshold (>=13/15). Feel free to update them here.
mindsdb/__main__.py (1)
180-189: db.session.commit() is called inside a loop in set_error_model_status_by_pids, causing N database commits for N predictors, which is highly inefficient for large datasets.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/__main__.py, lines 180-189, the function `set_error_model_status_by_pids` calls `db.session.commit()` inside a loop, causing one commit per predictor. This is inefficient for large numbers of predictors. Refactor the code so that all updates are made in the loop, but `db.session.commit()` is called only once after the loop.
mindsdb/api/a2a/agent.py (2)
48-48: requests.post in invoke lacks a timeout, risking resource exhaustion and thread blocking under network issues or slow backend, especially at scale.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/a2a/agent.py, line 48, the `requests.post` call in the `invoke` method does not specify a timeout, which can cause threads to hang indefinitely and degrade system performance under network issues or backend slowness. Add a reasonable timeout (e.g., 30 seconds) to the `requests.post` call to prevent resource exhaustion and improve reliability.
45-46: invoke constructs SQL queries by directly embedding user input (query) into the SQL string, allowing attackers to inject arbitrary SQL and access or modify sensitive data.

📊 Impact Scores:

Production Impact: 5/5

Fix Specificity: 2/5

Urgency Impact: 4/5

Total Score: 11/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/a2a/agent.py, lines 45-46, the `invoke` method constructs SQL queries by directly embedding user input, making it vulnerable to SQL injection. Refactor this code to use parameterized queries (if supported by the backend), passing user input as parameters instead of string interpolation. Ensure the query is safely constructed and executed.
mindsdb/api/a2a/task_manager.py (2)
186-223: TimeoutError and ConnectionError are not guaranteed to be raised by asyncio or agent streaming; if the agent uses asyncio.TimeoutError or custom exceptions, these blocks will not catch them, causing generic error handling and misleading error_type in responses.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/a2a/task_manager.py, lines 186-223, the code attempts to catch TimeoutError and ConnectionError, but these exceptions may not be raised by asyncio or the agent (e.g., asyncio.TimeoutError or OSError may be raised instead). Update the except blocks to also catch asyncio.TimeoutError for timeouts and OSError for connection errors, so that error_type and error messages are accurate and not misleading.
71-256: _stream_generator (lines 71-256) is a large, highly complex function with many branches and statements, making it difficult to maintain and optimize for performance as the codebase grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `_stream_generator` method in `mindsdb/api/a2a/task_manager.py` (lines 71-256). The function is overly large and complex, with many branches and statements, making it hard to maintain and optimize. Break it into smaller, well-named helper methods for each major logical branch (e.g., non-streaming response, streaming response, error handling). Ensure each helper is focused and testable, and the main generator function orchestrates the flow. This will improve maintainability and make future performance optimizations easier.
mindsdb/api/executor/command_executor.py (2)
1289-1291: answer_alter_database now always passes check_connection=True to update, which may break existing integrations that do not support connection checks, causing unexpected failures.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/executor/command_executor.py, lines 1289-1291, the code unconditionally sets check_connection=True when calling self.session.database_controller.update in answer_alter_database. This can cause failures for integrations that do not support connection checks. Change the call so that check_connection is only set to True if explicitly requested (e.g., via a statement attribute), otherwise default to False.
230-690: execute_command (lines 230-690) is a monolithic function with excessive branching and return statements, making it hard to maintain and optimize for performance as the codebase grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `execute_command` method in mindsdb/api/executor/command_executor.py (lines 230-690). The function is excessively large and complex, with over 100 branches and 70+ return statements, making it difficult to maintain and optimize. Break it into smaller, well-named handler methods for each statement type or logical group, and use a dispatch table or clear control flow to improve maintainability and future scalability. Ensure the refactor preserves all existing logic and behavior.
mindsdb/api/executor/planner/plan_join.py (2)
599-602: process_table disables join filter pushdown by commenting out get_filters_from_join_conditions, but does not update the docstring or warn users, potentially leading to inefficient queries and unexpected results for large cross-database joins.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/executor/planner/plan_join.py, in `process_table`, the filter pushdown optimization is disabled by commenting out the call to `get_filters_from_join_conditions`. Update the docstring and add a warning log or comment to inform users that for large cross-database joins, filter pushdown is disabled and they should use explicit WHERE clauses to avoid inefficient queries and unexpected results.
488-582: get_columns_for_table performs repeated traversal of the entire query AST for each table, causing O(n*m) complexity for n tables and m query nodes; this can severely degrade planning performance for large queries with many tables/columns.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Optimize the `get_columns_for_table` method in `mindsdb/api/executor/planner/plan_join.py` (lines 488-582). The current implementation traverses the query AST multiple times for each table, causing O(n*m) performance for n tables and m query nodes. Refactor it to traverse the AST only once, collect all column references, and then filter for the current table. This will significantly improve planning performance for large queries.
mindsdb/api/executor/utilities/sql.py (2)
276-281: sys_name is a string, so if table_name.lower() in sys_name matches any substring, causing unintended type conversion for unrelated tables.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/executor/utilities/sql.py, lines 276-281, the check `if table_name.lower() in sys_name` is incorrect because `sys_name` is a string, so this will match any substring and may cause type conversion on unrelated tables. Change the condition to `if table_name.lower() == sys_name` to ensure only exact table name matches trigger the conversion.
192-286: query_dfs function (lines 192-286) is overly complex (C901/PLR0915), making it hard to maintain and optimize for performance as the codebase grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/executor/utilities/sql.py, lines 192-286, the `query_dfs` function is overly complex (too many statements and high cyclomatic complexity). Refactor this function by breaking it into smaller, well-named helper functions for query adaptation, JSON conversion, and DataFrame type handling. This will significantly improve maintainability and make future performance optimizations easier.
mindsdb/api/http/namespaces/databases.py (2)
214-218: modify is called with check_connection=check_connection, but if check_connection is True and the connection fails, the error is only caught as a generic Exception, potentially masking specific connection errors and returning a generic error message.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 6/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/http/namespaces/databases.py, lines 214-218, the code only catches generic Exception when calling session.integration_controller.modify with check_connection. This can mask ImportError or other specific connection errors, resulting in less informative error messages. Please update the exception handling to explicitly catch ImportError and return a clear error message, similar to the pattern used elsewhere in the file.
260-262, 300-303, 319-322: datanode.get_tables() is called multiple times per request, causing repeated expensive I/O or DB calls for large databases.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 6/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/http/namespaces/databases.py, lines 260-262, 300-303, and 319-322, the code calls `datanode.get_tables()` multiple times in the same request, which can be expensive for large databases. Refactor to call `get_tables()` only once per request and reuse the result throughout the function.
mindsdb/api/http/namespaces/file.py (3)
205-210: The error message for a missing file field says 'The "field" field is missed in the form', which is misleading and should reference the 'file' field, potentially confusing API users and leading to incorrect error handling.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/http/namespaces/file.py, lines 205-210, the error message for a missing file field incorrectly says 'The "field" field is missed in the form'. Change it to 'The "file" field is missed in the form' to accurately reflect the missing field and avoid confusion.
43-245: put method in File class is excessively complex (100+ statements, 18 returns, 34 branches), making it very hard to maintain and error-prone as the codebase grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `put` method in the `File` class (mindsdb/api/http/namespaces/file.py, lines 43-245) to reduce its cyclomatic complexity and improve maintainability. The function currently has over 100 statements, 18 return statements, and 34 branches, making it very difficult to understand and maintain. Break the logic into smaller, well-named helper functions (e.g., for parsing input, validating parameters, handling file uploads, extracting archives, and error handling). Ensure the refactored code preserves all existing functionality and error handling.
197-203: No timeout is set for requests.get when downloading files, risking resource exhaustion and hanging requests under network issues or slow servers.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Add a reasonable timeout (e.g., 60 seconds) to the `requests.get` call in mindsdb/api/http/namespaces/file.py, lines 197-203, to prevent resource exhaustion and hanging requests when downloading files from URLs. Update the code to: `with requests.get(url, stream=True, timeout=60) as r:`.
mindsdb/api/http/namespaces/handlers.py (3)
231-238: EntityExistsError is now caught and returns HTTP 409, but other exceptions from execute_command (e.g., file errors, permission issues) will still cause a 500 error without a clear message to the client.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/http/namespaces/handlers.py, lines 231-238, the current code only handles EntityExistsError when executing command_executor.execute_command(ast_query), but other exceptions will cause a 500 error without a clear message. Please add a generic exception handler to catch all other exceptions, log them, and return an HTTP 500 error with the exception message to the client. Ensure the logger is used for exception details.
198-200: engine_versions = [int(x) for x in engine_storage.get_connection_args()["versions"].keys()] reads all version keys and converts to int, but if versions is large, this can cause memory and performance issues; only max is needed.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 6/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/http/namespaces/handlers.py, lines 198-200, the code reads all version keys and converts them to int, which can be inefficient if there are many versions. Refactor to avoid unnecessary list creation and only compute max if needed. Replace with a more memory-efficient approach that still returns both the list and the max value.
123-168: prepare_formdata() does not sanitize uploaded file content, allowing malicious code in code or modules fields to be written to disk and later executed, enabling remote code execution (RCE) via BYOM upload.

📊 Impact Scores:

Production Impact: 5/5

Fix Specificity: 2/5

Urgency Impact: 5/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/http/namespaces/handlers.py, lines 123-168, the `prepare_formdata()` function writes uploaded files directly to disk without sanitizing their content. This allows attackers to upload malicious Python code that could later be executed, leading to remote code execution (RCE). Add a check to reject files containing dangerous code patterns (e.g., 'import os', 'subprocess', 'eval(', 'exec(') before writing them to disk. Apply this check for both 'code' and 'modules' fields.
mindsdb/api/http/namespaces/sql.py (2)
153-163: ListDatabases.get performs N+1 queries: for each database, it executes a separate SHOW TABLES query, causing major performance degradation with many databases.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Optimize the N+1 query pattern in mindsdb/api/http/namespaces/sql.py, lines 153-163, in the ListDatabases.get method. Currently, for each database, a separate 'SHOW TABLES' query is executed, which causes major performance issues when there are many databases. Refactor this logic to fetch all tables for all databases in a single batch query or backend call, and restructure the response accordingly to avoid per-database queries.
36-128: Query.post is a large, complex function (53 statements, high cyclomatic complexity), making it hard to maintain and reason about, increasing risk of performance and logic errors.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the post method in mindsdb/api/http/namespaces/sql.py (lines 36-128) to reduce its complexity and improve maintainability. The function currently has over 50 statements and high cyclomatic complexity. Break it into smaller, well-named helper methods for error handling, profiling, and response formatting, ensuring each method has a single responsibility.
mindsdb/api/mysql/mysql_proxy/mysql_proxy.py (2)
626-770: handle method (lines 626-770) is extremely large and complex, with many branches and statements, making it difficult to maintain and optimize for performance as the codebase grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `handle` method in mindsdb/api/mysql/mysql_proxy/mysql_proxy.py (lines 626-770). The method is extremely large and complex, with many branches and statements, making it difficult to maintain and optimize for performance as the codebase grows. Break it into smaller, well-named helper methods for each command type and error handling, and reduce cyclomatic complexity to improve maintainability and future scalability.
644-651: cloud_connection path in handle() (lines 644-651) sets self.session.auth = True and self.session.username = 'cloud' without any authentication, allowing unauthenticated access to the MySQL proxy in cloud mode.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 3/5

Urgency Impact: 4/5

Total Score: 11/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/api/mysql/mysql_proxy/mysql_proxy.py, lines 644-651, the code sets self.session.auth = True and self.session.username = 'cloud' for cloud connections without any authentication, allowing unauthenticated access. Update this block to require authentication for cloud connections, returning an error packet and terminating the connection if authentication is not performed.
mindsdb/integrations/handlers/access_handler/access_handler.py (2)
79-80: AccessHandler.connect() does not handle the case where self.connection_data is None or missing 'db_file', causing a crash when attempting to connect.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/access_handler/access_handler.py, lines 79-80, the code assumes that self.connection_data and self.connection_data['db_file'] are always present. This will cause a crash if connection_data is None or missing 'db_file'. Add a check before connecting to raise a clear error if 'db_file' is missing.
120-151: native_query executes raw SQL queries from user input without sanitization, enabling SQL injection and unauthorized data access or modification.

📊 Impact Scores:

Production Impact: 5/5

Fix Specificity: 2/5

Urgency Impact: 4/5

Total Score: 11/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/access_handler/access_handler.py, lines 120-151, the `native_query` method executes raw SQL queries from user input without sanitization, allowing SQL injection. Restrict this method to only allow safe SELECT queries by checking if the query starts with 'SELECT' (case-insensitive), and reject all others with an error response. Do not execute non-SELECT queries. Apply this fix while preserving the rest of the method's logic.
mindsdb/integrations/handlers/bigcommerce_handler/__init__.py (1)
16-16: type variable assignment shadows the Python built-in type, which can cause unexpected runtime errors if the built-in is needed later in this module.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/bigcommerce_handler/__init__.py, line 16, the variable `type` is assigned, which shadows the Python built-in `type`. This can cause unexpected runtime errors if the built-in is needed later. Please rename this variable to `handler_type` throughout the file, and update any references in the `__all__` list and elsewhere as needed.
mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_api_client.py (4)
57-58: get_customers sets params["sort"] = sort_condition but sort_condition is a dict, not a string; this will cause API errors or ignored sorting.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 4/5

Urgency Impact: 3/5

Total Score: 10/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_api_client.py, lines 57-58, the code assigns `params["sort"] = sort_condition` in `get_customers`, but `sort_condition` is a dict, while the API expects a string. Change this so that if `sort_condition` is a dict, it extracts the string value for the `sort` key, otherwise uses the value directly.
217-229: _make_request_v3 does not respect the limit parameter and may fetch more records than requested, violating function contract.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 10/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_api_client.py, lines 217-229, the `_make_request_v3` method does not enforce the `limit` parameter and may return more records than requested. Update the loop to check `len(data) < request_limit` and return only up to `request_limit` items, slicing the result as needed.
7-7: DEFAULT_LIMIT = 999999999 causes all data to be fetched from the API by default, leading to massive memory and network usage for large datasets.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_api_client.py, line 7, the `DEFAULT_LIMIT` is set to 999999999, which can cause the client to fetch all available data from the API by default, resulting in excessive memory and network usage. Change this to a reasonable default, such as the API's documented maximum page size (e.g., 250), to prevent unbounded data retrieval.
237-237: _make_request raises a generic Exception with the full HTTP response text, which may leak sensitive data from upstream services or credentials in error messages.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_api_client.py, line 237, the code raises a generic Exception with the full HTTP response text, which may leak sensitive data in error messages. Replace it with an error message that only includes the status code, not the full response text.
mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_handler.py (1)
98-98: response.error_message = e assigns an Exception object instead of a string, which may cause serialization or display issues in consumers expecting a string error message.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 10/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_handler.py, line 98, the code assigns the Exception object directly to `response.error_message`, which may cause issues if consumers expect a string. Change `response.error_message = e` to `response.error_message = str(e)`.
mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_tables.py (3)
67-74: _make_sort_condition_v3 only applies sorting if len(sort) > 1, so single-column sorts are ignored, causing user-specified sorts to be silently dropped.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 11/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_tables.py, lines 67-74, the function `_make_sort_condition_v3` only applies sorting if `len(sort) > 1`, which ignores single-column sorts. Change the condition to `len(sort) >= 1` so that single-column sorts are correctly handled and not silently dropped.
868-869: In BigCommerceCustomersTable.list, if the result DataFrame is empty, adding result["name"] = result["first_name"] + " " + result["last_name"] will raise a KeyError.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_tables.py, lines 868-869, the code adds a 'name' column by combining 'first_name' and 'last_name'. If the DataFrame is empty or missing these columns, this will raise a KeyError. Add a check to ensure both columns exist before performing the operation.
25-36,139-148,671-680,681-682,856-857,964-965,1052-1053,1131-1132,1216-1217,1284-1285,1364-1365: _make_filter and all list methods use filter as a variable name, shadowing the Python built-in and risking subtle bugs and maintainability issues in a large codebase.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/bigcommerce_handler/bigcommerce_tables.py, lines 25-36,139-148,671-680,681-682,856-857,964-965,1052-1053,1131-1132,1216-1217,1284-1285,1364-1365, the variable name `filter` is used repeatedly, shadowing the Python built-in. This can cause subtle bugs and maintainability issues, especially in a large codebase. Please rename all instances of the `filter` variable (including in function signatures and all usages) to `filter_dict` throughout the file, ensuring all references are updated accordingly.
mindsdb/integrations/handlers/bigcommerce_handler/connection_args.py (1)
23-25: connection_args_example contains a hardcoded example access token (access_token), which may be interpreted as a real credential and could lead to accidental credential leakage or misuse if not clearly marked as a placeholder.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 10/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/bigcommerce_handler/connection_args.py, lines 23-25, replace the hardcoded example access token value in `connection_args_example` with a clear placeholder (e.g., '<YOUR_ACCESS_TOKEN>') to prevent accidental credential leakage or misuse. Only change the value, not the structure.
mindsdb/integrations/handlers/file_handler/file_handler.py (2)
163-163: query method raises an unhandled RuntimeError if no tables are found in a SELECT, causing a crash instead of returning a proper error response.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/file_handler/file_handler.py, lines 163-163, the code raises a RuntimeError if no tables are found in a SELECT query, which can crash the system. Change this to return a Response with RESPONSE_TYPE.ERROR and an appropriate error_message instead of raising an exception.
76-189: query method (lines 76-189) is a large, complex function with many branches and return statements, making it difficult to maintain and extend as new query types or logic are added.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `query` method in mindsdb/integrations/handlers/file_handler/file_handler.py (lines 76-189). The function is too large and complex, with many branches and return statements, making it hard to maintain and extend. Break it into smaller, well-named helper methods for each query type (e.g., `_handle_drop_tables`, `_handle_create_table`, `_handle_select`, `_handle_insert`). Ensure the main `query` method delegates to these helpers based on the query type, reducing cyclomatic complexity and improving maintainability.
mindsdb/integrations/handlers/gong_handler/__init__.py (1)
16-16: type variable shadows Python built-in, which can cause major maintainability issues and subtle bugs in large codebases.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/gong_handler/__init__.py, line 16, the variable `type` is used, which shadows the Python built-in `type`. This can cause significant maintainability issues and subtle bugs. Please rename this variable to `handler_type` throughout the file, and update all references accordingly.
mindsdb/integrations/handlers/gong_handler/constants.py (1)
6-49: get_gong_api_info returns a large multi-line string every call, but this is a static docstring and could be cached to avoid repeated string formatting overhead in high-frequency usage.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Optimize the `get_gong_api_info` function in mindsdb/integrations/handlers/gong_handler/constants.py (lines 6-49) by adding an LRU cache (e.g., using functools.lru_cache) to avoid repeated string formatting for this large static docstring, which is only parameterized by handler_name. This will reduce CPU and memory overhead in high-frequency usage scenarios. Ensure the function signature and formatting remain unchanged except for the cache decorator and necessary import.
mindsdb/integrations/handlers/gong_handler/gong_handler.py (4)
177-178: call_gong_api does not handle non-2xx HTTP responses, so if the Gong API returns an error (e.g., 404, 500), response.raise_for_status() will raise and the exception is not caught, causing the handler to crash instead of returning a proper error response.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 4/5

Urgency Impact: 3/5

Total Score: 11/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/gong_handler/gong_handler.py, lines 177-178, the `call_gong_api` method does not handle HTTP errors from the Gong API, so exceptions from `response.raise_for_status()` will crash the handler. Wrap `response.raise_for_status()` in a try/except block, log the error, and re-raise or handle as appropriate to prevent unhandled exceptions.
127-128: check_connection uses a GET request without a timeout, which can cause the process to hang indefinitely if the Gong API is unresponsive.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/gong_handler/gong_handler.py, lines 127-128, the `check_connection` method makes a GET request to the Gong API without specifying a timeout. Add `timeout=self.timeout` to the request to prevent the process from hanging indefinitely if the API is unresponsive.
255-258: meta_get_columns and meta_get_foreign_keys use nested for-loops with next(... for ...) to search for column metadata, resulting in O(n*m) time for large schemas; this can cause significant slowdowns as table/column counts grow.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Optimize the nested search in `meta_get_columns` in mindsdb/integrations/handlers/gong_handler/gong_handler.py (lines 255-258). Replace the `next(... for ...)` pattern with a precomputed dictionary lookup to reduce time complexity from O(n*m) to O(n). This will significantly improve performance for tables with many columns.
208-208,243-243,300-300,329-329: meta_get_columns, meta_get_primary_keys, and meta_get_foreign_keys use for table_name in self._tables.keys(): instead of iterating directly over the dict, causing unnecessary method calls and minor overhead in large handler registries.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 5/5

Urgency Impact: 1/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor all occurrences of `for table_name in self._tables.keys():` to `for table_name in self._tables:` in mindsdb/integrations/handlers/gong_handler/gong_handler.py (lines 208, 243, 300, 329). This reduces unnecessary method calls and improves iteration efficiency, especially as the number of registered tables grows.
mindsdb/integrations/handlers/gong_handler/gong_tables.py (2)
79-175: paginate_api_call fetches all items into memory and deduplicates using stringified dicts, causing high memory/CPU usage and O(n²) time for large datasets.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Optimize the `paginate_api_call` function in mindsdb/integrations/handlers/gong_handler/gong_tables.py (lines 79-175). The current implementation deduplicates items by stringifying dicts and storing all seen items in a set, causing O(n²) time and high memory usage for large datasets. Refactor to remove unnecessary deduplication and use simple list extension, limiting to the requested number of items. Ensure the function remains functionally equivalent and preserves pagination logic.
180-603: Major code duplication: nearly identical pagination and API result processing logic is repeated in all Gong*Table classes, increasing maintenance burden.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor mindsdb/integrations/handlers/gong_handler/gong_tables.py (lines 180-603) to eliminate major code duplication. The GongCallsTable, GongUsersTable, GongAnalyticsTable, and GongTranscriptsTable classes all implement nearly identical pagination and API result processing logic. Extract common logic into shared utility functions or a base class to improve maintainability and reduce future bugs.
mindsdb/integrations/handlers/groq_handler/groq_handler.py (1)
112-126: predict method calls _get_supported_models and builds self.chat_completion_models on every prediction, causing repeated network requests and unnecessary recomputation for each batch, which will significantly degrade performance at scale.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/groq_handler/groq_handler.py, lines 112-126, the `predict` method fetches supported models and rebuilds `self.chat_completion_models` on every call, causing repeated network requests and unnecessary recomputation. Refactor so that supported models are fetched and `self.chat_completion_models` is built only once per handler instance (e.g., cache the result as an instance attribute).
mindsdb/integrations/handlers/hubspot_handler/__about__.py (1)
9-9: __copyright__ year is set to 2025, which is in the future and may cause legal or compliance issues if released before that year.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 6/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/hubspot_handler/__about__.py, line 9, the __copyright__ variable is set to 2025, which is a future year and may cause legal or compliance issues if the code is released before then. Change line 9 to: __copyright__ = "Copyright 2023 - mindsdb".
mindsdb/integrations/handlers/hubspot_handler/__init__.py (1)
17-17: type variable assignment on line 17 shadows the Python built-in type, which can cause unexpected runtime errors if type is used later as a function.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/hubspot_handler/__init__.py, line 17, the variable `type` is assigned, which shadows the Python built-in `type` and can cause runtime errors. Please rename this variable to `handler_type` throughout the file and update all references accordingly.
mindsdb/integrations/handlers/hubspot_handler/connection_args.py (1)
27-29: connection_args_example exposes hardcoded example secrets (access_token, client_secret) as plain strings, which may be accidentally used in production or logged, risking credential leakage.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/hubspot_handler/connection_args.py, lines 27-29, replace the hardcoded example secrets in `connection_args_example` with placeholder values (e.g., '<ACCESS_TOKEN>') to prevent accidental use or leakage of sensitive credentials.
mindsdb/integrations/handlers/hubspot_handler/hubspot_handler.py (3)
801-826: _calculate_column_statistics does not compute min_value and max_value for numeric columns, so statistics like minimum and maximum are always None, leading to incomplete/correctness-broken statistics in meta_get_column_statistics.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 10/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/hubspot_handler/hubspot_handler.py, lines 801-826, the function `_calculate_column_statistics` does not compute `min_value` and `max_value` for numeric columns, so statistics are incomplete and always `None`. Update the function so that for numeric columns, `min_value` and `max_value` are computed using pandas, and for non-numeric columns, use Python's min/max on the non-null values. Preserve the original formatting.
477-596,597-695: meta_get_column_statistics and _discover_columns are excessively complex (too many branches/statements), making them hard to maintain and optimize, which impacts long-term scalability and performance tuning.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the functions `meta_get_column_statistics` (lines 477-596) and `_discover_columns` (lines 597-695) in mindsdb/integrations/handlers/hubspot_handler/hubspot_handler.py to reduce cyclomatic complexity and the number of branches/statements. Break them into smaller, focused helper functions to improve maintainability and enable future performance optimizations. This will make the codebase more scalable and easier to optimize for large datasets.
320-324,506-510,620-624: Repeated calls to list(self.connection.crm.<table>.get_all(limit=N)) in multiple methods cause redundant API requests, leading to unnecessary network overhead and slower performance for large or repeated metadata queries.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Extract repeated API calls to `list(self.connection.crm.<table>.get_all(limit=N))` in mindsdb/integrations/handlers/hubspot_handler/hubspot_handler.py (lines 320-324, 506-510, 620-624) into a single helper method (e.g., `_get_sample_data`). Use this method and cache the result within each request to avoid redundant network calls, reducing API overhead and improving performance for large or repeated metadata queries.
mindsdb/integrations/handlers/hubspot_handler/hubspot_tables.py (2)
155-158: get_companies maps the 'domain' field to company.properties.get('company', None), but the correct HubSpot property for domain is likely 'domain', causing all company domains to be missing or incorrect.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/hubspot_handler/hubspot_tables.py, lines 155-158, the 'domain' field in the company dictionary is incorrectly mapped to company.properties.get('company', None). It should map to company.properties.get('domain', None) to correctly retrieve the company's domain. Please update this mapping accordingly.
54-59, 110-115, 138-143, 234-239, 290-295, 318-323, 412-417, 468-473, 497-502: get_companies, get_contacts, and get_deals fetch all records into memory and then filter in pandas, causing O(n) memory/CPU usage and slowdowns for large datasets; this does not scale and can cause timeouts or crashes.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 3/5

Urgency Impact: 3/5

Total Score: 10/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/hubspot_handler/hubspot_tables.py, lines 54-59, 110-115, 138-143, 234-239, 290-295, 318-323, 412-417, 468-473, and 497-502, the code fetches all records from HubSpot into memory and then filters them in pandas, which is highly inefficient and does not scale for large datasets. Refactor the select, update, and delete methods for CompaniesTable, ContactsTable, and DealsTable to push filtering, ordering, and limiting down to the HubSpot API level wherever possible, so only relevant records are fetched and processed. This will reduce memory/CPU usage and improve performance for large datasets.
mindsdb/integrations/handlers/jira_handler/jira_handler.py (2)
91-93: self.connection is not reset to None if connection fails, so subsequent calls may use a stale/invalid connection object.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/jira_handler/jira_handler.py, lines 91-93: If an exception occurs during Jira connection, the handler does not reset `self.connection` or `self.is_connected`, which can cause future calls to use a stale or invalid connection object. Please update the exception handler to set `self.connection = None` and `self.is_connected = False` before logging and re-raising the exception.
129-142: query parameter in native_query is passed directly to connection.jql(query) without sanitization, allowing attackers to inject arbitrary JQL and potentially exfiltrate sensitive Jira data.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 4/5

Urgency Impact: 4/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/jira_handler/jira_handler.py, lines 129-142, the `native_query` method passes the `query` parameter directly to `connection.jql(query)` without validation, allowing JQL injection and potential data exfiltration. Add input validation to only allow safe characters (alphanumeric, space, and basic JQL operators) before executing the query. If invalid, return an error response. Do not change the function signature or output format.
mindsdb/integrations/handlers/jira_handler/jira_tables.py (2)
93-97: The JiraIssuesTable.list method fetches all issues for every project sequentially, which can cause severe performance degradation for large Jira instances due to repeated API calls and lack of batching or parallelization.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 3/5

Urgency Impact: 3/5

Total Score: 10/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/jira_handler/jira_tables.py, lines 93-97, the JiraIssuesTable.list method fetches all issues for every project sequentially, which is highly inefficient for large Jira instances. Refactor this block to fetch issues for all projects in parallel using ThreadPoolExecutor (with a reasonable max_workers, e.g., 8). Aggregate the results into the issues list. Ensure the code preserves the original logic and handles the limit parameter correctly.
120-137: The normalize method in JiraIssuesTable uses pd.json_normalize and then reindexes columns, but if the input data is large, this can be memory-inefficient; repeated DataFrame creation and reindexing can cause high memory usage.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/jira_handler/jira_tables.py, lines 120-137, the normalize method in JiraIssuesTable uses pd.json_normalize and then reindexes columns, which can be memory-inefficient for large datasets. Refactor this method to use a generator that yields rows as dictionaries, and construct the DataFrame from this generator to reduce memory usage. Ensure the output DataFrame has the same columns as before.
mindsdb/integrations/handlers/mssql_handler/__init__.py (1)
17-17: type is assigned as a module-level variable, shadowing the Python built-in type, which can cause unexpected runtime errors if the built-in is needed elsewhere in the module.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/mssql_handler/__init__.py, line 17, the variable `type` is assigned at the module level, which shadows the Python built-in `type` and can cause runtime errors. Please rename this variable to `handler_type` throughout the file to avoid shadowing and ensure correct behavior.
mindsdb/integrations/handlers/mssql_handler/connection_args.py (1)
53-53: connection_args_example omits the server argument, which is present in connection_args and may be required for some SQL Server configurations; this can cause connection failures if server is needed but not provided in the example.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/mssql_handler/connection_args.py, line 53, the example connection_args is missing the 'server' argument, which is defined in the main connection_args and may be required for some SQL Server setups. Please add 'server=""' to the example so all possible arguments are represented.
mindsdb/integrations/handlers/mssql_handler/mssql_handler.py (4)
61-154: _make_table_response is a large, complex function (22 branches, 61 statements) that is difficult to maintain and optimize, increasing risk of performance and maintainability issues as data and logic grow.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the function `_make_table_response` in `mindsdb/integrations/handlers/mssql_handler/mssql_handler.py` (lines 61-154) to reduce complexity and improve maintainability. Extract the MySQL type inference logic into a separate helper function (e.g., `_infer_mysql_types`). Ensure the refactored code preserves all original logic and formatting, and that the main function is significantly shorter and easier to maintain.
459-482: table_name is interpolated directly into SQL in get_columns, allowing SQL injection if untrusted input is passed.

📊 Impact Scores:

Production Impact: 5/5

Fix Specificity: 3/5

Urgency Impact: 4/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/mssql_handler/mssql_handler.py, lines 459-482, the `get_columns` method constructs a SQL query by directly interpolating `table_name`, which allows SQL injection if untrusted input is passed. Refactor this code to use parameterized queries instead of string interpolation for `table_name` (and `self.schema` if present). Ensure the query is constructed with placeholders and parameters are passed safely to the database driver.
654-673: Direct string interpolation of table names in meta_get_primary_keys enables SQL injection if table_names contains untrusted input.

📊 Impact Scores:

Production Impact: 5/5

Fix Specificity: 3/5

Urgency Impact: 4/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/mssql_handler/mssql_handler.py, lines 654-673, the `meta_get_primary_keys` method constructs a SQL query by directly interpolating table names from `table_names`, which allows SQL injection if untrusted input is passed. Refactor this code to use parameterized queries for all user-supplied values, including `table_names` and `self.schema`. Use placeholders and pass parameters to the database driver safely.
690-712: Direct string interpolation of table names in meta_get_foreign_keys enables SQL injection if table_names contains untrusted input.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 4/5

Urgency Impact: 4/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/mssql_handler/mssql_handler.py, lines 690-712, the `meta_get_foreign_keys` method constructs a SQL query by directly interpolating table names from `table_names`, which allows SQL injection if untrusted input is passed. Refactor this code to use parameterized queries for all user-supplied values, including `table_names` and `self.schema`. Use placeholders and pass parameters to the database driver safely.
mindsdb/integrations/handlers/mysql_handler/__init__.py (1)
16-16: type variable assignment on line 16 shadows the Python built-in type, which can cause unexpected runtime errors if the built-in is needed later in this module or by imported code.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/mysql_handler/__init__.py, line 16, the variable `type` is assigned, which shadows the Python built-in `type`. This can cause unexpected runtime errors if the built-in is needed. Please rename this variable to `handler_type` throughout the file, and update all references in the `__all__` list and elsewhere as needed.
mindsdb/integrations/handlers/mysql_handler/mysql_handler.py (3)
204-207: disconnect does not set self.connection to None after closing, which can cause is_connected to return True on a closed connection and lead to runtime errors.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 10/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/mysql_handler/mysql_handler.py, lines 204-207, the `disconnect` method does not set `self.connection` to `None` after closing the connection. This can cause `is_connected` to return True even after the connection is closed, leading to runtime errors. Please update the method to set `self.connection = None` after closing.
87-102: _make_table_response builds a new pandas Series for each column and row, resulting in O(n*m) operations and high memory usage for large result sets.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Optimize the construction of the DataFrame in mindsdb/integrations/handlers/mysql_handler/mysql_handler.py, lines 87-102. The current code builds a new pandas Series for each column and row, which is O(n*m) and causes high memory usage for large result sets. Refactor to build the DataFrame in a single step from the result list, then cast columns as needed. Replace the loop over columns/rows with a single DataFrame construction and column-wise type casting.
298-316: get_columns constructs SQL with direct string interpolation of table_name, allowing SQL injection if untrusted input is passed.

📊 Impact Scores:

Production Impact: 5/5

Fix Specificity: 3/5

Urgency Impact: 4/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/mysql_handler/mysql_handler.py, lines 298-316, the `get_columns` method constructs a SQL query using direct string interpolation of `table_name`, which is vulnerable to SQL injection. Refactor this code to use parameterized queries instead of f-strings. Replace the query construction with a parameterized version and pass `table_name` as a parameter to the query execution.
mindsdb/integrations/handlers/mysql_handler/settings.py (3)
91-95: check_db_params overwrites explicitly provided parameters with values parsed from the URL, causing user-supplied values to be ignored if both are present.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/mysql_handler/settings.py, lines 91-95, the code assigns URL-parsed values to connection parameters, overwriting any explicitly provided values. Update the assignments so that if a parameter is explicitly provided (host, user, password, database), it takes precedence over the value parsed from the URL. Only use the URL value if the explicit parameter is None. Please fix this logic.
62-120: check_db_params is a large, complex function with many branches, making it difficult to maintain and error-prone as validation logic grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the function `check_db_params` in mindsdb/integrations/handlers/mysql_handler/settings.py (lines 62-120). The function is too large and complex, with many branches, making it hard to maintain. Split the logic into smaller helper methods for URL parsing/validation and individual parameter validation, and update `check_db_params` to delegate to these helpers. Preserve all validation logic and error messages.
10-121: password and other sensitive connection parameters are not protected from accidental logging or error exposure, risking credential leakage if exceptions or logs include full config values.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 2/5

Urgency Impact: 3/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/mysql_handler/settings.py, lines 10-121, the ConnectionConfig class does not protect sensitive fields like `password` from being exposed in logs, exceptions, or string representations. Update the Pydantic model configuration to ensure that `password` and other sensitive fields are masked in __repr__, __str__, and error messages. Use Pydantic's config options or custom __repr__ to prevent accidental credential leakage.
mindsdb/integrations/handlers/openai_handler/helpers.py (2)
195-196: get_available_models will raise AttributeError if client.base_url is a string, as netloc is only valid for urllib.parse.ParseResult objects.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/openai_handler/helpers.py, lines 195-196, the code assumes `client.base_url` has a `netloc` attribute, but this may not be true if it's a string, causing an AttributeError. Update the check to use `hasattr(client.base_url, "netloc")` before accessing `netloc`.
77-104: try-except inside the main retry loop in retry_with_exponential_backoff (lines 77-104) incurs significant Python interpreter overhead on every iteration, especially for high-frequency or long-running retry scenarios.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 1/5

Total Score: 6/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the retry loop in mindsdb/integrations/handlers/openai_handler/helpers.py, lines 77-104. The current implementation uses a `while True` loop with a `try`-`except` block inside, which incurs significant interpreter overhead for high-frequency retries. Replace it with a `for` loop over the retry count, moving the `try`-`except` outside the main loop to reduce overhead. Ensure the retry logic and exception handling remain functionally equivalent.
mindsdb/integrations/handlers/openai_handler/openai_handler.py (3)
263-463: predict and _completion methods are excessively large and complex (over 90 and 130 statements respectively), making them hard to maintain and optimize, and increasing risk of performance regressions.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `predict` (lines 263-463) and `_completion` methods in mindsdb/integrations/handlers/openai_handler/openai_handler.py to reduce their size and cyclomatic complexity. Break them into smaller, well-named helper functions for each major logical branch (e.g., prompt preparation, mode dispatch, result post-processing). This will improve maintainability and make future performance optimizations safer and easier.
388-460: Multiple for-loops and try/excepts inside prompt and result post-processing (e.g., lines 388-460) cause significant overhead for large DataFrames, especially with per-row exception handling.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Optimize the prompt and result post-processing in mindsdb/integrations/handlers/openai_handler/openai_handler.py (lines 388-460). Replace per-row for-loops and try/except blocks with vectorized pandas operations or batch processing where possible. Avoid exception handling inside tight loops to reduce overhead on large DataFrames.
821-841: The _completion method's parallel execution (lines 821-841) uses ThreadPoolExecutor but does not limit concurrency or handle API rate limits robustly, risking resource contention and degraded throughput under high load.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/handlers/openai_handler/openai_handler.py, lines 821-841, improve the parallel batch execution in `_completion` by limiting the number of concurrent threads to match the OpenAI API's rate limits and available system resources. Add robust error handling and backoff for rate limit errors to prevent resource contention and maximize throughput.
mindsdb/integrations/utilities/rag/rerankers/base_reranker.py (2)
546-611: ListwiseLLMReranker._extract_scores may assign fallback scores to documents not present in the LLM's output, causing incorrect ranking if the LLM omits or misindexes documents.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 5/5

Urgency Impact: 3/5

Total Score: 11/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/utilities/rag/rerankers/base_reranker.py, lines 546-611, the ListwiseLLMReranker._extract_scores method assigns fallback scores to documents missing from the LLM's output by incrementing next_rank, which can result in non-deterministic or inflated scores for omitted documents. Change the fallback assignment so that any missing document always receives the lowest fallback score (i.e., fallback_scores[-1]) instead of incrementing next_rank. This ensures missing documents are always ranked lowest.
488-500: ListwiseLLMReranker._rank_single_batch retries the entire LLM call on any exception, which can cause substantial delays and resource waste for large batches or transient errors.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/integrations/utilities/rag/rerankers/base_reranker.py, lines 488-500, the current retry logic in `ListwiseLLMReranker._rank_single_batch` retries the entire batch on any exception, which can cause major delays and resource waste for large batches or transient LLM errors. Refactor this block so that if a batch rerank fails, it falls back to pointwise reranking for each document in the batch, instead of retrying the whole batch. Only retry the batch if it contains a single document. Ensure the fallback preserves the original code's formatting and error handling.
mindsdb/integrations/utilities/rag/settings.py (1)
0707-0727: The RerankerConfig class has a high number of configuration fields (17+), making it difficult to maintain and error-prone as requirements evolve.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 2/5

Urgency Impact: 2/5

Total Score: 6/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `RerankerConfig` class in mindsdb/integrations/utilities/rag/settings.py (lines 707-727) to reduce the number of top-level fields. Group related configuration options into nested dictionaries or sub-models (e.g., performance, scoring) to improve maintainability and clarity. Ensure all existing configuration options are preserved and accessible.
mindsdb/interfaces/database/database.py (2)
171-173: If self.integration_controller.modify raises an exception, the raised Exception does not preserve the original traceback, making debugging difficult.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/interfaces/database/database.py, lines 171-173, when catching exceptions from `self.integration_controller.modify`, the code raises a new Exception without using `from e`, which loses the original traceback. Update the exception raising to `raise Exception(...) from e` to preserve the original exception context.
64-89: get_list builds the result list using repeated append in a loop, which is inefficient for large numbers of projects/integrations and can be replaced with list comprehensions and extend for better performance.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/interfaces/database/database.py, lines 64-89, the `get_list` method uses repeated `append` calls in loops to build the `result` list, which is inefficient for large datasets. Refactor these loops to use list comprehensions and `extend` to improve performance and scalability. Replace the two for-loops with `result.extend([...])` using comprehensions as shown in the suggestion.
mindsdb/interfaces/database/integrations.py (6)
118-177: The delete method (lines 118-177) is highly complex, with many branches and checks, making it difficult to maintain and error-prone as the system scales.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `delete` method in mindsdb/interfaces/database/integrations.py (lines 118-177) to reduce cyclomatic complexity and improve maintainability. Break out major logical sections (system/permanent/demo checks, model/KBase/predictor checks, unlinking, and deletion) into well-named helper methods. Ensure the main method is easy to follow and each helper encapsulates a single responsibility.
177-254: The _get_integration_record_data method (lines 177-254) is overly complex with many branches, making it hard to maintain and optimize as new integration types or secrets handling are added.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `_get_integration_record_data` method in mindsdb/interfaces/database/integrations.py (lines 177-254) to reduce complexity and improve maintainability. Extract secret-masking logic, handler type branching, and legacy code into separate helper functions. Ensure the main method is concise and each helper is responsible for a single aspect of the data transformation.
524-582: The _get_handler_meta method (lines 524-582) is too complex, with many branches and responsibilities, making it hard to extend and optimize for new handler types or metadata fields.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `_get_handler_meta` method in mindsdb/interfaces/database/integrations.py (lines 524-582) to reduce cyclomatic complexity and improve maintainability. Extract import error handling, handler type/class type detection, and connection_args patching into separate helper functions. Ensure the main method is straightforward and each helper encapsulates a single responsibility.
643-681: The _get_connection_args method (lines 643-681) is too complex, with multiple nested loops and conditionals, making it hard to maintain and optimize for new argument types.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `_get_connection_args` method in mindsdb/interfaces/database/integrations.py (lines 643-681) to reduce complexity and improve maintainability. Extract the logic for parsing assignment nodes, keyword arguments, and dictionary values into separate helper functions. Ensure the main method is concise and each helper is responsible for a single parsing step.
718-762: The _get_handler_info method (lines 718-762) is too complex, with multiple responsibilities (AST parsing, type detection, connection args extraction), making it hard to maintain and extend.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `_get_handler_info` method in mindsdb/interfaces/database/integrations.py (lines 718-762) to reduce complexity and improve maintainability. Extract AST assignment parsing, handler type/class type detection, and connection argument extraction into separate helper functions. Ensure the main method is concise and each helper is responsible for a single aspect of handler info extraction.
93-117: modify method does not validate or sanitize the data dict, allowing malicious or unexpected keys/values to be written to the integration record, potentially leading to privilege escalation or injection if consumed unsafely elsewhere.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 4/5

Urgency Impact: 4/5

Total Score: 12/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/interfaces/database/integrations.py, lines 93-117, the `modify` method does not validate or sanitize the `data` dict, allowing arbitrary keys/values to be written to the integration record. This could lead to privilege escalation or injection if these values are used unsafely elsewhere. Update the method to only allow keys present in the original data or in the handler's connection_args, and filter out any unexpected keys before saving to the database.
mindsdb/interfaces/file/file_controller.py (2)
36-39: get_files_names returns duplicate file names if multiple files with the same name exist for a company, leading to incorrect results.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 10/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/interfaces/file/file_controller.py, lines 36-39, the `get_files_names` method may return duplicate file names if the database contains multiple records with the same name for a company. Update the code to ensure the returned list contains only unique file names (case-insensitive if `lower=True`).
82-84: save_file calls get_files() and then iterates all file metadata to check for name collisions, causing O(n) scan on every save; this does not scale for large file sets.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 5/5

Urgency Impact: 2/5

Total Score: 10/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In `mindsdb/interfaces/file/file_controller.py`, lines 82-84, the `save_file` method checks for file name collisions by loading all files and iterating through them, which is inefficient for large datasets. Refactor this to perform a direct database query for the file name and company_id, returning early if a match is found. This will reduce the operation from O(n) to O(1) and improve scalability.
mindsdb/interfaces/knowledge_base/controller.py (2)
115-146: get_reranking_model_from_params does not validate that required fields (like model or model_name) are present, which can cause runtime exceptions when instantiating reranker classes.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/interfaces/knowledge_base/controller.py, lines 115-146, the function `get_reranking_model_from_params` does not validate that the required 'model' (or 'model_name') field is present in the input dict, which can cause runtime errors when instantiating reranker classes. Please add a check to ensure that 'model' (or 'model_name') is present and non-empty, and raise a clear ValueError if not. Insert this check after handling the model_name/model alias logic and before instantiating the RerankerConfig.
278-457: select method (lines 278-457) is excessively large and complex, making it hard to maintain and optimize, and increases risk of performance regressions as logic grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `select` method in mindsdb/interfaces/knowledge_base/controller.py (lines 278-457). The function is excessively large and complex, making it difficult to maintain and optimize. Break it into smaller, well-named helper methods for each major logical block (e.g., query parsing, hybrid search, reranking, result post-processing). Ensure the refactor preserves all existing logic and performance characteristics.
mindsdb/interfaces/knowledge_base/executor.py (2)
170-182: call_kb rewrites condition.args[0] in-place, which mutates the AST and can cause incorrect query behavior if the same AST is reused elsewhere.

📊 Impact Scores:

Production Impact: 4/5

Fix Specificity: 2/5

Urgency Impact: 3/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/interfaces/knowledge_base/executor.py, lines 170-182, the code mutates the AST in-place by assigning to condition.args[0], which can cause incorrect query behavior if the same AST is reused elsewhere. Refactor this block so that instead of mutating the original AST, it creates a deep copy of the condition, updates the copy, and uses that for further processing.
298-370: execute_blocks (lines 298-370) is a large, highly complex function with deep nesting and many branches, making it difficult to maintain and optimize for performance as logic grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `execute_blocks` method in mindsdb/interfaces/knowledge_base/executor.py (lines 298-370). The function is overly large and complex, with deep nesting and many branches, making it difficult to maintain and optimize. Break it into smaller, well-named helper methods for each logical block (e.g., AND/OR handling, content/other filter separation, exclusion/inclusion logic) to improve maintainability and enable future performance optimizations.
mindsdb/interfaces/storage/db.py (1)
72-95: serializable_insert uses a while loop with up to 100 retries and locks the entire PREDICTOR table, which can cause severe contention and degrade performance under concurrent inserts.

📊 Impact Scores:

Production Impact: 3/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 9/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/interfaces/storage/db.py lines 72-95, refactor `serializable_insert` to avoid an unbounded while loop and excessive table locking. Use a for-loop with a reduced retry count (e.g., 3), ensure each attempt uses a new session (via `get_session()`), and always close the session. This will reduce contention and improve performance under concurrent inserts.
mindsdb/utilities/config.py (1)
223-377: prepare_env_config is a very large, complex function (81 statements, 32 branches) that is difficult to maintain and reason about, increasing risk of performance and maintainability issues as config logic grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the function `prepare_env_config` in mindsdb/utilities/config.py (lines 223-377). The function is too large and complex (81 statements, 32 branches), making it hard to maintain and reason about. Break it into smaller helper methods for each logical section (storage paths, permanent storage, ML queue, auth, logging, misc env vars, reranker config, GUI config). Replace the main function body with calls to these helpers. Ensure all logic is preserved and the code remains functionally equivalent.
mindsdb/utilities/functions.py (1)
38-38: cast_row_types uses [x for x in row.keys() if x in field_types], which is O(n) per key and inefficient for large dicts; use direct iteration over row for O(1) lookups.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 5/5

Urgency Impact: 1/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/utilities/functions.py, line 38, the code uses `[x for x in row.keys() if x in field_types]` in `cast_row_types`, which is inefficient for large dicts because `row.keys()` is unnecessary and iterating over `row` is faster. Change it to `[x for x in row if x in field_types]` for better performance.
mindsdb/utilities/log.py (1)
461-475: try-except inside a loop in resources_log_thread (lines 461-475) can cause significant performance degradation if many child processes are inaccessible, as exception handling is expensive in tight loops.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 3/5

Urgency Impact: 2/5

Total Score: 7/15

🤖 AI Agent Prompt (Copy & Paste Ready):
In mindsdb/utilities/log.py, lines 461-475, the `resources_log_thread` function uses a `try`-`except` block inside a loop over child processes, which can cause significant performance degradation if many processes are inaccessible, due to the high cost of exception handling in tight loops. Refactor this loop to pre-check if the process is running (e.g., with `child.is_running()`) before entering the try block, to minimize exception frequency and improve performance.
mindsdb/utilities/render/sqlalchemy_render.py (2)
180-411: to_expression function is extremely large and complex (over 170 statements, 67 branches), making it difficult to maintain and optimize, which can lead to performance and scalability issues as the codebase grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `to_expression` method in mindsdb/utilities/render/sqlalchemy_render.py (lines 180-411). The function is excessively large and complex, with over 170 statements and 67 branches, making it hard to maintain and optimize. Break it into smaller, well-named helper methods for each major AST node type (e.g., handle_constant, handle_identifier, handle_function, etc.), and delegate logic accordingly. Ensure the refactor preserves all existing logic and functional behavior.
523-659: prepare_select is a very large, complex function (over 90 statements, 40 branches), making it hard to maintain and optimize for performance as query logic grows.

📊 Impact Scores:

Production Impact: 2/5

Fix Specificity: 4/5

Urgency Impact: 2/5

Total Score: 8/15

🤖 AI Agent Prompt (Copy & Paste Ready):
Refactor the `prepare_select` method in mindsdb/utilities/render/sqlalchemy_render.py (lines 523-659). The function is very large and complex, with over 90 statements and 40 branches, making it difficult to maintain and optimize. Break it into smaller, well-named helper methods for each major clause (e.g., handle_from, handle_joins, handle_group_by, handle_order_by, etc.), and delegate logic accordingly. Ensure the refactor preserves all existing logic and functional behavior.

🔍 Comments beyond diff scope (5)

mindsdb/api/http/namespaces/file.py (3)

226-227: When extracting an archive, if it contains more than one file, the code attempts to remove the directory with os.rmdir, which will fail if the directory is not empty, potentially leaving temp files and causing resource leaks.
Category: correctness

218-219: zipfile.ZipFile.extractall is used without validating archive contents, allowing path traversal and arbitrary file overwrite via crafted ZIP files.
Category: security

197-203: requests.get(url, stream=True) is used to download files from user-supplied URLs without restricting the total download size, enabling denial-of-service via large or infinite files.
Category: security

mindsdb/integrations/handlers/jira_handler/jira_tables.py (1)

25-26: conditions argument is used without a default value, so if None is passed, iterating over it will raise a TypeError.
Category: correctness

mindsdb/integrations/utilities/rag/settings.py (1)

0790-0790: id_key in RAGPipelineModel is typed as int but defaulted to a string (DEFAULT_ID_KEY), causing runtime type errors when instantiating the model.
Category: correctness

hamishfagg and others added 30 commits September 17, 2025 08:53

update gha for main (#11578)

c100268

fix build deps on main (#11579)

b8eba06

Hotfix for left outer join (#11571)

6f8b193

Co-authored-by: Hamish Fagg <ivdata+github@ivdata.net>

databricks docs update (#11576)

7c205ae

Co-authored-by: Hamish Fagg <ivdata+github@ivdata.net>

fix DB URI (#11584)

5547445

docs -- updates to config file and env vars (#11577)

039bacf

[BUG] Remove hard coded variables and better class extraction from KB (…

cedd16a

…#11490) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Bump tar-fs from 3.1.0 to 3.1.1 in /docs (#11612)

16064b0

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

docs -- a2wsgi config (#11607)

346c11e

run tests on develop, fix pr concurrency (#11633)

c96c16a

docs -- env var for gui updates (#11614)

f8b89fe

docs -- updates to byom docs (#11615)

1a47c5d

update github actions (#11641)

a9df5a9

fix sending fail msg on closed PRs (#11644)

498b410

fix gha error (#11646)

f4e8cb6

Fix staging workflow error (#11647)

97365be

docs -- main image update (#11635)

3e61247

Bump axios from 1.11.0 to 1.12.2 in /docs (#11643)

569df23

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Stepanov <stpmax@yandex.ru>

Create README.md (#11651)

8cc4fdb

Create use cases folder for Hacktoberfest (#11658)

a88a7cf

Fixes Windows tests by pinning Numba version (#11639)

4eebca7

Co-authored-by: Andrey <elkin.andr@gmail.com> Co-authored-by: Hamish Fagg <hamish@mindsdb.com>

Dont run integration tests on forks (#11668)

489f16e

docs -- releases and contributing (#11691)

cb910e2

docs -- kb bedrock update (#11678)

f1d4f91

docs -- added ollama to kbs (#11663)

c5a7e11

Streaming Request Returns 400 Error in Respond Tab (#11702)

f8bf923

Expand README with ideas for various industries (#11722)

e00c753

docs -- link fix (#11720)

af15db2

docs -- contribute detailed guide (#11733)

199374f

Fix memory leaks (#11760)

7533095

setohe0909 and others added 14 commits October 22, 2025 10:03

FQE-1493: Improve error handling and messages in Shopify handler (#11701

5ee27b3

)

docs and readme -- updated supported python versions (#11778)

81eb5fb

docs -- query kb's chunk_content column (#11794)

4ba0ce4

docs -- kb's metadata columns listed (#11795)

73ec703

Converts company_id to String for User Separation (#11788)

3c3858e

Co-authored-by: Minura Punchihewa <49385643+MinuraPunchihewa@users.noreply.github.com>

docs -- alter kb (sql + rest) (#11802)

93be8c5

docs -- oracle connector updates (#11816)

8902a9c

Removes Data Catalog Persistence (#11823)

0c700d6

Co-authored-by: Minura Punchihewa <49385643+MinuraPunchihewa@users.noreply.github.com> Co-authored-by: Zoran Pandovski <zoran.pandovski@gmail.com>

docs -- typo fix in jira docs (#11846)

4d6003a

Remove 'main' branch from pull request triggers (#11847)

bd3c7b9

docs -- added data handlers that have data catalog (#11860)

2335985

ea-rus requested a review from a team as a code owner November 11, 2025 09:32

mintlify Bot deployed to staging - docs November 11, 2025 09:33 View deployment

ea-rus requested a review from StpMax November 11, 2025 09:53

docs -- support for embedding models from snowflake with kbs (#11782)

dd06fae

ea-rus changed the base branch from main to develop November 11, 2025 16:57

ea-rus added 2 commits November 11, 2025 20:04

Merge branch 'develop' into main-to-dev

629fe01

Merge branch 'main' into main-to-dev

075cef1

mintlify Bot deployed to staging - docs November 11, 2025 17:06 View deployment

StpMax approved these changes Nov 12, 2025

View reviewed changes

ea-rus marked this pull request as draft November 21, 2025 11:41

ea-rus closed this Nov 27, 2025

github-actions Bot locked and limited conversation to collaborators Nov 27, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Main to dev #11863

Main to dev #11863
ea-rus wants to merge 47 commits into
developfrom
main-to-dev

ea-rus commented Nov 11, 2025

Uh oh!

entelligence-ai-pr-reviews Bot commented Nov 11, 2025

Uh oh!

entelligence-ai-pr-reviews Bot commented Nov 11, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

Conversation

ea-rus commented Nov 11, 2025

Description

Uh oh!

entelligence-ai-pr-reviews Bot commented Nov 11, 2025

Uh oh!

entelligence-ai-pr-reviews Bot commented Nov 11, 2025

Review Summary

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants