Skip to content

fix(honcho): add ON CONFLICT DO NOTHING to create_messages to prevent seq constraint violations #452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sanjay-av wants to merge 5 commits into
base: main
Choose a base branch
from
Open

fix(honcho): add ON CONFLICT DO NOTHING to create_messages to prevent seq constraint violations #452

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
48be8f1
Fix deriver -- switch to Bedrock via LiteLLM proxy, update vector dim…
sanjay-av Mar 24, 2026
a16fb71
Add Avrio deployment artifacts to gitignore
sanjay-av Mar 24, 2026
b8fabf3
Add Honcho dashboard -- custom web UI for memory inspection
sanjay-av Mar 24, 2026
69f0917
Add LiteLLM config, OpenWebUI integration, and KlimaShift filter test
sanjay-av Mar 24, 2026
fc792d0
fix(honcho): add ON CONFLICT DO NOTHING to create_messages to prevent…
sanjay-av Mar 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,3 +191,9 @@ metrics.jsonl
AGENTS.md
lancedb_data/
grafana-data/

# Avrio custom deployment artifacts
*.pid
.dashboard-pid
*.backup
honcho.toml
21 changes: 21 additions & 0 deletions Dockerfile.dashboard
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
FROM python:3.11-slim

WORKDIR /app

# Install dependencies
RUN pip install --no-cache-dir \
fastapi==0.109.0 \
uvicorn[standard]==0.27.0 \
httpx==0.26.0 \
asyncpg==0.29.0 \
pyyaml==6.0.1

# Copy application files
COPY dashboard-backend.py /app/server.py
COPY dashboard-new.html /app/dashboard.html

# Expose port
EXPOSE 9000

# Run the application
CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "9000"]
Comment on lines +1 to +21
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Container runs as root user.

The container runs as root by default, which is a security best practice violation. If the container is compromised, an attacker gains root privileges within the container.

🔒 Add non-root user 
 FROM python:3.11-slim
 
 WORKDIR /app
 
+# Create non-root user
+RUN useradd --create-home --shell /bin/bash appuser
+
 # Install dependencies
 RUN pip install --no-cache-dir \
     fastapi==0.109.0 \
     uvicorn[standard]==0.27.0 \
     httpx==0.26.0 \
     asyncpg==0.29.0 \
     pyyaml==6.0.1
 
 # Copy application files
 COPY dashboard-backend.py /app/server.py
 COPY dashboard-new.html /app/dashboard.html
 
+# Switch to non-root user
+USER appuser
+
 # Expose port
 EXPOSE 9000
 
 # Run the application
 CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "9000"]
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM python:3.11-slim
WORKDIR /app
# Install dependencies
RUN pip install --no-cache-dir \
fastapi==0.109.0 \
uvicorn[standard]==0.27.0 \
httpx==0.26.0 \
asyncpg==0.29.0 \
pyyaml==6.0.1
# Copy application files
COPY dashboard-backend.py /app/server.py
COPY dashboard-new.html /app/dashboard.html
# Expose port
EXPOSE 9000
# Run the application
CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "9000"]
FROM python:3.11-slim
WORKDIR /app
# Create non-root user
RUN useradd --create-home --shell /bin/bash appuser
# Install dependencies
RUN pip install --no-cache-dir \
fastapi==0.109.0 \
uvicorn[standard]==0.27.0 \
httpx==0.26.0 \
asyncpg==0.29.0 \
pyyaml==6.0.1
# Copy application files
COPY dashboard-backend.py /app/server.py
COPY dashboard-new.html /app/dashboard.html
# Switch to non-root user
USER appuser
# Expose port
EXPOSE 9000
# Run the application
CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "9000"]
🧰 Tools
🪛 Trivy (0.69.3)

[error] 1-1: Image user should not be 'root'

Specify at least 1 USER command in Dockerfile with non-root user as argument

Rule: DS-0002

Learn more

(IaC/Dockerfile)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Dockerfile.dashboard` around lines 1 - 21, The Dockerfile currently runs as
root (base: FROM python:3.11-slim, WORKDIR /app, COPY ..., CMD ["uvicorn",
"server:app", ...])—create a non-root user and run the container as that user:
add a user/group (e.g., appuser), ensure /app and copied files
(dashboard-backend.py, dashboard-new.html) are owned by that user (use chown or
COPY --chown), set appropriate permissions, and add a USER appuser line before
CMD so uvicorn runs without root privileges.

Loading