Bulk Upsert (note that the first part was accidentally already merged in main before)

[NumericalAdvantage]

Summary by CodeRabbit

• Bug Fixes

  • Bulk report uploads now deduplicate incoming entries and nested metadata/modalities/groups (keep last occurrence) and emit a consolidated per-batch duplicate warning.
  • Group selection restricted to the requesting user's groups unless superuser.

• New Features

  • Enforced replace=true for bulk upsert and added on-commit background bulk indexing with configurable tuning settings.
  • Optional client-side timeout for bulk report updates.

• Documentation / Chores

  • Example env and worker config document optional CA-bundle and SSL settings.

• Tests

  • New end-to-end and indexing tests for bulk-upsert, deduplication, and reindexing.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[gemini-code-assist]

Summary of Changes

Hello @NumericalAdvantage, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the resilience of the bulk report upsert mechanism. It introduces comprehensive deduplication logic to process incoming payloads, ensuring that duplicate entries at various levels—including the main reports, associated metadata, modalities, and groups—are identified and handled without causing the entire operation to fail. Instead, duplicates are dropped, and a warning is logged, allowing the upsert to proceed successfully with valid, unique data.

Highlights

• Robustness Improvement: The bulk upsert functionality now gracefully handles duplicate entries in the payload, preventing crashes.
• Deduplication Logic: New helper functions (_dedupe_by_key, _dedupe_metadata, _dedupe_groups) have been introduced to deduplicate nested lists within the report data (metadata, modalities, groups).
• Main Report Deduplication: The primary list of validated_reports is now deduplicated based on document_id, with the last occurrence being retained.
• Warning Logging: Warnings are logged when duplicate document_ids or duplicate entries within metadata, modalities, or groups are detected and subsequently dropped.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

📝 Walkthrough

Walkthrough

Implements in-memory deduplication for bulk-upsert payloads, enforces replace semantics, wraps DB writes in transactions with on_commit hooks to refresh search indices (sync or async), adds pgsearch bulk-index utilities/tasks, tightens serializer group querysets, adds client timeout option, and tests.

Changes

Cohort / File(s)	Change summary
Reports API / bulk upsert radis/reports/api/viewsets.py	Add replace param enforcement; implement in-memory dedupe for document_ids, metadata, modalities, and groups with per-category duplicate counts and consolidated warnings; delete-and-recreate related rows inside an atomic transaction; use on_commit to trigger search indexing (sync or enqueue async).
PGSearch indexing utilities & tasks radis/pgsearch/utils/indexing.py, radis/pgsearch/tasks.py, radis/pgsearch/tests/test_indexing.py, radis/pgsearch/utils/language_utils.py, radis/settings/base.py	Add bulk_upsert_report_search_vectors with batching and per-language regconfig, add enqueue_bulk_index_reports and deferred bulk_index_reports task, expose PGSEARCH tuning flags, and change language-utils logging level for config discovery; include test verifying bulk indexing parity.
Serializers radis/reports/api/serializers.py	Tighten groups PrimaryKeyRelatedField queryset in ReportSerializer.__init__ to requesting user's groups unless superuser.
Client library radis-client/radis_client/client.py	Add optional timeout parameter to update_reports_bulk and pass it through to the HTTP POST.
Tests (bulk upsert) radis/reports/tests/test_bulk_upsert.py, radis/reports/tests/__init__.py	Add tests for bulk-upsert create/update, payload deduplication, and metadata merging; add tests package initializer.
Compose / env docs docker-compose.prod.yml, example.env	Introduce x-app-env anchor and merge into services; add llm_worker volumes and CA-bundle env merge; document RADIS_LLM_CA_BUNDLE in example.env.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Client as Client
participant API as Reports API
participant DB as Database
participant PG as PGSearch Utils
participant Queue as Task Queue

Client->>API: POST /api/reports/bulk-upsert (payload, replace)
API->>API: Validate payload\nIn-memory dedupe (docs, metadata, modalities, groups)
API->>DB: Begin atomic transaction\nBulk upsert reports; delete & recreate related rows
DB-->>API: Commit
API->>API: on_commit handler collects touched report IDs
alt PGSEARCH_SYNC_INDEXING == True
API->>PG: bulk_upsert_report_search_vectors(report_ids)
PG->>DB: insert/update ReportSearchVector and set tsvector
else
API->>Queue: enqueue_bulk_index_reports(report_ids)
Queue->>PG: bulk_index_reports(report_ids) [async]
PG->>DB: bulk upsert search vectors / update tsvector
end
API-->>Client: Response (created/updated counts, warnings)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• medihack

Poem

I'm a rabbit with a tiny quill,
I hopped through payloads, swift and still.
I dropped the doubles, kept the best,
I nudged the index to do its rest.
🐇✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 11.11% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title is vague and parenthetical. It references 'accidentally already merged' content without clearly explaining what this PR actually implements. The main title 'Bulk Upsert' lacks specificity about the changes.	Consider a more descriptive title that clearly indicates the primary change, such as 'Add deduplication and search indexing to bulk upsert API' or 'Implement bulk report upsert with deduplication and async indexing'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Pull Request Review: Prevent Duplicate Entries in Bulk Upsert

Thank you for addressing this issue! This PR adds important deduplication logic to prevent database constraint violations during bulk upserts. Here's my detailed review:

---

✅ Strengths

1. Solves a Real Problem: Preventing crashes from duplicate entries in the payload is essential for robust bulk import operations.

2. Good Logging: The warning messages clearly indicate when duplicates are detected and how they're handled.

3. Consistent Approach: The three deduplication functions follow a similar pattern, making the code easier to understand.

---

🔍 Code Quality & Best Practices

1. Nested Function Organization

The three deduplication functions (_dedupe_by_key, _dedupe_metadata, _dedupe_groups) are defined inside _bulk_upsert_reports. Consider extracting them to module level for better testability and reusability:

# At module level (before _bulk_upsert_reports)
def _dedupe_by_key(items: list[dict[str, Any]], key_name: str) -> tuple[list[dict[str, Any]], int]:
    """Deduplicate items by a specified key, keeping first occurrence."""
    # ... implementation

Rationale: Module-level functions can be unit-tested independently, improving test coverage and maintainability.

2. Inconsistent Deduplication Strategy

• Top-level reports (lines 33-45): Keeps last occurrence
• Metadata (lines 64-74): Keeps last occurrence (dict-based)
• Modalities (lines 47-62): Keeps first occurrence (set-based)
• Groups (lines 76-89): Keeps first occurrence (set-based)

Issue: This inconsistency could confuse users and lead to unexpected behavior. The warning at line 42 says "keeping last occurrence" but modalities/groups keep the first.

Recommendation: Use a consistent strategy (preferably "last wins" to match the top-level behavior) or document why different strategies are used.

3. Transaction Boundary Issue

The report upsert happens inside a transaction (line 173), but the many-to-many relationship updates happen outside that transaction (lines 192-246). This means:

• If metadata/modality/group operations fail, the reports are already committed
• This violates atomicity for the bulk upsert operation

Current code:

with transaction.atomic():  # Lines 173-189
    # Report creation/update
    ...
# Transaction ends here

if report_ids:  # Lines 192+
    # Metadata, modalities, groups - NOT in transaction
    Metadata.objects.filter(report_id__in=report_ids).delete()
    # ...

Recommendation: Wrap the entire operation (reports + relationships) in a single transaction, or at minimum wrap each relationship section in its own transaction.

---

🐛 Potential Bugs

1. Type Annotation Inconsistency

def _dedupe_groups(items: list[Any]) -> tuple[list[Any], int]:
    group_id = getattr(group, "id", group)  # Line 83

The function accepts list[Any] but the code assumes items are either objects with .id attribute or integers. This is fragile.

Recommendation: Add type hints based on actual usage (appears to be list[Group | int]) or validate input types.

2. Missing Validation for Metadata Keys

Lines 199-204 assume all items have a "key" field, but there's no explicit validation. If validation fails elsewhere, this could raise KeyError.

Impact: Low (validation should catch this earlier), but defensive programming would be safer.

---

⚡ Performance Considerations

1. Multiple Iterations Over Validated Reports

The code iterates over validated_reports multiple times:

• Line 35: Deduplication loop
• Line 91: Extract document_ids
• Line 93: Extract language codes
• Line 108-112: Extract modality codes
• Line 149-171: Create/update reports
• Line 197-204: Create metadata
• Line 213-221: Create modalities
• Line 230-236: Create groups

Impact: For large payloads (1000+ reports), this could be noticeable.

Recommendation: Consider combining some iterations where possible, though current approach prioritizes clarity.

2. Deduplication Complexity

• _dedupe_by_key: O(n) time, O(n) space ✅
• _dedupe_metadata: O(n) time, O(n) space ✅
• _dedupe_groups: O(n) time, O(n) space ✅

Performance is reasonable for typical use cases.

---

🔒 Security Concerns

No significant security issues identified. The deduplication logic doesn't introduce injection risks or authentication bypasses.

---

🧪 Test Coverage

Critical Issue: This PR adds significant new logic but no tests for the bulk upsert endpoint exist in the repository.

Missing Test Cases:

1. ✅ Duplicate document_ids in payload (main scenario this PR addresses)
2. ✅ Duplicate metadata keys within a single report
3. ✅ Duplicate modality codes within a single report
4. ✅ Duplicate groups within a single report
5. ✅ Combination of above scenarios
6. ✅ Verify "last wins" vs "first wins" behavior is consistent
7. ✅ Verify duplicate counts in warning logs are accurate
8. ✅ Transaction rollback behavior on failures

Recommendation: Add comprehensive test coverage for /api/reports/bulk-upsert/ endpoint, especially for duplicate handling scenarios.

Example test structure:

def test_bulk_upsert_with_duplicate_document_ids():
    """Should keep last occurrence when document_id appears multiple times"""
    payload = [
        {"document_id": "DOC-001", "body": "First version", ...},
        {"document_id": "DOC-001", "body": "Second version", ...},
    ]
    response = client.post('/api/reports/bulk-upsert/', payload)
    assert response.json()["created"] == 1
    report = Report.objects.get(document_id="DOC-001")
    assert report.body == "Second version"

---

📋 Summary

Priority Issues:

1. HIGH: Add test coverage for duplicate handling scenarios
2. MEDIUM: Fix transaction boundary issue (lines 173-246)
3. MEDIUM: Make deduplication strategy consistent ("last wins" vs "first wins")
4. LOW: Extract deduplication functions to module level for testability

Overall Assessment: This is a solid improvement that prevents crashes from duplicate data. With the suggested fixes (especially tests and transaction handling), it will be production-ready.

---

📝 Suggested Changes

Example: Consistent "last wins" deduplication

def _dedupe_by_key(
    items: list[dict[str, Any]], key_name: str
) -> tuple[list[dict[str, Any]], int]:
    """Deduplicate items by key, keeping LAST occurrence."""
    if not items:
        return [], 0
    by_key: dict[str, dict[str, Any]] = {}
    initial_count = len(items)
    for item in items:
        by_key[item[key_name]] = item  # Last one wins
    duplicates = initial_count - len(by_key)
    return list(by_key.values()), duplicates

Example: Wrap all operations in transaction

with transaction.atomic():
    if new_reports:
        Report.objects.bulk_create(new_reports, batch_size=BULK_DB_BATCH_SIZE)
    
    if updated_reports:
        Report.objects.bulk_update(...)
    
    # Get report IDs
    report_id_by_document_id = {...}
    
    # All relationship updates inside same transaction
    if report_ids:
        # Metadata
        Metadata.objects.filter(report_id__in=report_ids).delete()
        # ... rest of metadata logic
        
        # Modalities
        # ... modality logic
        
        # Groups
        # ... group logic

---

Let me know if you'd like help implementing any of these suggestions!

[gemini-code-assist]

Code Review

This pull request effectively prevents crashes from duplicate entries in the bulk upsert payload by adding de-duplication logic. The implementation is sound. My review includes a few suggestions to improve consistency and efficiency:

• The de-duplication strategy for different entities is inconsistent (some keep the first duplicate, some keep the last). I've suggested making this consistent for predictable behavior.
• There are three separate loops to process metadata, modalities, and groups for reports. I've suggested combining them into a single loop for better performance.

[gemini-code-assist]

This function keeps the first occurrence of an item with a duplicate key. However, the de-duplication for reports (lines 33-45) and metadata (_dedupe_metadata) keeps the last occurrence. This inconsistency can be confusing and lead to subtle bugs. For consistency, consider changing this function to also keep the last occurrence. This would make the behavior of de-duplication predictable across the entire process.

    def _dedupe_by_key(
        items: list[dict[str, Any]], key_name: str
    ) -> tuple[list[dict[str, Any]], int]:
        if not items:
            return [], 0
        by_key: dict[str, dict[str, Any]] = {}
        duplicates = 0
        for item in items:
            key = item[key_name]
            if key in by_key:
                duplicates += 1
            by_key[key] = item
        return list(by_key.values()), duplicates

[gemini-code-assist]

Similar to _dedupe_by_key, this function keeps the first occurrence of a group. For consistency with report and metadata de-duplication, which keep the last occurrence, consider modifying this to also keep the last.

    def _dedupe_groups(items: list[Any]) -> tuple[list[Any], int]:
        if not items:
            return [], 0
        by_id: dict[int, Any] = {}
        duplicates = 0
        for group in items:
            group_id = getattr(group, "id", group)
            if group_id in by_id:
                duplicates += 1
            by_id[group_id] = group
        return list(by_id.values()), duplicates

[gemini-code-assist]

These three loops over validated_reports (for metadata, modalities, and groups) can be combined into a single loop. This would be more efficient as it avoids iterating over the validated_reports list multiple times.

Here's how you could structure it:

        metadata_rows: list[Metadata] = []
        metadata_duplicate_count = 0
        modality_rows = []
        modality_duplicate_count = 0
        group_rows = []
        group_duplicate_count = 0

        for report_data in validated_reports:
            report_id = report_id_by_document_id[report_data["document_id"]]

            # Metadata
            metadata_items, duplicates = _dedupe_metadata(report_data.get("metadata", []))
            metadata_duplicate_count += duplicates
            for item in metadata_items:
                metadata_rows.append(
                    Metadata(report_id=report_id, key=item["key"], value=item["value"])
                )

            # Modalities
            modality_items, duplicates = _dedupe_by_key(report_data.get("modalities", []), "code")
            modality_duplicate_count += duplicates
            for modality in modality_items:
                modality_id = modality_by_code[modality["code"]].id
                modality_rows.append(
                    modality_through(report_id=report_id, modality_id=modality_id)
                )

            # Groups
            group_items, duplicates = _dedupe_groups(report_data.get("groups", []))
            group_duplicate_count += duplicates
            for group in group_items:
                group_rows.append(group_through(report_id=report_id, group_id=group.id))

        if metadata_rows:
            Metadata.objects.bulk_create(metadata_rows, batch_size=BULK_DB_BATCH_SIZE)
        if modality_rows:
            modality_through.objects.bulk_create(modality_rows, batch_size=BULK_DB_BATCH_SIZE)
        if group_rows:
            group_through.objects.bulk_create(group_rows, batch_size=BULK_DB_BATCH_SIZE)

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@radis/reports/api/viewsets.py`:
- Around line 76-89: _dedupe_groups currently returns the original items which
can be either objects or ints, causing AttributeError later when code expects
.id; change _dedupe_groups (the function) to normalize every entry to its
integer id (use getattr(group, "id", group) and cast/ensure int) and append that
id to deduped, keep counting duplicates as before, and return the list of
normalized ids plus the duplicate count so callers (e.g., the call site that
does group_rows.append(group_through(report_id=report_id, group_id=group.id)))
can safely use group ids.

[claude]

Pull Request Review: Prevent Duplicate Entries in Bulk Upsert

Thank you for this PR! The deduplication logic is a valuable addition that prevents crashes from duplicate entries in bulk upload payloads. Here's my detailed review:

---

✅ Strengths

1. Problem Solved: Effectively prevents database integrity errors from duplicate entries in payloads
2. Comprehensive Coverage: Handles duplicates at all levels (reports, metadata, modalities, groups)
3. Good Observability: Warning logs provide visibility into data quality issues
4. Client Enhancement: Adding timeout parameter to update_reports_bulk() is a practical improvement

---

🔍 Code Quality Issues

1. Inconsistent Deduplication Strategy

The PR uses three different deduplication helper functions with overlapping logic:

• _dedupe_by_key(): Last-occurrence-wins (line 47-62)
• _dedupe_metadata(): Last-occurrence-wins (line 64-74)
• _dedupe_groups(): First-occurrence-wins (line 76-89)

Issue: _dedupe_groups() uses first-occurrence logic while report/metadata deduplication uses last-occurrence. This inconsistency is confusing.

Recommendation: Consolidate into a single generic deduplication function:

def _dedupe_items(
    items: list[Any], 
    key_fn: Callable[[Any], str | int],
    last_wins: bool = True
) -> tuple[list[Any], int]:
    """Deduplicate items using a key function.
    
    Args:
        items: Items to deduplicate
        key_fn: Function to extract the unique key from each item
        last_wins: If True, keep last occurrence; if False, keep first
    """
    if not items:
        return [], 0
    
    if last_wins:
        seen: dict[str | int, Any] = {}
        for item in items:
            seen[key_fn(item)] = item
        return list(seen.values()), len(items) - len(seen)
    else:
        seen_keys: set[str | int] = set()
        deduped = []
        duplicates = 0
        for item in items:
            key = key_fn(item)
            if key in seen_keys:
                duplicates += 1
                continue
            seen_keys.add(key)
            deduped.append(item)
        return deduped, duplicates

Usage:

metadata_items, dups = _dedupe_items(
    report_data.get("metadata", []),
    key_fn=lambda x: x["key"],
    last_wins=True
)

2. Type Safety Issue in _dedupe_groups()

Line 83 uses getattr(group, "id", group) which is fragile:

group_id = getattr(group, "id", group)  # What if group is neither?

Problem: If group is already an integer, it falls back to group itself. But if it's a Group object, it should use .pk not .id (per Django conventions used elsewhere in the file).

Recommendation: Be explicit about expected types:

group_id = group.pk if isinstance(group, Group) else int(group)

3. Line 158: Inconsistent Field Access

existing.language = language  # Uses object assignment

vs the old code:

existing.language_id = language.id  # Direct FK ID assignment

Issue: While both work, the new version triggers an extra database query during bulk_update() since Django needs to resolve the FK. The old language_id assignment was more efficient.

Recommendation: Revert to existing.language_id = language.pk for consistency with lines 220, 239 which use .pk.

4. Inconsistent Use of .id vs .pk

The diff changes .id to .pk in several places (lines 185, 220, 239), which is good Django practice. However, line 158 regressed by using object assignment instead of the more efficient _id suffix pattern.

---

⚠️ Potential Bugs

1. Duplicate Counting Logic

Line 38-39:

if document_id in deduped_reports:
    duplicate_count += 1
deduped_reports[document_id] = report  # Always overwrites

Problem: When 3+ identical document_ids exist, the count is accurate but duplicate_count could be clearer.

Example: ["DOC1", "DOC1", "DOC1"] → duplicate_count = 2 ✅ (correct, 2 duplicates of the original)

This is actually correct behavior, but the variable name could be clearer as duplicate_occurrences or add a comment.

2. Missing Edge Case: Empty Key/Code Values

What happens if metadata has {"key": "", "value": "foo"}?

• Line 70: key = item["key"] - empty strings are valid dict keys
• This could lead to multiple metadata entries with empty keys being deduplicated incorrectly

Recommendation: Add validation or document this as expected behavior.

---

🚀 Performance Considerations

1. Memory Efficiency

The deduplication happens in-memory before database operations, which is correct. For very large payloads (10,000+ reports), consider:

• The three separate loops over report_data for metadata/modalities/groups (lines 197-240) could be combined into a single loop
• Current approach is cleaner but processes each report 3 times

Current:

for report_data in validated_reports:  # Loop 1: metadata
    ...
for report_data in validated_reports:  # Loop 2: modalities  
    ...
for report_data in validated_reports:  # Loop 3: groups
    ...

More efficient (but less readable):

for report_data in validated_reports:
    # Build all three relationship types in one pass
    ...

Given the batch size constant (BULK_DB_BATCH_SIZE = 1000), current approach is acceptable.

2. Database Query Optimization

Line 185-189: Good use of .only() to limit fields fetched. ✅

---

🔒 Security Concerns

1. No Critical Issues Found

The deduplication logic doesn't introduce security vulnerabilities:

• ✅ All data is already validated through serializers before reaching _bulk_upsert_reports()
• ✅ Transaction isolation prevents race conditions
• ✅ Logging doesn't expose sensitive data (only counts)

2. Information Disclosure (Minor)

The warning logs (lines 41-43, 244-250) expose document_ids and counts. This is appropriate for server logs but verify these logs aren't exposed to end users.

---

🧪 Test Coverage

❌ Critical Gap: No Tests Found

I searched for tests covering bulk_upsert functionality and found none. This is a significant gap.

Required Test Cases:

1. ✅ Test duplicate document_ids in payload (handled by this PR)
2. ✅ Test duplicate metadata keys for same report
3. ✅ Test duplicate modality codes for same report
4. ✅ Test duplicate groups for same report
5. ⚠️ Test mixed scenarios (some reports with duplicates, some without)
6. ⚠️ Test that last occurrence is kept for reports/metadata
7. ⚠️ Test that warnings are logged correctly
8. ⚠️ Test client timeout parameter works

Example test structure:

def test_bulk_upsert_with_duplicate_document_ids(api_client):
    """Test that duplicate document_ids are deduplicated, keeping last."""
    reports = [
        {"document_id": "DOC1", "body": "First version", ...},
        {"document_id": "DOC1", "body": "Second version", ...},
    ]
    response = api_client.post('/api/reports/bulk-upsert/', reports)
    assert response.json()["created"] == 1
    assert Report.objects.get(document_id="DOC1").body == "Second version"

---

📝 Minor Improvements

1. Line 94-96: The dict comprehension could be a one-liner (style preference):

   language_by_code = {lang.code: lang for lang in Language.objects.filter(code__in=language_codes)}

2. Type Hints: Consider adding return type hint to _bulk_upsert_reports:

   def _bulk_upsert_reports(
       validated_reports: list[dict[str, Any]]
   ) -> tuple[list[str], list[str]]:  # Already present ✅

3. Documentation: The nested helper functions (_dedupe_*) could benefit from docstrings explaining the "last wins" strategy.

---

📊 Overall Assessment

Category	Rating	Notes
Functionality	⭐⭐⭐⭐	Solves the problem effectively
Code Quality	⭐⭐⭐	Works but has inconsistencies
Performance	⭐⭐⭐⭐	Appropriate for expected scale
Security	⭐⭐⭐⭐⭐	No concerns
Test Coverage	⭐	Critical gap
Documentation	⭐⭐⭐	Logs are good; code comments minimal

---

🎯 Recommendations Priority

Must Fix Before Merge:

1. Add comprehensive test coverage (highest priority)
2. Fix line 158: Use existing.language_id = language.pk for efficiency

Should Fix:

3. Consolidate deduplication logic into single generic function
4. Fix _dedupe_groups() type safety: Use explicit type checking

Nice to Have:

5. Add docstrings to helper functions
6. Consider combining the three relationship-building loops (lines 197-240)

---

✅ Approval Recommendation

Status: Approve with required changes

This PR provides valuable functionality and prevents real crashes. However, test coverage is critical before merging to production. Once tests are added and the efficiency issue on line 158 is fixed, this is ready to merge.

Great work on identifying and solving this issue! 🚀

[claude]

Pull Request Review: Bulk Upsert Deduplication

Thank you for this contribution! I've reviewed the changes and have the following feedback:

✅ Strengths

1. Good problem identification: Deduplication logic prevents database constraint violations and data corruption from duplicate entries in bulk payloads.

2. Comprehensive deduplication: Handles duplicates at multiple levels:

   • Report-level (document_ids)
   • Metadata entries (keys)
   • Modalities (codes)
   • Groups (IDs)

3. Excellent test coverage: Three well-designed tests covering:

   • Basic create/update functionality
   • Full end-to-end deduplication through API
   • Direct function-level metadata deduplication

4. Good logging: Warning messages provide visibility into deduplication with counts.

5. Client enhancement: Added timeout parameter to update_reports_bulk() for better timeout control.

---

🔍 Code Quality Issues

Critical: Logic inconsistency in _dedupe_metadata vs _dedupe_by_key

Location: radis/reports/api/viewsets.py:64-74 vs 47-62

The _dedupe_metadata function keeps the last occurrence (like report-level deduplication), while _dedupe_by_key keeps the first occurrence. This inconsistency could cause confusion:

# _dedupe_metadata - keeps LAST
def _dedupe_metadata(items: list[dict[str, Any]]) -> tuple[list[dict[str, Any]], int]:
    by_key: dict[str, dict[str, Any]] = {}
    duplicates = 0
    for item in items:
        key = item["key"]
        if key in by_key:
            duplicates += 1
        by_key[key] = item  # ← Always overwrites (keeps last)
    return list(by_key.values()), duplicates

# _dedupe_by_key - keeps FIRST
def _dedupe_by_key(items: list[dict[str, Any]], key_name: str) -> tuple[list[dict[str, Any]], int]:
    seen: set[str] = set()
    deduped: list[dict[str, Any]] = []
    duplicates = 0
    for item in items:
        key = item[key_name]
        if key in seen:
            duplicates += 1
            continue  # ← Skips (keeps first)
        seen.add(key)
        deduped.append(item)
    return deduped, duplicates

Recommendation: Standardize to always keep the last occurrence for consistency with report-level deduplication behavior (lines 33-45).

---

Minor: Duplicate code pattern

The three deduplication functions (_dedupe_by_key, _dedupe_metadata, _dedupe_groups) share similar logic. Consider consolidating into a single generic function with a key extractor parameter to reduce duplication and improve maintainability.

---

🐛 Potential Bugs

1. Missing deduplication in modality code extraction

Location: radis/reports/api/viewsets.py:108-112

When extracting modality codes to create missing modalities, there's no deduplication:

modality_codes = {
    modality["code"]
    for report in validated_reports
    for modality in report.get("modalities", [])  # ← Already deduplicated at report level by _dedupe_by_key
}

Analysis: This is actually safe because:

1. Set comprehension automatically deduplicates codes across reports
2. Within each report, modalities are deduplicated by _dedupe_by_key before reaching this point (line 215-217)

However, the comment on line 108 could clarify this for maintainability.

---

2. .pk vs .id inconsistency

Location: Throughout _bulk_upsert_reports

The code uses both .pk and .id interchangeably:

• Line 83: getattr(group, "id", group)
• Line 185, 220, 239: Uses .pk

Recommendation: Consistently use .pk (Django best practice) since it works regardless of the primary key field name.

---

⚡ Performance Considerations

1. Database queries are efficient: Good use of:

   • Bulk operations (bulk_create, bulk_update)
   • only() to fetch minimal fields (line 186-187)
   • Set-based lookups for deduplication

2. In-memory deduplication: All deduplication happens in Python before DB operations, which is correct for this use case.

3. Batch size: BULK_DB_BATCH_SIZE = 1000 is reasonable for most use cases.

Note: For very large payloads (>10,000 reports), monitor memory usage during deduplication.

---

🔒 Security Considerations

No security issues identified. The changes:

• Don't introduce new attack vectors
• Properly handle user input through existing serializer validation
• Use Django ORM (no SQL injection risk)
• Don't expose sensitive information in logs

---

📝 Documentation & Style

1. ✅ Client docstring updated with timeout parameter
2. ✅ Follows Google Python Style Guide (per CLAUDE.md)
3. ⚠️ Consider adding docstrings to internal deduplication functions for maintainability
4. ✅ Line lengths within 100 character limit

---

🧪 Test Coverage Assessment

Strong coverage:

• ✅ Create and update flows
• ✅ Duplicate document_ids in payload
• ✅ Duplicate metadata keys
• ✅ Duplicate modalities/groups in single report
• ✅ API-level and function-level testing

Potential gaps:

• Edge case: Empty payload (covered by line 30 check)
• Edge case: All invalid reports (covered by existing validation)
• Performance test: Large payload (>1000 reports) - consider adding

---

🎯 Recommendations Summary

Must fix:

1. Standardize deduplication logic to consistently keep last occurrence

Should fix:
2. Use .pk consistently instead of mixing with .id

Consider:
3. Add docstrings to internal deduplication functions
4. Add clarifying comment about modality code deduplication at line 108
5. Consider refactoring three deduplication functions into one generic helper

---

✅ Conclusion

This is a solid PR that addresses a real issue with proper testing. The main concern is the logical inconsistency between deduplication strategies that should be resolved before merging. Once that's addressed, this will be a valuable improvement to the bulk upsert functionality.

Overall Assessment: Approve with minor changes requested.

---

Review performed by Claude Code (Sonnet 4.5) following RADIS project conventions from CLAUDE.md

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@radis/reports/tests/test_bulk_upsert.py`:
- Line 31: The test payload in test_bulk_upsert.py uses
timezone.make_aware(datetime(...)) for the "study_datetime" field which
json.dumps can't serialize; replace that datetime object with an ISO-8601 string
(e.g. "2024-01-01T00:00:00+00:00" or use .isoformat()) so the payload is
JSON-serializable and consistent with the other payload entry (update the
payload definition used in the failing test).

[claude]

Code Review: Bulk Upsert Deduplication

I've reviewed this PR and here's my feedback:

✅ Strengths

1. Good Problem Solving: The deduplication logic addresses a real issue where duplicate entries could cause database constraint violations or unexpected behavior.

2. Comprehensive Test Coverage: The new test file test_bulk_upsert.py covers the main scenarios well:

   • Basic create and update operations
   • Deduplication of payload entries
   • Deduplication of nested metadata keys

3. Helpful Logging: Consolidated warning messages with per-category counts make debugging easier.

4. Client API Enhancement: Adding the timeout parameter to update_reports_bulk() is a good addition for controlling long-running requests.

🔍 Issues and Concerns

1. Inconsistent Behavior: Last-Wins Deduplication (Medium Priority)

The deduplication strategy keeps the last occurrence of duplicates:

# Line 39 in viewsets.py
deduped_reports[document_id] = report  # overwrites previous

Issue: This "last-wins" approach may be counterintuitive and could hide data quality problems. If a client accidentally sends duplicates, they might expect an error rather than silent deduplication.

Recommendation: Consider one of these approaches:

• Add a query parameter to control behavior: ?deduplication=error|last-wins|first-wins
• At minimum, document this behavior clearly in the API docs and docstring
• Consider logging at WARNING level with the specific document_ids that were deduplicated

2. Type Safety Issue in _dedupe_groups() (Low Priority)

Lines 73-84 show type handling that could be cleaner:

def _dedupe_groups(items: list[Any]) -> tuple[list[int], int]:
    for group in items:
        group_id = getattr(group, "pk", group)  # Mixed types
        group_id = int(group_id)

Issue: The function accepts list[Any] and tries to handle both Group objects and integers. This is fragile.

Recommendation:

def _dedupe_groups(items: list[Any]) -> tuple[list[int], int]:
    """Deduplicate group references (handles both Group objects and IDs)."""
    if not items:
        return [], 0
    by_id: dict[int, int] = {}
    duplicates = 0
    for group in items:
        # Handle both Group instances and raw integers
        group_id = group.pk if hasattr(group, 'pk') else int(group)
        if group_id in by_id:
            duplicates += 1
        by_id[group_id] = group_id
    return list(by_id.values()), duplicates

3. Redundant Function: _dedupe_metadata() (Minor)

Lines 61-71 define _dedupe_metadata() which is functionally identical to _dedupe_by_key(items, "key").

Recommendation: Remove _dedupe_metadata() and use _dedupe_by_key(report_data.get("metadata", []), "key") on line 194 instead. This reduces code duplication.

4. Database Query Inefficiency (Minor)

Line 179-184 queries all reports again after bulk creation/update:

report_id_by_document_id = {
    report.document_id: report.pk
    for report in Report.objects.filter(document_id__in=document_ids).only(
        "id", "document_id"
    )
}

Issue: For newly created reports, we already have the objects in memory (new_reports), but their PKs aren't set until after bulk_create().

Recommendation: Consider using bulk_create(..., returning=True) (Django 4.0+) to get PKs immediately, or at least add a comment explaining why the extra query is necessary.

5. Missing Test Coverage (Medium Priority)

The tests don't cover:

• Empty modalities/groups/metadata lists
• Invalid group IDs (non-existent groups)
• Large payloads (performance/timeout scenarios)
• Concurrent bulk upserts on the same documents
• The new timeout parameter in the client

Recommendation: Add tests for edge cases, especially invalid group IDs which could cause runtime errors.

6. Docstring Missing (Minor)

The _bulk_upsert_reports() function (lines 29-259) lacks a docstring explaining:

• Its deduplication behavior
• What it returns
• Transaction handling

🛡️ Security & Performance

• ✅ SQL Injection: Protected by Django ORM
• ✅ Batch Size: Properly uses BULK_DB_BATCH_SIZE constant
• ✅ Transaction Safety: Wrapped in transaction.atomic()
• ⚠️ Memory Usage: Large payloads could consume significant memory since the entire list is held in memory. Consider adding documentation about recommended batch sizes.

📝 Style & Standards

• ✅ Follows Google Python Style Guide
• ✅ Line length within 100 characters
• ✅ Proper type hints on most functions
• ⚠️ Missing type hint: list[Any] in _dedupe_groups could be more specific

🎯 Recommendations Summary

Must Fix:

1. Add docstring to _bulk_upsert_reports() explaining deduplication behavior
2. Handle invalid group IDs gracefully (add validation or error handling)

Should Fix:
3. Remove redundant _dedupe_metadata() function
4. Improve type safety in _dedupe_groups()
5. Document the "last-wins" deduplication strategy in API docs

Nice to Have:
6. Add test coverage for edge cases
7. Consider making deduplication strategy configurable
8. Add comment explaining the re-query of report IDs

Overall, this is solid work that improves the robustness of bulk operations. The main concern is ensuring the deduplication behavior is well-documented and that edge cases are handled gracefully.

[claude]

Pull Request Review: Bulk Upsert Deduplication

This PR adds deduplication logic to the bulk upsert endpoint. Overall, the implementation is solid and well-tested.

---

Strengths

1. Good Test Coverage: Three comprehensive tests cover creation, updates, and various deduplication scenarios
2. Proper Logging: Clear warning messages with detailed counts help with debugging
3. Consistent Deduplication Strategy: Last occurrence wins approach is applied consistently
4. Transaction Safety: All operations remain within the existing transaction.atomic() block
5. Client Enhancement: Added timeout parameter improves flexibility for large bulk operations

---

Code Quality & Design

Positive:

• Helper functions are well-structured
• Code follows Google Python Style Guide conventions
• Line lengths comply with project standards (100 chars)

Areas for Consideration:

1. DRY Principle (viewsets.py:47-84): _dedupe_metadata is essentially identical to _dedupe_by_key with hardcoded key parameter. Consider using _dedupe_by_key(items, "key") instead.

2. _dedupe_groups Type Handling (viewsets.py:73-84): The function handles both Group objects and integers. Looking at the serializer flow, groups should already be integers after validation. Consider simplifying if object handling is not needed.

3. Deduplication Timing (viewsets.py:103-118): Modality codes are extracted BEFORE deduplication, potentially including duplicates. Consider whether deduplication should happen before extracting unique codes.

---

Security

• No SQL injection risks (uses Django ORM properly)
• Authorization properly enforced (IsAdminUser permission)
• No sensitive data exposure in logs
• Transaction atomicity maintained

---

Performance

1. Memory Usage: Deduplication creates intermediate dictionaries. For very large bulk operations (10k+ reports), this could be memory-intensive. Current approach is reasonable; optimization only needed if issues arise.

2. Batch Operations: Proper use of BULK_DB_BATCH_SIZE (1000)

3. N+1 Query Prevention: Efficiently fetches languages/modalities upfront

---

Testing

Covered:

• Basic create and update flows
• Duplicate document_ids in payload
• Duplicate modalities, groups, and metadata within a single report
• Metadata key deduplication preserves last value

Missing:

1. Empty/edge cases: Empty payload, empty arrays
2. Cross-report metadata: Same metadata key in different reports
3. Large-scale deduplication stress test
4. Error handling edge cases

---

Recommendations

Priority: High

1. Simplify _dedupe_metadata: Replace with _dedupe_by_key(items, "key") call

Priority: Medium
2. Add cross-report metadata test
3. Clarify _dedupe_groups type handling
4. Consider modality deduplication timing

Priority: Low
5. Add edge case tests
6. Add docstrings to helper functions

---

Summary

Category	Rating
Code Quality	Good
Test Coverage	Good (minor gaps)
Security	Excellent
Performance	Good
Documentation	Adequate

Overall: This is a solid implementation that addresses the deduplication requirements effectively. The main suggestions are minor refactorings for code clarity rather than critical bugs. The PR is ready to merge with consideration for the high-priority simplification suggestions.

Great work on maintaining transaction integrity and providing comprehensive logging!

[claude]

Pull Request Review: Bulk Upsert Deduplication & Timeout Support

Summary

This PR adds important deduplication logic to the bulk upsert endpoint and adds a timeout parameter to the client. The implementation handles duplicate document_ids, metadata keys, modality codes, and group IDs by keeping the last occurrence and logging consolidated warnings.

---

✅ Strengths

1. Well-tested: Comprehensive test coverage including end-to-end tests for creation, updates, and deduplication scenarios
2. Clear logging: Consolidated warning messages with per-category counts help with debugging
3. Consistent behavior: "Keep last occurrence" strategy is predictable and documented
4. Backward compatible: Changes don't break existing API behavior
5. Client enhancement: Timeout parameter is a practical addition for large bulk operations

---

🔍 Code Quality Observations

1. Duplicate Helper Functions (Minor)

radis/reports/api/viewsets.py:47-77

You have three similar deduplication helpers:

• _dedupe_by_key() - generic key-based dedup
• _dedupe_metadata() - metadata-specific dedup
• _dedupe_groups() - groups-specific dedup

Suggestion: _dedupe_metadata() could potentially use _dedupe_by_key(items, "key") to reduce duplication. However, the current approach is clear and the performance difference is negligible.

2. Missing Type Hint (Minor)

radis/reports/api/viewsets.py:70

def _dedupe_groups(items: list[Any]) -> tuple[list[int], int]:

The list[Any] parameter could be more specific. Based on usage at line 222, it accepts either Group objects or integers. Consider:

def _dedupe_groups(items: list[Group | int]) -> tuple[list[int], int]:

3. Deduplication Order (Important Observation)

radis/reports/api/viewsets.py:33-45

The report-level deduplication happens before validation context. This means if a user sends:

• Report A with document_id="DOC-1" (valid)
• Report B with document_id="DOC-1" (invalid data)

Report B will overwrite Report A even if it's invalid. The validation happens later at line 348.

Question: Is this intentional? An alternative would be to validate first, then dedupe only valid payloads. Current behavior means a single invalid duplicate can cause a valid report to be skipped.

---

🐛 Potential Issues

1. Empty init.py File (Low Priority)

radis/reports/tests/__init__.py

The file contains only a newline. This is fine for making it a package, but seems unusual if it didn't exist before. Was this directory not a package previously? If tests were already working, this file might be unnecessary.

2. Metadata Deduplication Behavior (Design Question)

radis/reports/api/viewsets.py:187-192

When metadata has duplicate keys, the last value wins. Consider this payload:

{
    "document_id": "DOC-1",
    "metadata": {
        "ris_filename": "file1.txt",
        "ris_filename": "file2.txt"  # Last one wins
    }
}

This is handled correctly via the serializer transformation (line 132-134 in serializers.py). However, the warning message doesn't distinguish between:

• User sending duplicate keys in the dict (impossible in Python)
• Serializer expansion creating duplicates (shouldn't happen)
• Some other edge case

Consider: Is this warning actually reachable for metadata? Python dicts already dedupe keys, and the serializer converts them. A test specifically for this case would clarify the scenario.

---

🔒 Security Considerations

No issues found. The PR doesn't introduce security vulnerabilities:

• ✅ Deduplication happens after authentication/permission checks
• ✅ No SQL injection risks (using ORM)
• ✅ No new user input vectors
• ✅ Timeout parameter properly passed to requests library

---

⚡ Performance Considerations

1. Multiple Passes Over Data (Minor Impact)

radis/reports/api/viewsets.py:185-226

The code iterates over validated_reports three times:

• Lines 185-194: Metadata processing
• Lines 201-213: Modality processing
• Lines 220-227: Group processing

Impact: For 1000 reports, this is 3000 iterations vs. 1000 if combined. However, the DB operations (bulk_create) dominate performance, so this is acceptable. The current structure is more readable.

2. Deduplication Dictionary Construction (Negligible)

The deduplication logic at lines 33-45 creates a dictionary with O(n) space and time complexity. This is optimal for the use case.

---

🧪 Test Coverage

Excellent coverage:

• ✅ Creation of new reports
• ✅ Updates to existing reports
• ✅ Deduplication of document_ids
• ✅ Deduplication of modalities and groups
• ✅ Deduplication of metadata keys
• ✅ End-to-end API integration

Minor gap: No test for the warning log messages themselves. Consider adding:

def test_bulk_upsert_logs_duplicate_warnings(client, caplog):
    # Test that duplicate warnings are actually logged
    # Verify the log message format and counts

---

📝 Documentation

Client documentation: The timeout parameter is documented in the docstring ✅

API documentation: Consider updating API docs (if separate from code) to mention:

• Deduplication behavior when duplicates are present
• That last occurrence is kept for duplicates
• Warning log format

---

🎯 Recommendations

Must Address:

• None - no blocking issues

Should Consider:

1. Clarify if the report-level deduplication before validation is intentional
2. Add test for warning log messages
3. Verify if the metadata deduplication warning is reachable (or remove/adjust it)

Nice to Have:

1. Type hint improvement for _dedupe_groups
2. Consolidate deduplication helpers if you anticipate more similar functions

---

✅ Overall Assessment

Recommendation: APPROVE with minor suggestions

This is a solid implementation that:

• Solves a real problem (handling duplicates gracefully)
• Includes comprehensive tests
• Maintains backward compatibility
• Follows project conventions (Google Style Guide, 100 char line length)

The deduplication logic is sound, and the "keep last" strategy is reasonable and predictable. The timeout addition is a practical enhancement for production use.

Nice work! 🎉

[claude]

Pull Request Review: Bulk Upsert Implementation

I've reviewed this PR and overall it's a solid implementation with good test coverage. Here are my findings:

---

✅ Strengths

1. Comprehensive Deduplication Logic: The implementation properly handles duplicate entries at multiple levels (document_ids, metadata keys, modalities, groups), keeping the last occurrence and providing consolidated logging.

2. Good Test Coverage: Tests cover the main scenarios including creation, updates, and deduplication behavior. The test in test_bulk_index_matches_signal_vector is excellent for ensuring consistency between bulk and signal-based indexing.

3. Proper Transaction Handling: Uses transaction.atomic() appropriately and triggers handlers via transaction.on_commit() callbacks.

4. Performance Optimization: Efficient bulk operations with configurable batch sizes, chunking for large datasets, and language-aware indexing.

5. Client API Enhancement: The timeout parameter addition is useful for handling large bulk uploads.

---

🔒 Security Considerations

SQL Injection Risk (Critical)

In radis/pgsearch/utils/indexing.py:54-62, there's a raw SQL query that uses parameterized queries correctly:

cursor.execute(
    """
    UPDATE pgsearch_reportsearchvector v
    SET search_vector = to_tsvector(%s::regconfig, r.body)
    FROM reports_report r
    WHERE v.report_id = r.id AND r.id = ANY(%s)
    """,
    [config, config_ids],
)

✅ Good: Using parameterized queries with %s placeholders and passing values as a list prevents SQL injection. The config_ids list is properly sanitized (converted to ints on line 23) before being passed to the query.

Permission Scoping (Important)

In radis/reports/api/serializers.py:54-62, the serializer now restricts group access:

if request.user.is_superuser:
    groups_field.queryset = groups_field.queryset.all()
else:
    groups_field.queryset = request.user.groups.all()

✅ Good: Non-superusers can only assign reports to groups they belong to. This prevents privilege escalation.

⚠️ Note: The bulk upsert endpoint requires IsAdminUser permission (staff users), which is appropriate for this operation.

---

🐛 Potential Issues

1. Unused replace Parameter

In radis/reports/api/viewsets.py:355-360:

replace = request.GET.get("replace", "true").lower() in ["true", "1", "yes"]
if not replace:
    return Response(
        {"detail": "replace=false is not supported for bulk upsert. Use replace=true."},
        status=status.HTTP_400_BAD_REQUEST,
    )

And then on line 399: created_ids, updated_ids = _bulk_upsert_reports(valid_payloads, replace=replace)

Issue: The replace parameter is extracted and validated but then passed to _bulk_upsert_reports() where it's not actually used (line 35 shows it defaults to True but the function doesn't branch on this value). The function always performs replace behavior by deleting existing metadata/modalities/groups and recreating them.

Recommendation: Either:

• Remove the replace parameter entirely if it's not needed
• Implement the replace logic if it's intended for future use
• Document why it's required to be true (perhaps for API consistency)

2. Logging Level Inconsistency

In radis/pgsearch/utils/language_utils.py:23, the logging level was changed from warning to error:

logger.error("Failed to read pg_ts_config; falling back to simple. %s", exc)

Question: Is this a critical error or an expected fallback scenario? If the fallback to 'simple' config is acceptable, warning might be more appropriate. If it indicates a serious misconfiguration, error is correct.

3. Type Safety in Deduplication

In radis/reports/api/viewsets.py:77-84, the _dedupe_groups function:

def _dedupe_groups(items: list[Any]) -> tuple[list[int], int]:
    if not items:
        return [], 0
    by_id: dict[int, int] = {}
    for group in items:
        group_id = int(getattr(group, "pk", group))
        by_id[group_id] = group_id
    return list(by_id.values()), len(items) - len(by_id)

Issue: Uses list[Any] type hint and getattr(group, "pk", group) fallback. This works but is less type-safe.

Recommendation: Consider using a Union type or protocol for better type safety:

def _dedupe_groups(items: list[Group | int]) -> tuple[list[int], int]:
    ...
    group_id = group.pk if isinstance(group, Group) else int(group)

4. Empty Test File

radis/reports/tests/__init__.py is created with only a newline. While this makes the directory a package, consider adding a docstring or comment explaining the test module's purpose.

---

🧪 Test Coverage Suggestions

The existing tests are good, but consider adding:

1. Large payload test: Test with hundreds/thousands of reports to verify chunking behavior
2. Permission test: Verify non-superusers cannot assign reports to groups they don't belong to
3. Error handling test: Test behavior when database constraints are violated (e.g., invalid foreign keys)
4. Concurrent modification test: Test what happens if reports are modified between validation and bulk upsert
5. Index synchronization test: Verify PGSEARCH_SYNC_INDEXING setting works correctly in both modes

---

📊 Performance Considerations

1. Memory Usage: For very large payloads, the deduplication logic loads all data into memory. With thousands of reports, this could be significant. Consider documenting recommended batch sizes.

2. Transaction Size: Large bulk upserts hold database locks during the entire transaction. For production use, consider documenting the recommended maximum batch size to avoid lock contention.

3. Indexing Strategy: The configurable PGSEARCH_SYNC_INDEXING is excellent for flexibility. Document when to use sync vs async indexing.

---

📝 Code Quality

1. Line Length: All code adheres to the 100-character limit specified in the project standards ✅
2. Naming: Function and variable names are clear and descriptive ✅
3. Documentation: Functions have reasonable docstrings, though _bulk_upsert_reports() could benefit from more detailed documentation about the deduplication behavior ✅

---

🎯 Recommendations Summary

High Priority:

1. Clarify or remove the unused replace parameter logic
2. Add documentation about recommended batch sizes and performance characteristics

Medium Priority:
3. Review the logging level change in language_utils.py
4. Improve type hints in _dedupe_groups
5. Add more comprehensive tests for edge cases

Low Priority:
6. Add docstring to radis/reports/tests/__init__.py

---

✨ Conclusion

This is a well-implemented feature with proper security measures, good test coverage, and thoughtful error handling. The deduplication logic is particularly well done. With minor refinements around the replace parameter and additional documentation, this will be production-ready.

Great work! 🚀

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@radis/reports/api/viewsets.py`:
- Around line 33-36: The function _bulk_upsert_reports has an unused parameter
replace which triggers Ruff ARG001; remove the replace parameter from
_bulk_upsert_reports's signature and update any callers to stop passing replace
(or stop forwarding that argument) so the function is invoked without that
argument; ensure you only change the signature and call sites related to
_bulk_upsert_reports and keep its return type and behavior intact.

In `@radis/settings/base.py`:
- Around line 157-160: Add documentation entries for the three new pgsearch
settings by updating example.env to include PGSEARCH_BULK_INDEX_CHUNK_SIZE
(default 5000), PGSEARCH_BULK_INSERT_BATCH_SIZE (default 1000), and
PGSEARCH_SYNC_INDEXING (default False) with a short description for each
(purpose and default). Ensure the variable names match the settings
(PGSEARCH_BULK_INDEX_CHUNK_SIZE, PGSEARCH_BULK_INSERT_BATCH_SIZE,
PGSEARCH_SYNC_INDEXING), include their default values, and add a one-line
comment explaining what each controls (chunk size for bulk indexing, batch size
for inserts, and whether indexing runs synchronously).

🧹 Nitpick comments (4)

radis/pgsearch/utils/language_utils.py (1)

22-24: Consider using logger.exception for full traceback visibility.

When catching exceptions, logger.exception automatically includes the traceback, which aids debugging. With logger.error, only the exception message is logged.

Proposed fix

     except DatabaseError as exc:
-        logger.error("Failed to read pg_ts_config; falling back to simple. %s", exc)
+        logger.exception("Failed to read pg_ts_config; falling back to simple.")
         return set()

radis/reports/api/serializers.py (1)

54-62: Good security improvement to restrict group assignment.

This correctly limits non-superusers to only assign reports to their own groups. However, line 60 has a redundant .all() call since the queryset is already a queryset.

Remove redundant .all() call

                 if groups_field.queryset is not None:
                     if request.user.is_superuser:
-                        groups_field.queryset = groups_field.queryset.all()
+                        pass  # Superuser keeps the original queryset (all groups)
                     else:
                         groups_field.queryset = request.user.groups.all()

Or simplify the entire block:

-                if groups_field.queryset is not None:
-                    if request.user.is_superuser:
-                        groups_field.queryset = groups_field.queryset.all()
-                    else:
-                        groups_field.queryset = request.user.groups.all()
+                if groups_field.queryset is not None and not request.user.is_superuser:
+                    groups_field.queryset = request.user.groups.all()

radis/pgsearch/tasks.py (1)

19-26: Type annotation can be tightened.

The payload variable is typed as list[Any] but only contains integers. Since report_ids is already list[int], the explicit int() conversion is defensive (good), but the type should reflect the actual contents.

Tighten type annotation

 def enqueue_bulk_index_reports(report_ids: list[int]) -> int | None:
     if not report_ids:
         return None
-    payload: list[Any] = [int(report_id) for report_id in report_ids]
+    payload: list[int] = [int(report_id) for report_id in report_ids]
     return app.configure_task(
         "radis.pgsearch.tasks.bulk_index_reports",
         allow_unknown=False,
     ).defer(report_ids=payload)

This also allows removing the Any import if unused elsewhere.

radis/pgsearch/utils/indexing.py (1)

46-61: Consider wrapping bulk operations in a transaction.

The loop processes multiple configs, and if an error occurs mid-way, some configs will be updated while others won't. This could leave the search index in an inconsistent state.

Wrap in transaction for atomicity

+from django.db import connection, transaction
...
         for config, config_ids in config_to_ids.items():
-            ReportSearchVector.objects.bulk_create(
-                [ReportSearchVector(report_id=report_id) for report_id in config_ids],
-                ignore_conflicts=True,
-                batch_size=settings.PGSEARCH_BULK_INSERT_BATCH_SIZE,
-            )
-
-            with connection.cursor() as cursor:
-                cursor.execute(
-                    """
-                    UPDATE pgsearch_reportsearchvector v
-                    SET search_vector = to_tsvector(%s::regconfig, r.body)
-                    FROM reports_report r
-                    WHERE v.report_id = r.id AND r.id = ANY(%s)
-                    """,
-                    [config, config_ids],
-                )
+            with transaction.atomic():
+                ReportSearchVector.objects.bulk_create(
+                    [ReportSearchVector(report_id=report_id) for report_id in config_ids],
+                    ignore_conflicts=True,
+                    batch_size=settings.PGSEARCH_BULK_INSERT_BATCH_SIZE,
+                )
+
+                with connection.cursor() as cursor:
+                    cursor.execute(
+                        """
+                        UPDATE pgsearch_reportsearchvector v
+                        SET search_vector = to_tsvector(%s::regconfig, r.body)
+                        FROM reports_report r
+                        WHERE v.report_id = r.id AND r.id = ANY(%s)
+                        """,
+                        [config, config_ids],
+                    )

Alternatively, if partial progress is acceptable for idempotent retry scenarios, document this behavior.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# First, find the file and check its existence
find . -name "base.py" -path "*/settings/*" | head -20

Repository: openradx/radis

Length of output: 82

---

🏁 Script executed:

# Look for example.env or .env.example files
fd -t f "example\.env|\.env\.example|\.env"

Repository: openradx/radis

Length of output: 69

---

🏁 Script executed:

# Check the specific lines in radis/settings/base.py
sed -n '155,165p' radis/settings/base.py | cat -n

Repository: openradx/radis

Length of output: 678

---

🏁 Script executed:

# Check example.env for the new env var documentation
cat example.env | grep -n "PGSEARCH_BULK" -A 2 -B 2

Repository: openradx/radis

Length of output: 40

---

🏁 Script executed:

# Check the actual line lengths of lines 157-160 in the file
python3 << 'EOF'
with open('radis/settings/base.py', 'r') as f:
    lines = f.readlines()
    # Lines 157-160 (0-indexed: 156-159)
    for i in range(156, 160):
        if i < len(lines):
            line = lines[i].rstrip('\n')
            print(f"Line {i+1}: {len(line)} chars - {line}")
EOF

Repository: openradx/radis

Length of output: 144

---

🏁 Script executed:

# Search the entire example.env file to see its structure
cat example.env | head -50

Repository: openradx/radis

Length of output: 1925

---

🏁 Script executed:

# Search full example.env for any PGSEARCH references
rg "PGSEARCH" example.env

Repository: openradx/radis

Length of output: 40

---

🏁 Script executed:

# Check the actual lines from base.py and their lengths using wc or head/tail
sed -n '157,160p' radis/settings/base.py | while read line; do echo "${`#line`} chars: $line"; done

Repository: openradx/radis

Length of output: 402

---

🏁 Script executed:

# Get the full length of example.env to understand its scope
wc -l example.env

Repository: openradx/radis

Length of output: 73

---

Add the new pgsearch configuration variables to example.env.

The settings implementation is well-structured with appropriate defaults and complies with the 100-character line length limit. However, the environment variables PGSEARCH_BULK_INDEX_CHUNK_SIZE, PGSEARCH_BULK_INSERT_BATCH_SIZE, and PGSEARCH_SYNC_INDEXING are not documented in example.env. Add these variables with their default values and a brief description so operators can discover and configure them.

🤖 Prompt for AI Agents

In `@radis/settings/base.py` around lines 157 - 160, Add documentation entries for
the three new pgsearch settings by updating example.env to include
PGSEARCH_BULK_INDEX_CHUNK_SIZE (default 5000), PGSEARCH_BULK_INSERT_BATCH_SIZE
(default 1000), and PGSEARCH_SYNC_INDEXING (default False) with a short
description for each (purpose and default). Ensure the variable names match the
settings (PGSEARCH_BULK_INDEX_CHUNK_SIZE, PGSEARCH_BULK_INSERT_BATCH_SIZE,
PGSEARCH_SYNC_INDEXING), include their default values, and add a one-line
comment explaining what each controls (chunk size for bulk indexing, batch size
for inserts, and whether indexing runs synchronously).

[claude]

Pull Request Review: Bulk Upsert Improvements

I've completed a comprehensive review of PR #187. Overall, this is a well-implemented feature with good test coverage and thoughtful design decisions. Here are my findings:

---

✅ Strengths

1. Comprehensive Deduplication Logic

The deduplication implementation is excellent:

• Document-level deduplication: Handles duplicate document_ids in the payload by keeping the last occurrence (radis/reports/api/viewsets.py:39-51)
• Nested deduplication: Properly deduplicates metadata keys, modality codes, and group IDs within each report
• Good logging: Warns users about duplicates with consolidated counts, which aids debugging

2. Performance Optimizations

• Bulk operations throughout: Uses bulk_create, bulk_update, and batch processing consistently
• Configurable chunking: New settings (PGSEARCH_BULK_INDEX_CHUNK_SIZE, PGSEARCH_BULK_INSERT_BATCH_SIZE) allow tuning for different environments
• Async indexing option: PGSEARCH_SYNC_INDEXING flag provides flexibility between sync/async indexing
• Efficient SQL: Direct UPDATE query in radis/pgsearch/utils/indexing.py:54-62 using ANY() for batch updates

3. Test Coverage

Excellent test coverage with three focused tests:

• test_bulk_upsert_creates_and_updates_reports: Full end-to-end test
• test_bulk_upsert_dedupes_payload_entries: Tests deduplication behavior
• test_bulk_upsert_dedupes_metadata_keys: Tests metadata-specific deduplication
• test_bulk_index_matches_signal_vector: Validates indexing produces correct results

4. Security Improvement

Group restriction in serializer (radis/reports/api/serializers.py:54-62) is a significant security enhancement:

• Non-superusers can only assign reports to their own groups
• Prevents privilege escalation
• Properly checks is_superuser before allowing all groups

5. Docker Configuration

The Docker Compose refactoring improves maintainability:

• Uses YAML anchors to DRY up environment configuration
• Adds CA bundle support for private LLM endpoints
• Properly configures SSL cert environment variables

---

🔍 Issues & Recommendations

Critical: SQL Injection Risk

Location: radis/pgsearch/utils/indexing.py:54-61

cursor.execute(
    """
    UPDATE pgsearch_reportsearchvector v
    SET search_vector = to_tsvector(%s::regconfig, r.body)
    FROM reports_report r
    WHERE v.report_id = r.id AND r.id = ANY(%s)
    """,
    [config, config_ids],
)

Issue: The config parameter (PostgreSQL text search configuration name) is passed via parameterization, but it's being cast to regconfig. PostgreSQL parameterization doesn't work properly with type casts like this - the parameter is still treated as a string literal, which could potentially be exploited.

Recommendation: Whitelist valid config values and use string formatting for the config name:

VALID_CONFIGS = {'simple', 'english', 'german', 'french', 'spanish', ...}

if config not in VALID_CONFIGS:
    logger.warning(f"Invalid text search config: {config}, falling back to 'simple'")
    config = 'simple'

cursor.execute(
    f"""
    UPDATE pgsearch_reportsearchvector v
    SET search_vector = to_tsvector('{config}'::regconfig, r.body)
    FROM reports_report r
    WHERE v.report_id = r.id AND r.id = ANY(%s)
    """,
    [config_ids],
)

Or use sql.Identifier from psycopg2.sql if using psycopg2.

---

High: Missing Input Validation

Location: radis/pgsearch/tasks.py:22

payload: list[Any] = [int(report_id) for report_id in report_ids]

Issue: If a non-integer value is in report_ids, this will raise ValueError and crash the task enqueueing. The type hint says list[int] but there's no validation.

Recommendation: Add validation with proper error handling:

try:
    payload: list[int] = [int(report_id) for report_id in report_ids]
except (ValueError, TypeError) as exc:
    logger.error("Invalid report_id in bulk index request: %s", exc)
    return None

---

Medium: Potential Race Condition

Location: radis/reports/api/viewsets.py:245-249

touched_report_ids = [
    report_id_by_document_id[document_id]
    for document_id in [*created_ids, *updated_ids]
    if document_id in report_id_by_document_id
]

Issue: This check happens inside the transaction, but the indexing happens in on_commit. If a report is somehow deleted between transaction commit and the on_commit callback, the indexing task could reference non-existent reports.

Impact: Low probability, but could cause task failures.

Recommendation: Add error handling in bulk_upsert_report_search_vectors to gracefully handle missing reports, or filter out deleted reports at the start of indexing.

---

Medium: Unused Parameter

Location: radis/reports/api/viewsets.py:34

def _bulk_upsert_reports(
    validated_reports: list[dict[str, Any]],
    replace: bool = True,  # ⚠️ Not used anywhere
) -> tuple[list[str], list[str]]:

Issue: The replace parameter is accepted but never used in the function body. This suggests incomplete implementation or dead code.

Recommendation: Either:

1. Implement the replace=False logic to support partial updates
2. Remove the parameter if not needed
3. Document why it exists (e.g., for future use) with a comment

Also note that the viewset validates replace=true is required (radis/reports/api/viewsets.py:355-359), but then passes it to a function that doesn't use it.

---

Low: Missing Error Context

Location: radis/pgsearch/utils/language_utils.py:23

The change from logger.warning to logger.error is good, but consider also:

logger.error("Failed to read pg_ts_config; falling back to simple. %s", exc, exc_info=True)

Adding exc_info=True provides full stack traces for easier debugging.

---

Low: Missing Bounds Check

Location: radis/pgsearch/utils/indexing.py:23

ids = sorted({int(report_id) for report_id in report_ids if report_id is not None})

Issue: No upper bound check on the number of IDs. Passing millions of IDs could cause memory issues.

Recommendation: Add a sanity check:

MAX_BULK_IDS = 100000  # Configure via settings
if len(ids) > MAX_BULK_IDS:
    logger.warning(f"Bulk index request has {len(ids)} IDs, limiting to {MAX_BULK_IDS}")
    ids = ids[:MAX_BULK_IDS]

---

Low: Test Improvements

Missing test cases:

1. Invalid data in bulk upsert: What happens with malformed payloads?
2. Group permission enforcement: Test that non-superuser can't assign to groups they don't belong to
3. Large payload handling: Test with 1000+ reports to verify chunking works
4. Async indexing: Test that enqueue_bulk_index_reports properly enqueues tasks
5. Empty report bodies: Test indexing behavior with empty or None body text

---

📝 Code Quality Observations

Good Practices

• ✅ Proper transaction usage with atomic() blocks
• ✅ Consistent use of type hints
• ✅ Clear function naming and structure
• ✅ Good separation of concerns (serializer, viewset, tasks, utilities)

Style Notes (per Google Python Style Guide)

• Line lengths look good (under 100 chars)
• Proper use of list comprehensions
• Good function decomposition with helper functions

---

🎯 Summary

Approval Status: ⚠️ Approve with changes

This PR adds valuable functionality with good architecture, but the SQL injection risk should be addressed before merging. The other issues are less critical but should be tracked for follow-up.

Priority Actions

1. Before merge: Fix the regconfig SQL injection vulnerability
2. Before merge: Remove or implement the unused replace parameter
3. Nice to have: Add the missing test coverage for edge cases
4. Nice to have: Add input validation for task enqueueing

Estimated Risk

• Current: Medium (due to SQL injection potential)
• After fixes: Low

Great work on this feature! The deduplication logic is particularly well thought out, and the performance optimizations are solid. Once the SQL issue is addressed, this will be ready to merge.

[claude]

PR Review: Bulk Upsert Implementation

Summary

This PR implements comprehensive bulk upsert functionality for reports with deduplication, async indexing, and group scoping. The changes are well-structured and address several important edge cases.

Code Quality & Best Practices

Strengths

1. Excellent deduplication logic at multiple levels (document_ids, metadata keys, modalities, groups)
2. Good separation of concerns with proper modularization
3. Comprehensive test coverage
4. Proper type hints throughout
5. Appropriate logging for duplicate entries
6. Safe transaction handling

Minor Issues

1. Group Queryset Filtering Logic

Location: radis/reports/api/serializers.py:54-62

The superuser branch calls .all() on a queryset that is already .all() (redundant). Simplify to:
if not request.user.is_superuser:
groups_field.queryset = request.user.groups.all()

2. Deduplication Function Redundancy

Location: radis/reports/api/viewsets.py:53-83

_dedupe_metadata and _dedupe_by_key do essentially the same thing. Consider consolidating.

3. SQL Injection Protection

Location: radis/pgsearch/utils/indexing.py:66-75

Verify that config from code_to_language() properly sanitizes input to prevent SQL injection through regconfig casting.

Performance Considerations

Excellent Optimizations

1. Proper chunking for large bulk operations (5000 records default)
2. Batch operations with bulk_create and bulk_update
3. Optional async background indexing
4. Efficient queries with select_related() and .only()

Potential Concerns

Memory usage on very large payloads (10K+ reports). Consider documenting maximum recommended batch size.

Security

Good Practices

1. Permission checking restricted to IsAdminUser
2. Group scoping for non-superusers
3. Proper validation via serializers
4. Transaction isolation

Recommendations

Verify error messages do not leak information about groups users do not have access to.

Test Coverage

Excellent Coverage

Tests for creation, updates, deduplication, and bulk indexing matching signal-based indexing.

Missing Test Cases

1. Group scoping security (non-superuser cannot assign to other groups)
2. Large payload handling (1000+ reports)
3. Concurrent upserts
4. Replace parameter rejection

Documentation

Need to document:

1. New configuration settings (PGSEARCH_BULK_INDEX_CHUNK_SIZE, etc.)
2. Bulk-upsert endpoint behavior
3. Deduplication rules
4. Maximum recommended batch size

Recommendations

High Priority

1. Fix redundant .all() in serializer (line 60)
2. Add test for group scoping security
3. Document new configuration settings

Medium Priority

1. Consolidate deduplication functions
2. Add test for concurrent upserts
3. Document maximum batch size

Overall Assessment

Status: Approve with minor changes

This is a well-implemented feature with good attention to edge cases, performance, and security. The code follows Django and DRF best practices with comprehensive tests.

Code Quality: 8.5/10
Test Coverage: 8/10
Security: 8/10
Performance: 9/10
Documentation: 7/10
Overall: 8/10

[claude]

Pull Request Review: Bulk Upsert Enhancements

Thank you for this comprehensive PR! This adds important functionality for bulk report operations with deduplication and async indexing. Overall the implementation is solid, but I've identified several areas that need attention.

---

🔴 Critical Issues

1. SQL Injection Risk in Bulk Indexing

Location: radis/pgsearch/utils/indexing.py:66-74

The raw SQL query uses ANY(%s) with a list parameter, which should be safe with psycopg2's parameterization. However, the config parameter is passed directly to %s::regconfig which could potentially be exploited if code_to_language() returns unsanitized input.

Recommendation:

• Validate that code_to_language() returns only safe PostgreSQL regconfig names
• Consider using a whitelist of allowed configurations
• Add explicit validation before the SQL execution

2. Race Condition in Deduplication Logic

Location: radis/reports/api/viewsets.py:39-51

The deduplication happens in memory after validation but before the atomic transaction. If two bulk upsert requests arrive concurrently with the same document_ids, both could pass validation and attempt to create/update, potentially causing database constraint violations.

Recommendation:

• Move deduplication logic inside the atomic transaction
• Consider using select_for_update() when fetching existing reports
• Add retry logic for transient constraint violations

3. Group Permission Bypass Vulnerability

Location: radis/reports/api/serializers.py:54-62

The group filtering is applied in the serializer's __init__, but the _bulk_upsert_reports function bypasses serializer validation for groups after initial validation. A malicious user could potentially craft a payload that passes initial validation but includes unauthorized groups.

Issue: In _bulk_upsert_reports, the groups are already validated objects, but there's no re-verification that the user still has access to those groups before assignment.

Recommendation:

• Add explicit group permission checks in _bulk_upsert_reports before assigning groups
• Ensure all group IDs in the payload belong to the user's accessible groups (unless superuser)

---

⚠️ Major Issues

4. Missing Transaction Rollback on Indexing Failure

Location: radis/reports/api/viewsets.py:259-263

The indexing happens in transaction.on_commit(), which means if indexing fails, the reports are already committed to the database. This creates inconsistent state where reports exist but aren't searchable.

Recommendation:

• Add error handling in the on_commit callback
• Log indexing failures prominently
• Consider a background reconciliation job to catch missed indexes
• Document this behavior and the recovery process

5. Unbounded Memory Usage with Large Payloads

Location: radis/reports/api/viewsets.py:361-393

The bulk upsert loads the entire payload into memory, validates all items, and processes them at once. A malicious user could send extremely large payloads causing OOM errors.

Recommendation:

• Add a maximum batch size limit (e.g., 1000 reports per request)
• Return HTTP 413 (Payload Too Large) if exceeded
• Add configuration via settings: BULK_UPSERT_MAX_BATCH_SIZE

6. Inefficient N+1 Query Pattern in Deduplication

Location: radis/reports/api/viewsets.py:191-242

For each report, the code iterates through metadata/modalities/groups to deduplicate and create rows. While using bulk_create, the deduplication itself involves multiple dictionary operations that could be optimized.

Recommendation:

• Profile with large datasets (10,000+ reports)
• Consider pre-computing all deduplication in a single pass
• Use defaultdict for cleaner group-by operations

7. Missing Rate Limiting

Location: radis/reports/api/viewsets.py:346

The bulk-upsert endpoint has no rate limiting, allowing potential abuse through repeated large uploads.

Recommendation:

• Add Django rate limiting (e.g., django-ratelimit)
• Configure per-user limits based on role
• Add throttling in production settings

---

🟡 Performance Considerations

8. Synchronous Indexing May Block Requests

Location: radis/settings/base.py:160 and radis/reports/api/viewsets.py:260-261

When PGSEARCH_SYNC_INDEXING=True, bulk indexing runs synchronously in the on_commit callback, potentially blocking the HTTP response for large batches.

Recommendation:

• Document that sync indexing should only be used for development/testing
• Add warning logs when sync indexing is enabled in production
• Consider a hybrid approach: sync for small batches (<100), async for larger

9. Chunking Strategy May Need Tuning

Location: radis/pgsearch/utils/indexing.py:33

The default chunk size of 5000 may be too large or too small depending on report body size and database resources.

Recommendation:

• Add comments explaining the chunk size rationale
• Document tuning guidance in CLAUDE.md
• Consider dynamic chunk sizing based on average body length

10. Missing Database Indexes

The bulk operations query by document_id and id__in extensively. Ensure proper indexes exist:

• reports_report.document_id (should be unique and indexed)
• reports_report.id (primary key, already indexed)
• Consider composite indexes for common filter patterns

---

🔵 Code Quality Issues

11. Inconsistent Error Handling

Location: radis/pgsearch/tasks.py:21-25

The enqueue_bulk_index_reports function catches TypeError and ValueError but returns None silently. Callers don't know if the task was enqueued successfully.

Recommendation:

def enqueue_bulk_index_reports(report_ids: list[int]) -> int | None:
    if not report_ids:
        logger.warning("enqueue_bulk_index_reports called with empty list")
        return None
    try:
        payload: list[int] = [int(report_id) for report_id in report_ids]
    except (TypeError, ValueError) as exc:
        logger.error("Invalid report_id in bulk index request: %s", exc, exc_info=True)
        raise  # Re-raise to make the error visible to callers
    return app.configure_task(
        "radis.pgsearch.tasks.bulk_index_reports",
        allow_unknown=False,
    ).defer(report_ids=payload)

12. Magic Numbers in Code

Location: radis/reports/api/viewsets.py:30, 406

BULK_DB_BATCH_SIZE = 1000 and max_errors = 50 are hardcoded.

Recommendation:

• Move to settings configuration
• Add comments explaining the rationale for these values

13. Incomplete Type Hints

Location: radis/reports/api/viewsets.py:76-83

The _dedupe_groups function uses list[Any] which loses type safety.

Recommendation:

from django.contrib.auth.models import Group

def _dedupe_groups(items: list[Group | int]) -> tuple[list[int], int]:
    if not items:
        return [], 0
    by_id: dict[int, int] = {}
    for group in items:
        group_id = group.pk if isinstance(group, Group) else int(group)
        by_id[group_id] = group_id
    return list(by_id.values()), len(items) - len(by_id)

14. Redundant Variable Assignment

Location: radis/pgsearch/utils/indexing.py:26

ids is sorted and deduplicated, but the deduplication happens before knowing if any IDs are None.

Recommendation:

ids = sorted({int(rid) for rid in report_ids if rid is not None})

This is cleaner and more explicit.

15. Missing Docstrings

Location: Multiple locations

The new functions lack docstrings explaining parameters, return values, and behavior.

Recommendation:
Add Google-style docstrings to:

• _bulk_upsert_reports
• bulk_upsert_report_search_vectors
• enqueue_bulk_index_reports
• All helper functions (_dedupe_by_key, etc.)

---

🟢 Test Coverage Issues

16. Missing Edge Case Tests

The tests cover happy paths well, but missing:

• Empty payload handling
• Maximum batch size enforcement
• Concurrent bulk upserts with same document_ids
• Invalid group IDs (unauthorized access)
• Partial failure scenarios (some reports valid, some invalid)
• Network/database errors during indexing
• Non-superuser attempting to assign groups they don't belong to

Recommendation:
Add tests for:

@pytest.mark.django_db
def test_bulk_upsert_rejects_unauthorized_groups()
@pytest.mark.django_db  
def test_bulk_upsert_handles_concurrent_requests()
@pytest.mark.django_db
def test_bulk_upsert_limits_batch_size()

17. No Integration Tests for Async Indexing

The indexing tests only verify synchronous behavior. There's no test confirming the Procrastinate task actually runs.

Recommendation:

• Add acceptance test that enqueues and processes the background task
• Verify the task appears in the queue
• Verify search works after async indexing completes

---

🟣 Documentation & Configuration

18. Missing Environment Variable Documentation

Location: example.env

The new settings added to base.py aren't documented in example.env:

• PGSEARCH_BULK_INDEX_CHUNK_SIZE
• PGSEARCH_BULK_INSERT_BATCH_SIZE
• PGSEARCH_SYNC_INDEXING

Recommendation:
Add to example.env:

# PostgreSQL full-text search bulk indexing settings
# Chunk size for processing reports during bulk indexing (default: 5000)
PGSEARCH_BULK_INDEX_CHUNK_SIZE=5000
# Batch size for bulk insert operations (default: 1000)
PGSEARCH_BULK_INSERT_BATCH_SIZE=1000
# Enable synchronous indexing (use only for development/testing, default: false)
PGSEARCH_SYNC_INDEXING=false

19. Docker Compose CA Bundle Documentation

Location: example.env:76-78

The comment is helpful but could explain when this is needed.

Recommendation:
Expand the comment:

# Optional: custom CA bundle for outbound HTTPS requests from LLM worker
# Use this when connecting to self-signed or private certificate authorities
# (e.g., internal LLM endpoints with corporate certificates)
# Defaults to system CA bundle (/etc/ssl/certs/ca-certificates.crt) if not set.
# RADIS_LLM_CA_BUNDLE="/path/to/custom/ca-bundle.pem"

20. radis-client Timeout Parameter Undocumented

Location: radis-client/radis_client/client.py:105

The new timeout parameter needs documentation in the docstring and usage examples.

Recommendation:
Update docstring:

def update_reports_bulk(
    self,
    reports: list[ReportData],
    upsert: bool = True,
    timeout: float | tuple[float, float] | None = None,
) -> dict[str, Any]:
    """Bulk upsert reports using a single request.

    Args:
        reports: The report payloads to upsert.
        upsert: Whether to perform upsert behavior when a report is missing.
        timeout: Optional requests timeout in seconds. Can be:
            - float: Total timeout for the request
            - tuple[float, float]: (connect timeout, read timeout)
            - None: Use default timeout (no timeout)
            Recommended for large batches: (10, 300) for 10s connect, 5min read.

    Returns:
        The response as JSON with keys: created, updated, invalid, errors (optional).
        
    Raises:
        requests.HTTPError: If the request fails.
        requests.Timeout: If the request times out.
    """

---

🟢 Positive Aspects

1. Excellent deduplication logic - Handles duplicates at multiple levels (reports, metadata, modalities, groups)
2. Comprehensive test coverage for core functionality
3. Proper use of transactions - Ensures atomicity
4. Good separation of concerns - Indexing is separate from upsert logic
5. Configurable behavior - Settings allow tuning for different environments
6. Backward compatible - Doesn't break existing single-report endpoints
7. Proper logging - Warning logs for duplicates help debugging
8. Clean code structure - Helper functions are well-organized

---

📋 Summary

Must Fix Before Merge (Blocking):

• Issue Uncomment llama.cpp server #3: Group permission bypass vulnerability
• Issue add hybrid search feature #1: Validate SQL injection safety in indexing
• Issue Integrate OpenSearch #5: Add maximum batch size limit

Should Fix Before Merge (Strongly Recommended):

• Issue Logo and Favicon #2: Address race condition in deduplication
• Issue Adit radis shared subrepo #4: Add error handling for indexing failures
• Issue Switch to procrastinate #11: Improve error handling in task enqueuing
• Issue Update adit-radis-shared digest to 6689aab old #16: Add security and edge case tests
• Issue Update dependency pydicom to v3 - autoclosed #18: Document new environment variables

Can Address in Follow-up PRs:

• Performance optimizations (Issues No sites framework #6, Rag task batching #8, pgsearch_init #9)
• Code quality improvements (Issues Configure Renovate #12, Update adit-radis-shared digest to cd9b1d2 old #13, Update abatilo/actions-poetry action to v3 #14, Dependency Dashboard #15)
• Additional documentation (Issues Update docker/build-push-action action to v6 #19, Update postgres Docker tag to v17 - autoclosed #20)
• Rate limiting (Issue Add report chat #7)

---

Recommended Next Steps

1. Address the three blocking security/stability issues
2. Add the recommended security tests
3. Document new environment variables
4. Run load testing with 1000+ reports to verify performance
5. Verify the group permission logic with a non-superuser

Let me know if you'd like me to elaborate on any of these points or provide example code for the fixes!

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@radis/pgsearch/tasks.py`:
- Around line 18-25: The current enqueue_bulk_index_reports function aborts the
whole batch if any report_id fails conversion; change it to validate per-item
instead: iterate over report_ids, attempt int(report_id) for each inside a
try/except, append successfully converted ids to payload (or valid_ids) and
logger.warning/error the specific invalid value on exception, and after the loop
return None if payload is empty else continue with the original enqueue logic;
update references to payload (or rename to valid_ids) and remove the single
try/except around the whole list so valid IDs are not dropped.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Don’t drop valid IDs when one entry is invalid.
Right now a single bad report_id prevents the entire batch from enqueuing, which can leave valid reports unindexed. Consider per-item validation (skip/log invalids) or explicitly raise so the caller can retry.

✅ Suggested fix (skip invalid IDs, keep valid ones)

 def enqueue_bulk_index_reports(report_ids: list[int]) -> int | None:
     if not report_ids:
         return None
-    try:
-        payload: list[int] = [int(report_id) for report_id in report_ids]
-    except (TypeError, ValueError) as exc:
-        logger.error("Invalid report_id in bulk index request: %s", exc)
-        return None
+    payload: list[int] = []
+    for report_id in report_ids:
+        try:
+            payload.append(int(report_id))
+        except (TypeError, ValueError):
+            logger.exception(
+                "Invalid report_id in bulk index request: %r",
+                report_id,
+            )
+    if not payload:
+        return None
     return app.configure_task(
         "radis.pgsearch.tasks.bulk_index_reports",
         allow_unknown=False,
     ).defer(report_ids=payload)

🧰 Tools

🪛 Ruff (0.14.14)

24-24: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

🤖 Prompt for AI Agents

In `@radis/pgsearch/tasks.py` around lines 18 - 25, The current
enqueue_bulk_index_reports function aborts the whole batch if any report_id
fails conversion; change it to validate per-item instead: iterate over
report_ids, attempt int(report_id) for each inside a try/except, append
successfully converted ids to payload (or valid_ids) and logger.warning/error
the specific invalid value on exception, and after the loop return None if
payload is empty else continue with the original enqueue logic; update
references to payload (or rename to valid_ids) and remove the single try/except
around the whole list so valid IDs are not dropped.

[claude]

Pull Request Review: Bulk Upsert Implementation

Summary

This PR implements bulk report upsert functionality with deduplication, group access control, and background indexing. Overall, the implementation is solid with good test coverage. Here are my findings:

---

✅ Strengths

Code Quality

• Well-structured deduplication logic: The nested deduplication functions (_dedupe_by_key, _dedupe_metadata, _dedupe_groups) are clean and handle edge cases properly
• Comprehensive test coverage: Tests cover creation, updates, deduplication at multiple levels, and indexing consistency
• Good separation of concerns: Bulk indexing logic properly separated into pgsearch app with dedicated task queue
• Proper transaction handling: Atomic transactions with on_commit hooks ensure data consistency

Performance Considerations

• Efficient bulk operations: Uses bulk_create and bulk_update with configurable batch sizes
• Chunked indexing: The _chunked function in indexing.py prevents memory issues with large datasets
• Query optimization: Uses select_related and only() to minimize database queries during indexing
• Configurable tuning: Settings for PGSEARCH_BULK_INDEX_CHUNK_SIZE, PGSEARCH_BULK_INSERT_BATCH_SIZE, and PGSEARCH_SYNC_INDEXING allow production tuning

---

Issues & Concerns

1. Security: Group Access Control (MEDIUM)

Location: radis/reports/api/serializers.py:54-62

The group queryset restriction is good for preventing privilege escalation, but there's a potential issue - this only restricts group selection in the serializer, but the bulk upsert validation happens per-item. If a user is not a superuser, they should not be able to assign reports to groups they don't belong to.

Recommendation: Add explicit validation in bulk_upsert to verify all specified groups are in the user's accessible groups before processing.

---

2. Bug: Missing Error Handling for Language Lookup (HIGH)

Location: radis/reports/api/viewsets.py:145

If a language code is in validated_reports but somehow missing from language_by_code after bulk_create (e.g., due to race conditions or database constraints), this will raise a KeyError inside a transaction, potentially rolling back the entire batch.

Recommendation: Add defensive handling with .get() instead of direct dictionary access.

---

3. Performance: Inefficient Report Re-fetching (MEDIUM)

Location: radis/reports/api/viewsets.py:251-258

After bulk operations, the code re-fetches all reports from the database to pass to handlers. For large batches (e.g., 10,000 reports), this creates significant database load.

Recommendation: Consider passing report IDs to handlers instead of full objects if possible, or cache the created/updated report objects during the bulk operation.

---

4. Bug: SQL Injection Risk in Raw Query (HIGH)

Location: radis/pgsearch/utils/indexing.py:66-74

While using parameterized queries, the %s::regconfig cast could be problematic if config contains malicious input. The code_to_language() function should be audited to ensure it only returns safe PostgreSQL regconfig names.

Recommendation: Validate that config matches a whitelist of known PostgreSQL text search configurations before executing the query.

---

5. Code Quality: Duplicate Logic (LOW)

Location: radis/reports/api/viewsets.py:53-83

The deduplication functions _dedupe_by_key and _dedupe_metadata have nearly identical logic.

Recommendation: Consider consolidating into a single function that takes a key extractor function.

---

6. Missing: Input Validation (MEDIUM)

Location: radis/reports/api/viewsets.py:347-359

No validation for maximum batch size. A malicious or misconfigured client could send 1M reports in a single request, causing memory exhaustion or timeout.

Recommendation: Add a configurable maximum batch size (e.g., MAX_BULK_UPSERT_SIZE = 10000).

---

7. Missing: Timeout Configuration (LOW)

Location: radis-client/radis_client/client.py:106-126

While timeout parameter was added, there's no guidance on appropriate values for bulk operations. Large batches may legitimately take minutes.

Recommendation: Add docstring guidance about timeout values for large batches.

---

Test Coverage

Good Coverage:

• Basic create/update operations
• Deduplication at document, metadata, modality, and group levels
• Bulk indexing consistency with signal-based indexing

Missing Tests:

• Group permission enforcement (non-superuser trying to assign reports to inaccessible groups)
• Large batch handling (1000+ reports)
• Concurrent bulk upserts (race conditions)
• Error recovery (partial batch failures)
• Invalid language codes

Recommendation: Add tests for the missing scenarios, especially permission enforcement.

---

Security Considerations

Positive:

• Enforces replace=true to prevent accidental partial updates
• Restricts group queryset based on user permissions
• Validates input through serializers

Concerns:

• Group permission validation may be bypassable (see Issue add hybrid search feature #1)
• No rate limiting on bulk endpoint
• No maximum batch size enforcement

---

Recommendations Summary

Must Fix (Before Merge):

1. Add validation to ensure users can only assign reports to groups they have access to
2. Add defensive error handling for missing language codes
3. Validate config parameter in SQL query against whitelist
4. Add maximum batch size limit

Should Fix (Soon):

1. Optimize report re-fetching for handlers
2. Add missing test coverage for permissions and edge cases
3. Consider consolidating duplicate deduplication logic

Nice to Have:

1. Add timeout guidance in client documentation
2. Clarify CA bundle configuration in comments

---

Overall Assessment

Verdict: Approve with conditions

This is a well-implemented feature with good separation of concerns and performance optimizations. The main concerns are around security (group permissions, batch size limits) and defensive error handling. Once the "Must Fix" items are addressed, this will be production-ready.

The deduplication logic is particularly well-thought-out and handles edge cases gracefully. The configurable indexing settings show good production awareness.

Great work overall!

[claude]

PR Review: Bulk Upsert Implementation

Summary

This PR implements bulk upsert functionality for reports with deduplication, background indexing, and improved group access control. The implementation is well-structured and follows Django best practices.

✅ Strengths

Code Quality

• Clean separation of concerns: The bulk upsert logic is well-isolated in _bulk_upsert_reports() with clear helper functions for deduplication
• Consistent style: Follows Google Python Style Guide with proper type hints throughout
• Good error handling: Validation errors are logged with context (index, document_id) for debugging
• Informative logging: Warning messages for duplicates provide actionable information

Architecture

• Efficient bulk operations: Uses bulk_create() and bulk_update() with configurable batch sizes
• Transaction safety: Proper use of transaction.atomic() and transaction.on_commit() hooks
• Extensibility: Background indexing is configurable via PGSEARCH_SYNC_INDEXING setting
• Clean deduplication strategy: "Keep last occurrence" is a sensible default that matches upsert semantics

Testing

• Good test coverage for core functionality including:
  • Create and update operations via bulk upsert
  • Deduplication of document_ids, metadata keys, modalities, and groups
  • Indexing matches signal-based vector generation
• Tests use proper fixtures and factories

🔍 Areas for Improvement

1. Security - Group Access Control (radis/reports/api/serializers.py:54-62)

Issue: The group restriction logic has a subtle security concern.

if request.user.is_superuser:
    groups_field.queryset = groups_field.queryset.all()
else:
    groups_field.queryset = request.user.groups.all()

Problem: If groups_field.queryset is already filtered or modified elsewhere, calling .all() for superusers might not reset it to the full queryset.

Recommendation:

from django.contrib.auth.models import Group

if request.user.is_superuser:
    groups_field.queryset = Group.objects.all()
else:
    groups_field.queryset = request.user.groups.all()

2. Performance - N+1 Query Pattern (radis/reports/api/viewsets.py:250-258)

Issue: The on_commit callback refetches reports from the database.

def on_commit():
    if created_ids:
        created_reports = list(Report.objects.filter(document_id__in=created_ids))

Problem: We already have the report objects in memory (new_reports, updated_reports) but we're re-querying them.

Impact: For bulk operations with 1000s of reports, this adds unnecessary database load.

Recommendation: Pass the already-loaded report objects to handlers or consider if the refetch is necessary for data consistency.

3. Error Handling - Silent Truncation (radis/reports/api/viewsets.py:406-408)

Issue: Error responses are silently truncated without clear indication.

max_errors = 50
response_body["errors"] = errors[:max_errors]
response_body["errors_truncated"] = len(errors) > max_errors

Problem: While errors_truncated is set, there's no information about total error count or how to retrieve remaining errors.

Recommendation:

response_body["errors"] = errors[:max_errors]
response_body["total_errors"] = len(errors)
response_body["errors_truncated"] = len(errors) > max_errors

4. Data Integrity - Missing Validation (radis/reports/api/viewsets.py:354-359)

Issue: The PR enforces replace=true but doesn't validate the reasoning.

if not replace:
    return Response(
        {"detail": "replace=false is not supported for bulk upsert. Use replace=true."},
        status=status.HTTP_400_BAD_REQUEST,
    )

Concern: This breaks the API contract if clients were relying on replace=false behavior. The PR description doesn't explain why this restriction is necessary.

Recommendation:

• Document in the PR description why replace=false is not supported
• Add a migration guide if this is a breaking change
• Consider if this should trigger a deprecation warning first

5. Potential Race Condition (radis/reports/api/viewsets.py:119-120, 167-176)

Issue: Between reading existing reports and bulk updating, data could change.

existing_reports = Report.objects.filter(document_id__in=document_ids)
# ... later ...
with transaction.atomic():
    if updated_reports:
        Report.objects.bulk_update(updated_reports, ...)

Problem: If another process modifies a report between line 119 and the transaction, those changes will be silently overwritten.

Mitigation: While this is inherent to the bulk upsert pattern, consider:

• Adding updated_at optimistic locking checks
• Documenting this behavior as "last write wins"
• Using select_for_update() if absolute consistency is required (though this would hurt performance)

6. Indexing - Missing Error Handling (radis/pgsearch/tasks.py:19-30)

Issue: enqueue_bulk_index_reports() returns None on error but caller doesn't check.

def enqueue_bulk_index_reports(report_ids: list[int]) -> int | None:
    # ...
    except (TypeError, ValueError) as exc:
        logger.error("Invalid report_id in bulk index request: %s", exc)
        return None

Problem: The caller in viewsets.py doesn't check if the task was successfully enqueued.

Recommendation: Consider raising an exception or at least adding a warning at the call site if None is returned.

7. Configuration - Docker Compose (docker-compose.prod.yml:79)

Minor: The CA bundle configuration is good, but the fallback might not work as expected.

- ${RADIS_LLM_CA_BUNDLE:-/etc/ssl/certs/ca-certificates.crt}:/etc/ssl/certs/radis-ca-bundle.pem:ro

Issue: If RADIS_LLM_CA_BUNDLE is not set, it will try to mount the host's CA bundle, which may not exist on all systems.

Recommendation: Document this requirement or provide a more robust default.

🧪 Test Coverage Gaps

Missing Test Cases:

1. Group permission enforcement: No test verifying non-superusers can't assign reports to groups they're not members of
2. Large batch handling: No test for batches larger than BULK_DB_BATCH_SIZE (1000)
3. Concurrent updates: No test for race conditions during bulk upsert
4. Background indexing: No test verifying the async path with PGSEARCH_SYNC_INDEXING=False
5. Error limit truncation: No test for the 50-error limit behavior
6. Timeout parameter: The client timeout parameter is untested
7. Mixed create/update operations: Current tests are mostly create-only or update-only

Suggested Additional Tests:

@pytest.mark.django_db
def test_bulk_upsert_respects_user_group_permissions(client):
    """Verify non-superusers can only assign their own groups"""
    
@pytest.mark.django_db  
def test_bulk_upsert_handles_large_batches(client):
    """Test with 5000+ reports to verify chunking works"""

@pytest.mark.django_db
def test_bulk_index_enqueued_asynchronously(client, settings):
    """Verify background indexing is enqueued when sync=False"""

🎯 Performance Considerations

Positive:

• Efficient bulk operations with configurable batch sizes
• On-commit hooks prevent blocking the transaction
• Optional async indexing for better response times
• Proper use of select_related() and only() in indexing code

Watch Out For:

• Memory usage with very large payloads (all reports loaded into memory)
• The deduplication creates temporary dictionaries that could be large
• Refetching reports in on_commit callbacks (mentioned above)

🔐 Security Assessment

Good:

• Group access control restricts non-superusers to their own groups
• Input validation via serializers
• SQL injection protection via parameterized queries
• Transaction isolation prevents partial updates

Concerns:

• Group queryset filtering issue (mentioned in add hybrid search feature #1)
• No rate limiting on bulk endpoint (could be DoS vector)
• No payload size limit documented (could exhaust memory)

Recommendation: Consider adding:

MAX_BULK_UPSERT_SIZE = 10000  # in settings
if len(request.data) > MAX_BULK_UPSERT_SIZE:
    return Response({"detail": "Bulk upload too large"}, status=413)

📝 Documentation

What's Good:

• PR description clearly explains the changes
• Code comments explain complex logic (deduplication warnings)
• Example env includes new CA bundle option

What's Missing:

• API documentation for the new replace parameter requirement
• Migration guide for breaking changes
• Performance tuning guide for the new settings
• Explanation of why sync vs async indexing should be chosen

✨ Minor Suggestions

1. Consistency: radis/pgsearch/utils/language_utils.py:23 changes log level from warning to error with exc_info=True. Ensure this aligns with monitoring strategy.

2. Type Safety: radis/reports/api/viewsets.py:75-82 - The _dedupe_groups() function uses getattr(group, "pk", group) which assumes group is either a model instance or an int. Consider more explicit type checking.

3. Magic Numbers: max_errors = 50 should be a setting or class constant for easier configuration.

4. Empty File: radis/reports/tests/__init__.py is empty - consider adding a docstring or removing if not needed for Python package structure.

🎉 Conclusion

This is a solid implementation with good architecture and reasonable test coverage. The main concerns are:

1. Security: Group queryset filtering needs refinement
2. Performance: Consider avoiding unnecessary re-queries
3. Breaking Change: Document the replace=true requirement
4. Test Coverage: Add tests for permission boundaries and large batches

Recommendation: Approve with minor revisions. The issues identified are not blockers but should be addressed before merge.

Priority Fixes:

• 🔴 High: Fix group queryset filtering (add hybrid search feature #1)
• 🟡 Medium: Document breaking change for replace parameter (Adit radis shared subrepo #4)
• 🟡 Medium: Add test for group permission enforcement
• 🟢 Low: Add total_errors to response (Uncomment llama.cpp server #3)

Great work on implementing a complex feature with proper transaction handling and background processing! 🚀