codeant-ai-for-open-source[bot] commented on code in PR #40359: URL: https://github.com/apache/superset/pull/40359#discussion_r3326676631
########## superset/mcp_service/report/tool/update_report.py: ########## @@ -0,0 +1,158 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +import logging +from typing import Any + +from fastmcp import Context +from superset_core.mcp.decorators import tool, ToolAnnotations + +from superset.extensions import event_logger +from superset.mcp_service.report.schemas import ( + UpdateReportRequest, + UpdateReportResponse, +) + +logger = logging.getLogger(__name__) + + +@tool( + tags=["mutate"], + class_permission_name="ReportSchedule", + method_permission_name="write", + annotations=ToolAnnotations( + title="Update a scheduled report or alert", + readOnlyHint=False, + destructiveHint=True, + ), +) +async def update_report( + request: UpdateReportRequest, ctx: Context +) -> UpdateReportResponse: + """Update an existing scheduled report or alert in Superset. + + Use this tool when the user wants to: + - Change the name, schedule, or recipients of an existing report or alert + - Enable or disable a schedule without deleting it + - Update the SQL condition or database for an existing alert + + Only fields explicitly provided in the request are changed; + all omitted fields retain their current values. + + Workflow: + 1. Get the report id from a previous create_report call or from the Superset UI + 2. Call this tool with the id and only the fields to change + 3. The returned id confirms which schedule was updated + """ + await ctx.info("Updating report schedule: id=%s" % (request.id,)) + + try: + # Deferred to avoid circular imports with the @tool decorator initialization + from superset.commands.report.exceptions import ( + ReportScheduleInvalidError, + ReportScheduleNotFoundError, + ReportScheduleUpdateFailedError, + ) + from superset.commands.report.update import UpdateReportScheduleCommand + from superset.mcp_service.utils.url_utils import get_superset_base_url + from superset.reports.models import ( + ReportRecipientType, + ReportScheduleType, + ) + + recipient_type_map = { + "Email": ReportRecipientType.EMAIL, + "Slack": ReportRecipientType.SLACK, + "SlackV2": ReportRecipientType.SLACKV2, + "Webhook": ReportRecipientType.WEBHOOK, + } + + recipients = None + if request.recipients is not None: + recipients = [ + { + "type": recipient_type_map[r.type], + "recipient_config_json": {"target": r.target}, + } + for r in request.recipients + ] + + all_props: dict[str, Any] = { + "name": request.name, + "crontab": request.crontab, + "active": request.active, + "description": request.description, + "timezone": request.timezone, + "dashboard": request.dashboard_id, + "chart": request.chart_id, + "database": request.database_id, + "sql": request.sql, + } + if request.type is not None: + all_props["type"] = ( + ReportScheduleType.ALERT + if request.type == "Alert" + else ReportScheduleType.REPORT + ) + if recipients is not None: + all_props["recipients"] = recipients + properties = {k: v for k, v in all_props.items() if v is not None} Review Comment: **Suggestion:** The update payload drops every field whose value is `None`, which makes it impossible to intentionally clear nullable fields (for example `database_id=None` when changing an Alert to a Report). This breaks the stated partial-update contract because explicit nulls are treated the same as omitted fields; use `request.model_fields_set` (or equivalent) to include fields that were explicitly provided even when their value is null. [api mismatch] <details> <summary><b>Severity Level:</b> Critical 🚨</summary> ```mdx - ❌ MCP update_report cannot convert Alerts into Reports. - ❌ MCP update_report cannot clear nullable schedule fields. - ⚠️ MCP update semantics diverge from REST ReportSchedulePutSchema. ``` </details> <details> <summary><b>Steps of Reproduction ✅ </b></summary> ```mdx 1. Create an Alert-type report schedule with a non-null database via existing APIs (e.g. REST `ReportSchedulePostSchema`/`ReportScheduleDAO.create` or the MCP `create_report` tool), resulting in a `ReportSchedule` row with `type=ReportScheduleType.ALERT` and `database_id` not null (`superset/reports/models.py:150-152`). 2. Call the MCP `update_report` tool (`superset/mcp_service/report/tool/update_report.py:43-60`) with a JSON payload that includes the schedule `id`, sets `"type": "Report"`, and explicitly sets `"database_id": null` so the caller attempts to convert the Alert into a Report and clear the database. 3. Inside `update_report`, the request is parsed into `UpdateReportRequest` (`superset/mcp_service/report/schemas.py:198-255`), `all_props` is built with `"database": request.database_id` (`superset/mcp_service/report/tool/update_report.py:94-104`), and then `properties = {k: v for k, v in all_props.items() if v is not None}` at line 113 drops the `"database"` key entirely because its value is `None`, even though it was explicitly provided. 4. `UpdateReportScheduleCommand` is invoked with this filtered `properties` dict (`superset/commands/report/update.py:55-62`); in `validate()`, `report_type` is set to `ReportScheduleType.REPORT` from `self._properties["type"]` while `has_database` is computed from the existing model because `"database"` is missing (`superset/commands/report/update.py:79-86,131-139`), causing `ReportScheduleDatabaseNotAllowedValidationError` when `report_type == REPORT and has_database` and raising `ReportScheduleInvalidError` instead of clearing the database. The MCP tool catches this and returns an error response (`superset/mcp_service/report/tool/update_report.py:140-146`), so the caller cannot perform the intended clear; similarly, any other nullable field (e.g. `description`, `dashboard_id`, `chart_id`, `sql`) cannot be cleared because explicit `null` is indistinguishable from omission at line 113. ``` </details> [Fix in Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=0ca699bf513843068b1dbc2834a6cf02&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) | [Fix in VSCode Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=0ca699bf513843068b1dbc2834a6cf02&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset) *(Use Cmd/Ctrl + Click for best experience)* <details> <summary><b>Prompt for AI Agent 🤖 </b></summary> ```mdx This is a comment left during a code review. **Path:** superset/mcp_service/report/tool/update_report.py **Line:** 113:113 **Comment:** *Api Mismatch: The update payload drops every field whose value is `None`, which makes it impossible to intentionally clear nullable fields (for example `database_id=None` when changing an Alert to a Report). This breaks the stated partial-update contract because explicit nulls are treated the same as omitted fields; use `request.model_fields_set` (or equivalent) to include fields that were explicitly provided even when their value is null. Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise. Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix ``` </details> <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40359&comment_hash=75f32727abdaf36ca7a52174a81b68c2c44a6284b3913c4bea58bd26db8b864a&reaction=like'>👍</a> | <a href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40359&comment_hash=75f32727abdaf36ca7a52174a81b68c2c44a6284b3913c4bea58bd26db8b864a&reaction=dislike'>👎</a> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
