Fix: Fix revision commit endpoints silently discard unknown fields in…

[justin212407]

Summary

What changed:
Set model_config = ConfigDict(extra="forbid") on WorkflowRevisionData in both:

• sdks/python/agenta/sdk/models/workflows.py (SDK mirror)
• api/oss/src/core/workflows/dtos.py (server-side wrapper)

This causes Pydantic to reject unknown fields in the data payload during revision commit, returning HTTP 422 with a validation error naming the offending field.

Why:
Fixes issue #4315: revision commit endpoints (POST /{applications,workflows,evaluators}/revisions/commit) silently discarded unknown top-level fields inside data (e.g., the legacy ag_config wrapper), while still returning HTTP 200 with count: 1, creating a false sense of success. Users had no signal that their data was lost.

What problem it solves:

• Prevents silent data loss: callers now get immediate feedback (422) if they POST with a stale envelope
• Maintains consistency: all five domains sharing WorkflowRevisionData (applications, workflows, evaluators, testsets, queries) now reject unknown fields uniformly
• Enables graceful client migration: SDKs and tools can detect the 422 and update their payloads

Testing

Verified locally

• Confirmed WorkflowRevisionData with extra="forbid" rejects stale payloads:

  {
    "data": {
      "ag_config": {
        "prompt": { "messages": [{"role": "system", "content": "hi"}] }
      }
    }
  }

  Returns HTTP 422 with ag_config named in the validation error.
• Confirmed valid payloads with data.parameters continue to work (HTTP 200, count: 1).

Added or updated tests

Added regression test test_commit_application_revision_rejects_unknown_data_field in api/oss/tests/pytest/acceptance/applications/test_application_variants_and_revisions.py:

• POSTs stale shape with ag_config to /applications/revisions/commit
• Asserts HTTP 422 response
• Asserts ag_config appears in the error detail

This covers applications; workflows and evaluators inherit the same DTO and will behave identically. Testsets and queries have their own RevisionData DTOs and would require separate test additions (out of scope for this PR per issue guidance).

Demo

Before:

After:

Checklist

• No UI changes (N/A for demo)
• Relevant tests pass locally (ready to verify)
• Relevant linting and formatting pass locally (ready to verify)
• I have signed the CLA

---

Related issues

• Revisions commit endpoints silently discard unknown fields in data #4315 — Revisions commit endpoints silently discard unknown fields in data
• Tracing: query↔ingest schema asymmetry on ag.metrics.duration.cumulative #4172 — Tracing: query↔ingest schema asymmetry on ag.metrics.duration.cumulative
• Tracing ingest: per-span validation errors drop the whole batch instead of landing in unsupported #4173 — Tracing ingest: per-span validation errors drop the whole batch instead of landing in unsupported
• POST /testsets/revisions/{id}/upload silently fails when testset_id is not set on the commit #4176 — POST /testsets/revisions/{id}/upload silently fails when testset_id is not set on the commit

Files Changed

• sdks/python/agenta/sdk/models/workflows.py — Added model_config = ConfigDict(extra="forbid") to WorkflowRevisionData
• api/oss/src/core/workflows/dtos.py — Wrapped SDK WorkflowRevisionData with explicit ConfigDict(extra="forbid")
• api/oss/tests/pytest/acceptance/applications/test_application_variants_and_revisions.py — Added regression test for unknown field rejection

[vercel]

@justin212407 is attempting to deploy a commit to the agenta projects Team on Vercel.

A member of the Team first needs to authorize it.

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR enforces strict validation on WorkflowRevisionData by adding Pydantic model configuration to reject extra/unknown fields in both the SDK and API layers, with acceptance test coverage verifying the rejection behavior.

Changes

Strict validation enforcement

Layer / File(s)	Summary
SDK model strict validation contract sdks/python/agenta/sdk/models/workflows.py	WorkflowRevisionData model gains model_config = ConfigDict(extra="forbid") to reject unexpected fields during Pydantic validation.
API DTO enforcement and acceptance test api/oss/src/core/workflows/dtos.py, api/oss/tests/pytest/acceptance/applications/test_application_variants_and_revisions.py	API DTO layer imports ConfigDict and defines a local WorkflowRevisionData subclass that enforces the same strict validation; a new acceptance test verifies the API returns HTTP 422 when unknown data fields are submitted to the commit endpoint.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• Revisions commit endpoints silently discard unknown fields in data #4315: This PR implements the strict validation fix for WorkflowRevisionData.model_config that the issue proposes to prevent silent discarding of unknown data fields.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 60.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: preventing silent data loss in revision commit endpoints by rejecting unknown fields.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The PR description clearly explains the changes: adding model_config = ConfigDict(extra="forbid") to WorkflowRevisionData to prevent silent data loss when unknown fields are submitted to revision commit endpoints.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR tightens validation for workflow revision data payloads so unknown fields are rejected instead of silently discarded during commit operations.

Changes:

• Adds extra="forbid" to SDK WorkflowRevisionData.
• Adds a server-side strict WorkflowRevisionData wrapper.
• Adds an application revision regression test for stale ag_config payloads returning 422.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
sdks/python/agenta/sdk/models/workflows.py	Makes SDK workflow revision data reject unknown fields.
api/oss/src/core/workflows/dtos.py	Makes server workflow revision data reject unknown fields.
api/oss/tests/pytest/acceptance/applications/test_application_variants_and_revisions.py	Adds an acceptance test for application revision commit validation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.