AgentKit, a starter kit for developing constrained agent applications using Next.js and FastAPI, is currently grappling with significant open issues related to security and functionality while maintaining a steady focus on dependency updates.
In the last 30 days, the project has seen a mix of activity, including ongoing discussions about improving chat history handling and addressing security risks associated with SQL queries in public-facing applications. The development team has actively managed dependencies, with notable contributions from both core team members and Dependabot, indicating a commitment to maintaining project health.
Recent issues highlight critical areas needing attention:
Summary
Quantified Reports
Detailed Reportsmax_token_limit and improved logging.The open pull requests reflect ongoing efforts to enhance functionality and security:
aiohttp library for performance improvements.The project shows a strong emphasis on dependency management, with several contributors focusing on keeping libraries up-to-date. However, there is limited collaboration beyond these maintenance tasks, which may hinder broader feature development. The presence of high-priority issues indicates that while the team is committed to stability through dependency updates, they must also address critical functionality and security challenges promptly.
| Timespan | Opened | Closed | Comments | Labeled | Milestones |
|---|---|---|---|---|---|
| 7 Days | 1 | 0 | 0 | 1 | 1 |
| 30 Days | 1 | 0 | 0 | 1 | 1 |
| 90 Days | 2 | 3 | 0 | 2 | 1 |
| All Time | 9 | 6 | - | - | - |
Like all software activity quantification, these numbers are imperfect but sometimes useful. Comments, Labels, and Milestones refer to those issues opened in the timespan in question.
| Developer | Avatar | Branches | PRs | Commits | Files | Changes |
|---|---|---|---|---|---|---|
| Tanmay Gupta |  |
1 | 0/0/0 | 10 | 6 | 1299 |
| dependabot[bot] |  |
5 | 6/5/1 | 6 | 3 | 319 |
| Hamza Ait Baali |  |
1 | 0/0/0 | 2 | 1 | 4 |
| Casper van Langen |  |
1 | 0/0/0 | 1 | 1 | 1 |
| Gage Anderson (GageWAnderson) | 0 | 1/0/0 | 0 | 0 | 0 | |
| Hamza Ait Baali |  |
0 | 0/0/0 | 0 | 0 | 0 |
PRs: created by that dev and opened/merged/closed-unmerged during the period
The recent GitHub issue activity for the AgentKit project shows a mix of ongoing discussions and critical updates, with three open issues currently being tracked. Notably, there is a strong emphasis on improving functionality and addressing security concerns, particularly around SQL query execution in public-facing applications. The presence of multiple issues related to Docker and memory management indicates potential challenges in deployment that could affect user experience.
A recurring theme among the issues is the need for updates and improvements to existing functionalities, such as handling chat history and adapting to deprecations in the LangChain library. The urgency of these issues suggests that the project may be at a pivotal point where timely resolutions are necessary to maintain developer engagement and ensure smooth operation.
Issue #64: Improve chat history handling
max_token_limit from 4k to 20k and adding logging for when limits are exceeded.Issue #56: Warning: Beware of the risks of running SQL queries from frontend in public-facing apps, especially with LLMs
Issue #45: Update calls of arun to ainvoke for langchain chat models
Issue #46: Docker compose doesn't go up
Issue #29: Missing library when running tests
greenlet) that caused test suite failures after fresh installation.Issue #26: FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory
These details reflect ongoing challenges within the project, particularly concerning deployment and security practices, which are critical for maintaining user trust and operational stability.
The dataset includes a comprehensive list of pull requests (PRs) from the BCG-X-Official/agentkit repository, detailing both open and closed PRs. The analysis highlights significant contributions to the project, including dependency updates, feature enhancements, and security improvements.
PR #63: chore(deps): bump aiohttp from 3.9.3 to 3.10.2 in /backend/app
Created 7 days ago, this PR updates the aiohttp library to address several bug fixes and performance improvements.
PR #44: Feat: Extend available LLMs
Created 135 days ago, this PR adds support for Anthropic's Claude models in llm.py, enhancing the library's capabilities.
PR #62: Feature/Add Ollama Support
Created 23 days ago, this PR introduces support for models hosted on an Ollama server, expanding the project's flexibility.
PR #59: chore(deps): bump urllib3 from 2.1.0 to 2.2.2 in /backend/app
Created 26 days ago, this PR updates urllib3 to enhance security and performance.
PR #58: chore(deps): bump certifi from 2023.11.17 to 2024.7.4 in /backend/app
Created 26 days ago, this PR updates the certifi package for improved SSL certificate handling.
PR #57: chore(deps): bump setuptools from 67.8.0 to 70.0.0 in /backend/app
Created 26 days ago, this PR updates setuptools to include new features and bug fixes.
PR #52: chore(deps): bump requests from 2.31.0 to 2.32.0 in /backend/app
Created 87 days ago, this PR addresses security vulnerabilities and improves functionality.
PR #50: chore(deps): bump tqdm from 4.66.1 to 4.66.3 in /backend/app
Created 105 days ago, this PR updates tqdm for better progress tracking in applications.
PR #47: chore(deps): bump idna from 3.6 to 3.7 in /backend/app
Created 127 days ago, this PR addresses performance issues related to input processing.
PR #43: Feature/external libload
Created 142 days ago, this PR enhances tool loading methods for better reusability and flexibility.
PR #48: chore(deps): bump aiohttp from 3.9.3 to 3.9.4 in /backend/app
Closed due to being superseded by PR #63.
PR #61: chore(deps): bump braces from 3.0.2 to 3.0.3 in /frontend
Merged successfully with minor changes.
PR #60: chore(deps-dev): bump ws from 7.5.9 to 7.5.10 in /frontend
Merged successfully with a focus on security improvements.
PR #55: Extra SQL tool filters
Merged successfully; introduces additional safety filters for SQL queries.
PR #54: Remove SQL Tool from template agent config
Merged successfully; addresses potential security risks associated with SQL tools.
6-38: Various other closed PRs focused on documentation updates, dependency upgrades, and minor fixes that contributed to overall project maintenance and enhancement.
The pull requests submitted to the BCG-X-Official/agentkit repository reveal several key themes and trends that are critical for understanding the ongoing development of the project:
A significant number of open and closed pull requests focus on updating dependencies such as aiohttp, urllib3, requests, and others (e.g., PRs #63, #59, #58). This indicates a proactive approach towards maintaining up-to-date libraries that not only enhance functionality but also address security vulnerabilities (e.g., CVE-2024-21503 noted in the update for Black). Regular dependency updates are crucial for ensuring that the application remains secure against known vulnerabilities while also benefiting from performance improvements introduced in newer versions.
Several pull requests (e.g., PRs #44 and #62) introduce new features aimed at extending the capabilities of AgentKit by integrating additional language models such as Claude and Ollama support for self-hosted models or smaller language models (e.g., local deployment). This reflects a strategic direction towards enhancing user flexibility and accommodating diverse use cases within the agent application ecosystem.
The removal of SQL tools from template configurations (PR #54) highlights a critical focus on security practices within the development team, particularly concerning potential SQL injection risks when deploying LLMs (Large Language Models). Additionally, the introduction of extra SQL filters (PR #55) demonstrates an effort to enforce stricter validation rules around user inputs—an essential practice when dealing with potentially unsafe data sources.
Multiple pull requests aim at improving documentation (e.g., PRs #40, #24), which is vital for user onboarding and community engagement with the project—especially given its complexity as a starter kit for building constrained agent applications using various technologies like FastAPI and Next.js.
The presence of numerous contributors actively participating through pull requests indicates a healthy level of community engagement around AgentKit, which is beneficial for fostering innovation and rapid iteration on features based on user feedback or emerging needs within the developer community.
Overall, the analysis of pull requests reveals a dynamic development environment focused on maintaining high standards of security, enhancing functionality through new features, and ensuring robust documentation practices—all essential components for building a reliable and scalable agent application framework like AgentKit.
Hamza Ait Baali (harticode)
jose, braces, ws, and follow-redirects. Dependabot[bot]
aiohttp, urllib3, certifi, and setuptools.Tanmay Gupta (tanmaygupta9)
Casper van Langen (drivian)
Jakob Heyder (kaikun213)
GageWAnderson
The development team is actively maintaining the AgentKit project with a strong focus on dependency management and code quality improvements. While there are notable contributions towards feature development, collaboration appears limited at this time. The team's efforts suggest a solid foundation for future enhancements while ensuring current stability.