fix: [Gap] OpenAI/OpenResponses Gateway shape: discovery/health unified app; /v1/chat only on optional RA

[MervinPraison]

Fixes #1327

Auto-opened from claude/issue-1327-20260409-1106.

Summary by CodeRabbit

• New Features

  • Added an OpenAI-compatible server command with configurable host, port, agents URL, API key, and optional reload.
  • Exposed OpenAI-style endpoints: POST /v1/chat/completions, POST /v1/completions, POST /v1/tools/invoke, and GET /v1/models.
  • Implemented streaming chat responses using SSE and OpenAI-style [DONE] signaling.
  • Added provider discovery/health reporting and OpenAI-shaped error payloads.

• Tests

  • Added a compatibility test suite validating chat (streaming + non-streaming), models, legacy completions, and tool invocation.

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 46108360-851e-45df-93f6-dbdff1f6a1d3

📥 Commits

Reviewing files that changed from the base of the PR and between 113357c and afa00d0.

📒 Files selected for processing (1)

• src/praisonai/praisonai/endpoints/providers/openai_compat.py

🚧 Files skipped from review as they are similar to previous changes (1)

• src/praisonai/praisonai/endpoints/providers/openai_compat.py

---

📝 Walkthrough

Walkthrough

A new praisonai serve openai CLI command is introduced, backed by a new OpenAICompatProvider class that wraps PraisonAI capabilities behind OpenAI-compatible HTTP endpoints: /v1/chat/completions (with SSE streaming), /v1/completions, /v1/models, and /v1/tools/invoke. The provider is lazily exported from the providers package. A standalone compatibility test script validates all endpoints.

Changes

OpenAI API Compatibility Layer

Layer / File(s)	Summary
OpenAICompatProvider class, metadata, and export wiring src/praisonai/praisonai/endpoints/providers/openai_compat.py, src/praisonai/praisonai/endpoints/providers/__init__.py	Defines OpenAICompatProvider as a BaseProvider subclass with provider_type = "openai-compat", wires agent_provider, implements get_provider_info, list_endpoints, describe_endpoint, invoke, invoke_stream, and health; adds lazy-import entry in __init__.py.
Request handlers and response formatters src/praisonai/praisonai/endpoints/providers/openai_compat.py	Adds _handle_chat_completions, _handle_completions, _handle_models, _handle_tools_invoke, _format_chat_completion_response, and _format_completion_response — translating OpenAI-shaped inputs into PraisonAI capability calls and mapping results to OpenAI response dicts with error InvokeResult wrapping.
SSE streaming simulation src/praisonai/praisonai/endpoints/providers/openai_compat.py	Adds _stream_chat_completions which calls the non-streaming handler, then re-emits the result as tool-call chunks, character-by-character content chunks, a finish chunk, and [DONE]; yields an "error" event on exceptions.
serve openai CLI command src/praisonai/praisonai/cli/commands/serve.py	Adds serve_openai Typer sub-command with --host, --port, --agents-url, --api-key, --reload; constructs and registers both providers; mounts FastAPI routes for all four /v1/ paths with streaming and HTTP 400 error handling; updates help text and documentation with the new openai server type; handles ImportError (exit 4) and generic exceptions (exit 1).
Compatibility test suite test_openai_compatibility.py	Adds tests for non-streaming chat, streaming chat, model listing, legacy text completion, and tools invocation using the OpenAI Python client and requests; sequential runner with pass/fail summary and __main__ exit-code handling.

Sequence Diagram(s)

sequenceDiagram
    participant Client as OpenAI SDK / requests
    participant FastAPI as FastAPI (serve openai)
    participant OAP as OpenAICompatProvider
    participant AgP as AgentsAPIProvider

    Client->>FastAPI: POST /v1/chat/completions {stream: true}
    FastAPI->>OAP: invoke_stream("chat_completions", input_data)
    OAP->>OAP: _handle_chat_completions(input_data)
    OAP->>AgP: chat_completion(messages, model, ...)
    AgP-->>OAP: result
    OAP-->>FastAPI: yield tool-call chunks
    OAP-->>FastAPI: yield content chunks (char-by-char)
    OAP-->>FastAPI: yield finish chunk + [DONE]
    FastAPI-->>Client: text/event-stream SSE response

    Client->>FastAPI: POST /v1/chat/completions {stream: false}
    FastAPI->>OAP: invoke("chat_completions", input_data)
    OAP->>AgP: chat_completion(messages, model, ...)
    AgP-->>OAP: InvokeResult(ok=True/False)
    OAP-->>FastAPI: InvokeResult
    FastAPI-->>Client: JSON response (200 or HTTP 400 on error)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Suggested labels

Review effort 4/5, Possible security concern

Poem

🐇 Hop, hop, a new path appears,
Where OpenAI clients can find their peers.
/v1/chat now streams with flair,
Tool calls and completions fill the air.
PraisonAI speaks the SDK's tongue —
A compatibility bridge freshly sprung! 🌉

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title is partially related to the changeset. It mentions 'OpenAI/OpenResponses Gateway shape' and 'discovery/health unified app', but the actual changes focus on implementing an OpenAI-compatible FastAPI server (serve_openai) with strict API compliance fixes, not fixing discovery/health on the unified app itself.	The title should clarify that this PR implements a new 'serve openai' command with API compliance fixes (removing embeddings, adding initial role chunk, removing tool_calls: null), not modifying the unified app's discovery/health routes.
Out of Scope Changes check	⚠️ Warning	The PR introduces a completely new 'serve openai' CLI command (serve.py), a new OpenAI compatibility provider (openai_compat.py), lazy-loaded exports (init.py), and test suite (test_openai_compatibility.py). While these implement OpenAI compatibility, they go beyond the issue's core requirement of establishing a single discoverable OpenAI-compatible gateway matching OpenClaw's shape.	Verify whether these new files/modules are necessary for the facade approach or if OpenAI compatibility should be composed directly into the unified app to meet issue #1327's stated requirement for a default unified gateway contract.
Linked Issues check	❓ Inconclusive	The PR implements an OpenAI-compatible HTTP API layer via a new 'serve openai' command with chat/completions, completions, tools/invoke, and models endpoints, partially addressing issue #1327's gap of fragmented OpenAI functionality. However, it does not fully resolve the issue's core concern of integrating OpenAI routes into the unified app or providing a documented architecture decision matrix.	Clarify whether this new 'serve openai' command is intended as the facade solution referenced in issue #1327's engineering direction #2, or if the unified app's discovery/health routes should also be updated to support OpenAI paths as the issue's title implies.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/issue-1327-20260409-1106

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[gemini-code-assist]

Code Review

This pull request introduces an OpenAI API compatibility layer to PraisonAI, adding a new serve openai CLI command, an OpenAICompatProvider supporting standard OpenAI endpoints, and a test suite. The review identified several critical issues: importing non-existent functions from server.py that will crash the server on startup, a bug in streaming chat completions that causes an AttributeError, and hardcoded URLs for the agents provider that will cause tool invocation to fail. Additionally, the reviewer recommended avoiding real LLM calls in the health check, adding defensive guards for potentially None input data, and using safer dictionary access to prevent runtime exceptions.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

The functions create_server and register_provider do not exist in src/praisonai/praisonai/endpoints/server.py. Attempting to import them will raise an ImportError immediately on startup, crashing the server. Use create_unified_app, register_provider_to_discovery, and register_endpoint_to_discovery instead.

Suggested change

	from praisonai.endpoints.providers import OpenAICompatProvider, AgentsAPIProvider
	from praisonai.endpoints.server import create_server, register_provider
	from praisonai.endpoints.providers import OpenAICompatProvider, AgentsAPIProvider
	from praisonai.endpoints.server import create_unified_app, register_provider_to_discovery, register_endpoint_to_discovery

[gemini-code-assist]

Use the correct server creation and provider/endpoint registration functions from server.py to ensure the discovery document is properly populated and the server starts successfully.

Suggested change

	app = create_server(title="PraisonAI OpenAI API", version="1.0.0")
	register_provider(app, openai_provider, prefix="/v1")
	app = create_unified_app(server_name="PraisonAI OpenAI API")
	register_provider_to_discovery(app, openai_provider.get_provider_info())
	for endpoint in openai_provider.list_endpoints():
	register_endpoint_to_discovery(app, endpoint)

[gemini-code-assist]

When stream=True, calling openai_provider.invoke first will delegate to chat_completion(..., stream=True), which crashes with an AttributeError because it tries to access .choices on the returned generator. This causes streaming requests to always fail with a 400 error. Additionally, calling invoke and then invoke_stream would perform the LLM call twice. The streaming response should also use the standard text/event-stream media type.

        @app.post("/v1/chat/completions")
        async def chat_completions(request: Request):
            body = await request.json()
            
            if body.get("stream", False):
                def generate():
                    for chunk in openai_provider.invoke_stream("chat_completions", body):
                        if chunk["event"] == "data":
                            yield f"data: {json.dumps(chunk['data'])}\n\n"
                        elif chunk["event"] == "done":
                            yield "data: [DONE]\n\n"
                return StreamingResponse(generate(), media_type="text/event-stream")
            
            result = openai_provider.invoke("chat_completions", body, stream=False)
            if not result.ok:
                return Response(
                    content=json.dumps({"error": {"message": result.error, "type": "api_error"}}),
                    status_code=400,
                    media_type="application/json"
                )
            
            return result.data

[gemini-code-assist]

Add an --agents-url option to allow users to specify the URL of their running Agents API server. Hardcoding it to the same host and port as the OpenAI server will cause tool invocation to fail with a 404, as the agents API endpoints are not registered on this server.

def serve_openai( 
    host: str = typer.Option("127.0.0.1", "--host", "-h", help="Host to bind to"),
    port: int = typer.Option(8765, "--port", "-p", help="Port to bind to"),
    agents_url: str = typer.Option("http://127.0.0.1:8000", "--agents-url", help="URL of the running Agents API server"),
    api_key: Optional[str] = typer.Option(None, "--api-key", help="API key for authentication"),
    reload: bool = typer.Option(False, "--reload", help="Enable auto-reload"),
):

[gemini-code-assist]

Configure the AgentsAPIProvider with the configured agents_url instead of the OpenAI server's own host and port.

Suggested change

	agents_provider = AgentsAPIProvider(base_url=f"http://{host}:{port}")
	openai_provider = OpenAICompatProvider(
	base_url=f"http://{host}:{port}",
	api_key=api_key,
	agent_provider=agents_provider
	)
	agents_provider = AgentsAPIProvider(base_url=agents_url)
	openai_provider = OpenAICompatProvider(
	base_url=f"http://{host}:{port}",
	api_key=api_key,
	agent_provider=agents_provider
	)

[gemini-code-assist]

The health check should not make a real external LLM API call (chat_completion). This is slow, consumes API tokens, risks hitting rate limits, and will mark the entire service as unhealthy if the external provider is down. Instead, verify that the dependencies can be imported successfully.

    def health(self) -> HealthResult:
        """Check OpenAI compatibility layer health."""
        try:
            # Verify that the required capabilities can be imported
            from praisonai.capabilities.completions import chat_completion
            
            return HealthResult(
                healthy=True,
                status="healthy",
                server_name="PraisonAI OpenAI Compatibility Layer",
                server_version="1.0.0",
                provider_type=self.provider_type,
                metadata={
                    "endpoints": ["chat/completions", "completions", "models", "tools/invoke"],
                },
            )
            
        except Exception as e:
            return HealthResult(
                healthy=False,
                status="unhealthy",
                server_name="PraisonAI OpenAI Compatibility Layer",
                provider_type=self.provider_type,
                metadata={"error": str(e)},
            )

[gemini-code-assist]

input_data can be None if no payload is provided. Adding a defensive input_data = input_data or {} guard prevents potential AttributeError exceptions.

Suggested change

	def _handle_chat_completions(self, input_data: Dict[str, Any], stream: bool = False) -> InvokeResult:
	"""Handle /v1/chat/completions endpoint."""
	from praisonai.capabilities.completions import chat_completion
	try:
	# Extract OpenAI-format request
	messages = input_data.get("messages", [])
	def _handle_chat_completions(self, input_data: Optional[Dict[str, Any]], stream: bool = False) -> InvokeResult:
	"""Handle /v1/chat/completions endpoint."""
	from praisonai.capabilities.completions import chat_completion
	try:
	input_data = input_data or {}
	# Extract OpenAI-format request
	messages = input_data.get("messages", [])

[gemini-code-assist]

input_data can be None if no payload is provided. Adding a defensive input_data = input_data or {} guard prevents potential AttributeError exceptions.

Suggested change

	def _handle_completions(self, input_data: Dict[str, Any]) -> InvokeResult:
	"""Handle /v1/completions endpoint."""
	from praisonai.capabilities.completions import text_completion
	try:
	prompt = input_data.get("prompt", "")
	def _handle_completions(self, input_data: Optional[Dict[str, Any]]) -> InvokeResult:
	"""Handle /v1/completions endpoint."""
	from praisonai.capabilities.completions import text_completion
	try:
	input_data = input_data or {}
	prompt = input_data.get("prompt", "")

[gemini-code-assist]

input_data can be None if no payload is provided. Adding a defensive input_data = input_data or {} guard prevents potential AttributeError exceptions.

Suggested change

	def _handle_tools_invoke(self, input_data: Dict[str, Any]) -> InvokeResult:
	"""Handle /v1/tools/invoke endpoint (PraisonAI extension)."""
	if not self.agent_provider:
	return InvokeResult(
	ok=False,
	status="not_available",
	error="Agent provider not configured for tool invocation",
	)
	try:
	agent_name = input_data.get("agent", "default")
	tool_name = input_data.get("tool_name")
	parameters = input_data.get("parameters", {})
	def _handle_tools_invoke(self, input_data: Optional[Dict[str, Any]]) -> InvokeResult:
	"""Handle /v1/tools/invoke endpoint (PraisonAI extension)."""
	if not self.agent_provider:
	return InvokeResult(
	ok=False,
	status="not_available",
	error="Agent provider not configured for tool invocation",
	)
	try:
	input_data = input_data or {}
	agent_name = input_data.get("agent", "default")
	tool_name = input_data.get("tool_name")
	parameters = input_data.get("parameters", {})

[gemini-code-assist]

Use safer dictionary .get() accesses to prevent potential KeyError or TypeError exceptions when parsing the completion response.

Suggested change

	response = result.data
	choice = response["choices"][0] if response["choices"] else {}
	content = choice.get("message", {}).get("content", "")
	response = result.data or {}
	choices = response.get("choices", [])
	choice = choices[0] if choices else {}
	content = choice.get("message", {}).get("content", "")

[greptile-apps]

Greptile Summary

This PR introduces an OpenAI-compatible API gateway (serve openai) that wraps PraisonAI's LiteLLM-backed completions behind standard /v1/chat/completions, /v1/completions, and /v1/models endpoints. It fixes several issues from the previous iteration (imports, streaming media type, double-invoke, live health check, dropped error events).

• OpenAICompatProvider is a new BaseProvider subclass that maps OpenAI-format requests to chat_completion/text_completion capability calls and formats responses back into OpenAI schema; streaming is simulated by faking SSE from a non-streaming result, chunking content character-by-character.
• serve openai command registers the provider with the unified app, wires FastAPI routes, and starts uvicorn; the --api-key option is described as "for authentication" but the value is only forwarded to the upstream LLM, leaving the server's own endpoints unprotected.
• __init__.py adds OpenAICompatProvider to the lazy-import registry alongside the other providers.

Confidence Score: 3/5

The server starts and routes correctly, but --api-key misleads operators into thinking the endpoint is protected when it is not.

The --api-key CLI flag is documented as 'API key for authentication' and shown in examples, but the value is never checked against incoming Authorization headers — it is only passed to the upstream LLM call. An operator who deploys this server with --api-key expecting callers to be gated will expose all endpoints publicly with no warning.

src/praisonai/praisonai/cli/commands/serve.py (auth expectation vs. implementation) and src/praisonai/praisonai/endpoints/providers/openai_compat.py (streaming efficiency, invoke(stream=True) contract)

Important Files Changed

Filename	Overview
src/praisonai/praisonai/cli/commands/serve.py	Adds serve openai command wiring FastAPI routes and uvicorn; --api-key help text says 'for authentication' but the value is only forwarded to the upstream LLM, not used to guard incoming requests
src/praisonai/praisonai/endpoints/providers/openai_compat.py	New OpenAI-compat provider; health check is now import-only (not a live call); streaming is simulated by character-by-character chunking creating O(n) SSE frames; invoke(stream=True) silently returns an error
src/praisonai/praisonai/endpoints/providers/init.py	Adds OpenAICompatProvider to the lazy-import registry; straightforward, no issues
test_openai_compatibility.py	Manual integration test script for all four endpoints; requires a live server; not a unit/CI test but useful for manual validation

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant C as OpenAI Client
    participant S as serve_openai (FastAPI)
    participant P as OpenAICompatProvider
    participant L as litellm / chat_completion

    C->>S: "POST /v1/chat/completions (stream=false)"
    S->>P: "invoke("chat_completions", body, stream=False)"
    P->>L: "chat_completion(..., stream=False)"
    L-->>P: CompletionResult
    P-->>S: "InvokeResult(ok=True, data=dict)"
    S-->>C: 200 JSON response

    C->>S: "POST /v1/chat/completions (stream=true)"
    S->>P: invoke_stream("chat_completions", body)
    P->>P: _stream_chat_completions(body)
    P->>L: "_handle_chat_completions(stream=False) [blocking]"
    L-->>P: CompletionResult
    P->>P: chunk content char-by-char
    loop per character
        P-->>S: "{event: data, data: chunk}"
        S-->>C: data: json chunk SSE frame
    end
    P-->>S: "{event: done}"
    S-->>C: data: [DONE]

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant C as OpenAI Client
    participant S as serve_openai (FastAPI)
    participant P as OpenAICompatProvider
    participant L as litellm / chat_completion

    C->>S: "POST /v1/chat/completions (stream=false)"
    S->>P: "invoke("chat_completions", body, stream=False)"
    P->>L: "chat_completion(..., stream=False)"
    L-->>P: CompletionResult
    P-->>S: "InvokeResult(ok=True, data=dict)"
    S-->>C: 200 JSON response

    C->>S: "POST /v1/chat/completions (stream=true)"
    S->>P: invoke_stream("chat_completions", body)
    P->>P: _stream_chat_completions(body)
    P->>L: "_handle_chat_completions(stream=False) [blocking]"
    L-->>P: CompletionResult
    P->>P: chunk content char-by-char
    loop per character
        P-->>S: "{event: data, data: chunk}"
        S-->>C: data: json chunk SSE frame
    end
    P-->>S: "{event: done}"
    S-->>C: data: [DONE]

Loading

_{Reviews (4): Last reviewed commit: "fix: Address OpenAI compatibility layer ..." | Re-trigger Greptile}

[MervinPraison]

@copilot Do a thorough review of this PR. Read ALL existing reviewer comments above from Qodo, Coderabbit, and Gemini first — incorporate their findings.

Review areas:

1. Bloat check: Are changes minimal and focused? Any unnecessary code or scope creep?
2. Security: Any hardcoded secrets, unsafe eval/exec, missing input validation?
3. Performance: Any module-level heavy imports? Hot-path regressions?
4. Tests: Are tests included? Do they cover the changes adequately?
5. Backward compat: Any public API changes without deprecation?
6. Code quality: DRY violations, naming conventions, error handling?
7. Address reviewer feedback: If Qodo, Coderabbit, or Gemini flagged valid issues, include them in your review
8. Suggest specific improvements with code examples where possible

[MervinPraison]

@claude You are the FINAL architecture reviewer. If the branch is under MervinPraison/PraisonAI (not a fork), you are able to make modifications to this branch and push directly. SCOPE: Focus ONLY on Python packages (praisonaiagents, praisonai). Do NOT modify praisonai-rust or praisonai-ts. CodeRabbit: 1 comments | Qodo: 1 comments | Greptile: 1 comments.

Review Context: 4 total comments, 3 bot reviews.

Phase 1: Review per AGENTS.md principles (protocol-driven, backward compatible, no perf impact).
Phase 2: FIX valid issues found by prior reviewers.
Phase 3: Provide final verdict (approve or request changes).

[praisonai-triage-agent]

Claude finished @MervinPraison's task —— View job

---

✅ Architecture Review Complete

Phase 1: Architecture Review per AGENTS.md

Protocol Violations Found:

1. ❌ Heavy implementation in wrapper - OpenAI compatibility layer implements complex endpoint logic directly in wrapper (praisonai) instead of defining protocols in core SDK (praisonaiagents)
2. ⚠️ Module architecture - This is acceptable for now as it's an API compatibility layer, but future refactoring should extract protocols to core SDK

Phase 2: Fixed Critical Issues

All critical issues from reviewers have been addressed:

✅ Fixed import errors - Changed create_server → create_unified_app, register_provider → register_provider_to_discovery
✅ Fixed streaming bugs - Changed media type from text/plain → text/event-stream, removed double execution
✅ Fixed health check - Removed live LLM calls that consume tokens, now only verifies imports
✅ Added input validation - Added guards for None input data with input_data = input_data or {}
✅ Added --agents-url parameter - Allows proper routing to separate Agents API server
✅ Fixed dictionary access - Used safer .get() methods to prevent KeyError

Files Modified:

• src/praisonai/praisonai/cli/commands/serve.py - Fixed imports, streaming, and added agents-url parameter
• src/praisonai/praisonai/endpoints/providers/openai_compat.py - Fixed health check, added input validation

Phase 3: Final Verdict

APPROVE with minor recommendations

The PR now provides a functional OpenAI API compatibility layer that will work once deployed. The critical bugs that would have prevented startup and caused runtime failures have been fixed.

Recommendations for future iterations:

1. Extract provider protocols to core SDK (praisonaiagents) following protocol-driven design
2. Add integration tests that verify the server starts and endpoints work
3. Consider implementing true streaming from LLM instead of simulating it
4. Add rate limiting and authentication middleware

The changes are now safe to merge and will provide the intended OpenAI compatibility functionality.

[MervinPraison]

@claude fix

[praisonai-triage-agent]

Claude finished @MervinPraison's task —— View job

---

✅ Fixed Critical Issues in OpenAI Compatibility Layer

Todo List

• Review current state of files to see what's already fixed
• Fix remaining critical issues from reviewer feedback
• Test that imports and basic functionality work
• Commit and push fixes

Summary of Fixes Applied

Already fixed in previous commits:

• ✅ Import errors - Changed to use correct functions from server.py
• ✅ Streaming media type - Now uses text/event-stream
• ✅ Health check - No longer makes live LLM calls, only verifies imports
• ✅ Input validation - Added input_data or {} guards
• ✅ --agents-url parameter - Allows proper routing to separate Agents API server

New fixes in this commit:

• 🔧 Fixed streaming error handling - Error events from _stream_chat_completions are now properly forwarded to clients as OpenAI-formatted SSE error chunks instead of being silently dropped
• 🔧 Fixed tool_calls in streaming - Tool calls are now properly included in streamed responses instead of being lost during the character-by-character content simulation

Files Modified:

• src/praisonai/praisonai/cli/commands/serve.py - Added error event handling in the generate() function
• src/praisonai/praisonai/endpoints/providers/openai_compat.py - Enhanced streaming to include tool_calls and proper finish_reason

The OpenAI compatibility layer should now work correctly for both streaming and non-streaming requests, with proper error handling and full tool call support.

[greptile-apps]

--reload flag always raises ValueError at startup

uvicorn.run() requires the app argument to be a string import path (e.g. "module:app") whenever reload=True. Passing a FastAPI instance — as done here — causes uvicorn to raise ValueError: reload requires that 'app' is a string. That exception is caught by the broad except Exception handler and exits with code 1, printing "Failed to start OpenAI server", which makes the failure look like an infrastructure problem rather than a misconfiguration. The --reload flag is exposed in the CLI and documented in the help text, so any user who passes it will see a silent crash.

[coderabbitai]

Actionable comments posted: 8

🧹 Nitpick comments (1)

test_openai_compatibility.py (1)

192-192: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Add strict=True to zip() call for defensive programming.

While the tests and results lists are constructed in the same function and length mismatch is unlikely, adding strict=True provides extra safety and aligns with Python best practices. It will raise a ValueError if the lists have different lengths, catching potential logic errors early.

♻️ Proposed fix

-    for i, (test, result) in enumerate(zip(tests, results)):
+    for i, (test, result) in enumerate(zip(tests, results, strict=True)):
         status = "✅ PASS" if result else "❌ FAIL"
         print(f"{i+1}. {test.__name__}: {status}")

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test_openai_compatibility.py` at line 192, The zip() function call in the for
loop iterating over tests and results lacks the strict=True parameter, which
would provide defensive programming by catching length mismatches between the
lists. Modify the zip(tests, results) call to include strict=True as a parameter
so that a ValueError is raised if the tests and results lists have different
lengths, helping catch logic errors early.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/praisonai/praisonai/cli/commands/serve.py`:
- Around line 632-634: Malformed JSON in the request body can cause unhandled
exceptions that bypass provider error mapping at lines 632-634. Create a helper
function to safely parse and validate the request body JSON, catching
JSONDecodeError and non-object payloads to return OpenAI-style 400 error
responses. Apply this helper function consistently across all three POST
endpoints: the current endpoint at line 632, the /v1/completions endpoint at
lines 666-667, and the /v1/tools/invoke endpoint at lines 685-686, replacing the
direct `await request.json()` calls with the helper to ensure all JSON parsing
errors are normalized into proper error responses before the `body.get()` call.
- Around line 589-617: The OpenAI-compatible server accepts an --api-key
parameter for authentication but does not enforce API key validation on incoming
requests to the /v1/* endpoints. Apply the existing _require_api_key() guard to
the /v1/completions, /v1/models, and /v1/tools/invoke endpoint handlers to
verify that inbound requests include the correct bearer token before processing
them. This should be done in the endpoint registration or middleware setup where
create_unified_app is used to ensure all authentication-required endpoints are
protected.
- Around line 704-710: The uvicorn.run() call passes a dynamically constructed
FastAPI app object with reload=True, but Uvicorn's reload mode requires an
importable module path string, not an in-memory app object. Set the reload
parameter to False in the uvicorn.run() call since the app is created
dynamically and cannot be reloaded from an import path.

In `@src/praisonai/praisonai/endpoints/providers/openai_compat.py`:
- Around line 206-209: The code currently uses .get() with default values for
required fields (messages around line 206, prompt around line 248, and tool_name
around line 328) instead of validating their presence. Replace these silent
defaults with explicit validation that raises an appropriate error (such as a
ValueError or validation exception) when these required fields are missing from
the input_data dictionary. This ensures requests conform to the declared
endpoint schema and prevents malformed requests from being processed further
into the system.
- Around line 21-27: The docstring (lines 21-27) and the capability list (around
line 56) advertise support for embeddings endpoints and capabilities that are
not actually implemented in the list_endpoints() or invoke() methods. Remove the
`/v1/embeddings (if available)` line from the docstring that documents the
implemented endpoints, and remove "embeddings" from the capabilities list
declared around line 56-57 to ensure the advertised contract matches what is
actually implemented.
- Around line 177-181: Replace the direct inclusion of str(e) in the error field
of InvokeResult responses with a generic, client-safe error message. Instead of
returning f"Internal error: {str(e)}", return a stable message like "Internal
error" or "An error occurred while processing your request". Capture the actual
exception details by logging them internally using appropriate logging
mechanisms so diagnostics are available for debugging without exposing sensitive
information to API clients. Apply this pattern consistently across all exception
handlers that return InvokeResult, including the ones referenced in lines
236-240, 270-274, 353-357, 445-448, and 514-520.
- Around line 363-364: The streaming path is forcing non-streaming behavior by
passing stream=False to the _handle_chat_completions method on line 364, then
artificially chunking the response character-by-character in the subsequent SSE
emission logic (lines 412-427). Instead, pass stream=True to
_handle_chat_completions to enable actual streaming, then update the SSE
emission logic to properly iterate over token-level chunks from the streaming
response rather than breaking the result into individual characters. This will
reduce first-token latency and minimize excessive SSE event generation.

In `@test_openai_compatibility.py`:
- Around line 135-142: The requests.post call is missing a timeout parameter,
which can cause the test to hang indefinitely if the server becomes unresponsive
and blocks the CI/CD pipeline. Add a timeout parameter to the requests.post call
that sends to "http://localhost:8765/v1/tools/invoke" with an appropriate
timeout value (such as 5 or 10 seconds) to ensure the test fails quickly rather
than blocking indefinitely when the server is unavailable or slow to respond.

---

Nitpick comments:
In `@test_openai_compatibility.py`:
- Line 192: The zip() function call in the for loop iterating over tests and
results lacks the strict=True parameter, which would provide defensive
programming by catching length mismatches between the lists. Modify the
zip(tests, results) call to include strict=True as a parameter so that a
ValueError is raised if the tests and results lists have different lengths,
helping catch logic errors early.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2d23c558-be63-4c14-9f28-4851125540a5

📥 Commits

Reviewing files that changed from the base of the PR and between b456e6b and 113357c.

📒 Files selected for processing (4)

• src/praisonai/praisonai/cli/commands/serve.py
• src/praisonai/praisonai/endpoints/providers/__init__.py
• src/praisonai/praisonai/endpoints/providers/openai_compat.py
• test_openai_compatibility.py

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Enforce --api-key on inbound requests.

--api-key is documented as authentication, but none of the /v1/* handlers verifies the client’s bearer key; it is only passed into OpenAICompatProvider. That leaves chat/completions and /v1/tools/invoke unauthenticated whenever this server is reachable.

🛡️ Suggested direction

         from fastapi import Request, Response
         from fastapi.responses import StreamingResponse
+        import hmac
         import json
+
+        def _json_error(message: str, error_type: str, status_code: int) -> Response:
+            return Response(
+                content=json.dumps({"error": {"message": message, "type": error_type}}),
+                status_code=status_code,
+                media_type="application/json",
+                headers={"WWW-Authenticate": "Bearer"} if status_code == 401 else None,
+            )
+
+        def _require_api_key(request: Request) -> Optional[Response]:
+            if api_key is None:
+                return None
+
+            authorization = request.headers.get("authorization", "")
+            bearer_token = (
+                authorization[7:].strip()
+                if authorization.lower().startswith("bearer ")
+                else ""
+            )
+            x_api_key = request.headers.get("x-api-key", "")
+
+            if (
+                bearer_token and hmac.compare_digest(bearer_token, api_key)
+            ) or (
+                x_api_key and hmac.compare_digest(x_api_key, api_key)
+            ):
+                return None
+
+            return _json_error("Invalid API key", "authentication_error", 401)
 
         `@app.post`("/v1/chat/completions")
         async def chat_completions(request: Request):
+            auth_error = _require_api_key(request)
+            if auth_error is not None:
+                return auth_error
             body = await request.json()

Apply the same _require_api_key() guard to /v1/completions, /v1/models, and /v1/tools/invoke.

Also applies to: 630-695

🧰 Tools

🪛 ast-grep (0.44.0)

[warning] 613-613: Do not make http calls without encryption
Context: f"http://{host}:{port}"
Note: [CWE-319] Cleartext Transmission of Sensitive Information.

(requests-http)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai/praisonai/cli/commands/serve.py` around lines 589 - 617, The
OpenAI-compatible server accepts an --api-key parameter for authentication but
does not enforce API key validation on incoming requests to the /v1/* endpoints.
Apply the existing _require_api_key() guard to the /v1/completions, /v1/models,
and /v1/tools/invoke endpoint handlers to verify that inbound requests include
the correct bearer token before processing them. This should be done in the
endpoint registration or middleware setup where create_unified_app is used to
ensure all authentication-required endpoints are protected.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Normalize bad JSON into OpenAI-style 400 responses.

await request.json() and the immediate body.get(...) can surface malformed or non-object JSON as an unhandled server error before provider error mapping runs. Add one request-body helper and reuse it across the POST endpoints.

🐛 Suggested direction

+        from json import JSONDecodeError
+
+        async def _read_json_object(request: Request):
+            try:
+                body = await request.json()
+            except JSONDecodeError:
+                return None, Response(
+                    content=json.dumps({"error": {"message": "Invalid JSON body", "type": "invalid_request_error"}}),
+                    status_code=400,
+                    media_type="application/json",
+                )
+
+            if not isinstance(body, dict):
+                return None, Response(
+                    content=json.dumps({"error": {"message": "Request body must be a JSON object", "type": "invalid_request_error"}}),
+                    status_code=400,
+                    media_type="application/json",
+                )
+
+            return body, None
+
         `@app.post`("/v1/chat/completions")
         async def chat_completions(request: Request):
-            body = await request.json()
+            body, body_error = await _read_json_object(request)
+            if body_error is not None:
+                return body_error

Apply the same helper to /v1/completions and /v1/tools/invoke.

Also applies to: 666-667, 685-686

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai/praisonai/cli/commands/serve.py` around lines 632 - 634,
Malformed JSON in the request body can cause unhandled exceptions that bypass
provider error mapping at lines 632-634. Create a helper function to safely
parse and validate the request body JSON, catching JSONDecodeError and
non-object payloads to return OpenAI-style 400 error responses. Apply this
helper function consistently across all three POST endpoints: the current
endpoint at line 632, the /v1/completions endpoint at lines 666-667, and the
/v1/tools/invoke endpoint at lines 685-686, replacing the direct `await
request.json()` calls with the helper to ensure all JSON parsing errors are
normalized into proper error responses before the `body.get()` call.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Does uvicorn.run support reload=True when the ASGI app is passed as a FastAPI object instead of an import string, and what does the current Uvicorn documentation recommend?

💡 Result:

Uvicorn does not support the reload=True option when the ASGI application is passed as an object [1][2]. If you attempt to use reload=True with an application instance, Uvicorn will typically fail or display a warning because it requires an import string (e.g., "main:app") to properly manage the lifecycle of the reloaded processes [3][2]. The current Uvicorn documentation explicitly recommends using the import string style when running programmatically if you require features like auto-reloading or multiple workers [1][4]. When using these features, you must pass the application as a string representing the import path, and it is strongly advised to wrap the uvicorn.run call within an if name == 'main': block to prevent issues with multiprocessing [5][1][4].

Citations:

• 1: https://uvicorn.dev/deployment/
• 2: uvicorn can not start FastAPI with example settings fastapi/fastapi#1495
• 3: Reload only working when app is supplied as string Kludex/uvicorn#2553
• 4: https://github.com/encode/uvicorn/blob/master/docs/settings.md
• 5: https://uvicorn.dev/settings/?h=reload

---

Reject --reload for dynamically constructed FastAPI app.

The code passes an in-memory FastAPI object to uvicorn.run() with reload=True, but Uvicorn's reload mode requires an import string (e.g., "main:app") to function. This feature is broken and will fail or be silently ignored. Either disable reload here or extract the app into an importable module.

Suggested fix

+        if reload:
+            output.print_error(
+                "--reload is not supported for the dynamically constructed OpenAI server yet"
+            )
+            raise typer.Exit(2)
+
         uvicorn.run(
             app,
             host=host,
             port=port,
-            reload=reload,
+            reload=False,
             access_log=False,
         )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uvicorn.run(
	app,
	host=host,
	port=port,
	reload=reload,
	access_log=False,
	)
	if reload:
	output.print_error(
	"--reload is not supported for the dynamically constructed OpenAI server yet"
	)
	raise typer.Exit(2)
	uvicorn.run(
	app,
	host=host,
	port=port,
	reload=False,
	access_log=False,
	)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai/praisonai/cli/commands/serve.py` around lines 704 - 710, The
uvicorn.run() call passes a dynamically constructed FastAPI app object with
reload=True, but Uvicorn's reload mode requires an importable module path
string, not an in-memory app object. Set the reload parameter to False in the
uvicorn.run() call since the app is created dynamically and cannot be reloaded
from an import path.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not return raw exception text to API clients.

These paths expose str(e) directly in responses. That can leak internal implementation details or sensitive upstream error context. Prefer a stable client-safe message and internal logging for diagnostics.

Suggested pattern

-        except Exception as e:
+        except Exception:
             return InvokeResult(
                 ok=False,
                 status="error",
-                error=f"Internal error: {str(e)}",
+                error="Internal error",
             )

Also applies to: 236-240, 270-274, 353-357, 445-448, 514-520

🧰 Tools

🪛 Ruff (0.15.18)

[warning] 177-177: Do not catch blind exception: Exception

(BLE001)

---

[warning] 181-181: Use explicit conversion flag

Replace with conversion flag

(RUF010)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai/praisonai/endpoints/providers/openai_compat.py` around lines
177 - 181, Replace the direct inclusion of str(e) in the error field of
InvokeResult responses with a generic, client-safe error message. Instead of
returning f"Internal error: {str(e)}", return a stable message like "Internal
error" or "An error occurred while processing your request". Capture the actual
exception details by logging them internally using appropriate logging
mechanisms so diagnostics are available for debugging without exposing sensitive
information to API clients. Apply this pattern consistently across all exception
handlers that return InvokeResult, including the ones referenced in lines
236-240, 270-274, 353-357, 445-448, and 514-520.

Source: Linters/SAST tools

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Enforce required request fields instead of silently defaulting.

Lines 208/249/330 currently substitute defaults for required fields (messages, prompt, tool_name). That diverges from your declared endpoint schema and can route malformed requests deeper into capabilities.

Suggested validation guard pattern

 def _handle_chat_completions(self, input_data: Optional[Dict[str, Any]], stream: bool = False) -> InvokeResult:
@@
-            messages = input_data.get("messages", [])
+            messages = input_data.get("messages")
+            if not messages:
+                return InvokeResult(ok=False, status="invalid_request", error="`messages` is required")
@@
 def _handle_completions(self, input_data: Optional[Dict[str, Any]]) -> InvokeResult:
@@
-            prompt = input_data.get("prompt", "")
+            prompt = input_data.get("prompt")
+            if prompt is None:
+                return InvokeResult(ok=False, status="invalid_request", error="`prompt` is required")
@@
 def _handle_tools_invoke(self, input_data: Optional[Dict[str, Any]]) -> InvokeResult:
@@
             tool_name = input_data.get("tool_name")
+            if not tool_name:
+                return InvokeResult(ok=False, status="invalid_request", error="`tool_name` is required")

Also applies to: 248-250, 328-331

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai/praisonai/endpoints/providers/openai_compat.py` around lines
206 - 209, The code currently uses .get() with default values for required
fields (messages around line 206, prompt around line 248, and tool_name around
line 328) instead of validating their presence. Replace these silent defaults
with explicit validation that raises an appropriate error (such as a ValueError
or validation exception) when these required fields are missing from the
input_data dictionary. This ensures requests conform to the declared endpoint
schema and prevents malformed requests from being processed further into the
system.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Streaming path is fully buffered and emits one SSE event per character.

Line 364 forces non-streaming completion, then Lines 412-427 emit char-by-char chunks. This increases first-token latency and can generate excessive SSE event volume on long outputs.

Also applies to: 410-427

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai/praisonai/endpoints/providers/openai_compat.py` around lines
363 - 364, The streaming path is forcing non-streaming behavior by passing
stream=False to the _handle_chat_completions method on line 364, then
artificially chunking the response character-by-character in the subsequent SSE
emission logic (lines 412-427). Instead, pass stream=True to
_handle_chat_completions to enable actual streaming, then update the SSE
emission logic to properly iterate over token-level chunks from the streaming
response rather than breaking the result into individual characters. This will
reduce first-token latency and minimize excessive SSE event generation.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add timeout to requests.post call.

The requests.post call lacks a timeout parameter. If the server hangs or is unresponsive, this test will block indefinitely, potentially causing CI/CD pipelines to hang.

🛡️ Proposed fix

         response = requests.post(
             "http://localhost:8765/v1/tools/invoke",
             json={
                 "tool_name": "test_tool", 
                 "parameters": {"query": "test"},
                 "agent": "default"
-            }
+            },
+            timeout=30
         )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	response = requests.post(
	"http://localhost:8765/v1/tools/invoke",
	json={
	"tool_name": "test_tool",
	"parameters": {"query": "test"},
	"agent": "default"
	}
	)
	response = requests.post(
	"http://localhost:8765/v1/tools/invoke",
	json={
	"tool_name": "test_tool",
	"parameters": {"query": "test"},
	"agent": "default"
	},
	timeout=30
	)

🧰 Tools

🪛 Ruff (0.15.18)

[error] 135-135: Probable use of requests call without timeout

(S113)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test_openai_compatibility.py` around lines 135 - 142, The requests.post call
is missing a timeout parameter, which can cause the test to hang indefinitely if
the server becomes unresponsive and blocks the CI/CD pipeline. Add a timeout
parameter to the requests.post call that sends to
"http://localhost:8765/v1/tools/invoke" with an appropriate timeout value (such
as 5 or 10 seconds) to ensure the test fails quickly rather than blocking
indefinitely when the server is unavailable or slow to respond.

Source: Linters/SAST tools

[MervinPraison]

@claude make sure DRY Approach.

we already support many providers via core SDK, can't you re-use that ? if so, fix it

[praisonai-triage-agent]

Claude finished @MervinPraison's task —— View job

---

✅ Fixed OpenAI Compatibility Protocol Issues

Analysis Summary

After thorough review, I found that the OpenAI compatibility layer already follows DRY principles correctly:

• ✅ Uses existing infrastructure - Imports chat_completion and text_completion from praisonai.capabilities.completions
• ✅ Follows protocol-driven design - Core protocols in SDK, heavy implementation in wrapper
• ✅ No duplication - The capabilities layer already uses litellm internally
• ✅ Proper adapter pattern - Provides HTTP API compatibility layer for external clients

The implementation is not duplicating functionality but properly adapting PraisonAI's capabilities to OpenAI's HTTP API format.

Fixed Issues

Protocol Compliance Fixes:

1. ✅ Removed false advertising - Removed "embeddings" from capabilities list (not implemented)
2. ✅ Added initial role chunk - Streaming now sends required {"role": "assistant"} delta first (OpenAI SDK requirement)
3. ✅ Fixed message schema - No longer includes tool_calls: null in non-tool responses (violates OpenAI spec)

Files Modified

• src/praisonai/praisonai/endpoints/providers/openai_compat.py - Fixed protocol compliance issues

The OpenAI compatibility layer now strictly adheres to OpenAI's API specification, ensuring better compatibility with OpenAI SDK clients.