test(glm5): agentic review — zai.glm-5#6
Conversation
🤖 dotBot Review (Bedrock)Reviewed 18 file(s); 12 candidate(s) → 1 confirmed, 8 uncertain (unverified, kept for review).
Confirmed findings
🔎 Uncertain (could not confirm or disprove — review manually)
zai.glm-5 · Run: #28252594738 · tokens: in: 94581 · out: 4721 · total: 99302 · calls: 54 |
dotCMS#36279) Content Drive's upload dialog lets users pick Asset vs File, which are semantically base types. Previously only DOTASSET could be resolved from a base type on the backend, so firing the NEW workflow action with baseType: FILEASSET failed with "content type or base type is not set or is invalid". This adds the missing FILEASSET resolution and switches the frontend to send the base type. Backend: - Extract the dotAsset mime-matching algorithm into a reusable BaseTypeMimeTypeMatcher (parameterized by base type + binary field var); DotAssetAPIImpl.tryMatch now delegates to it (DOTASSET behavior unchanged). - Move DotAssetBaseTypeToContentTypeStrategyImpl out of the resolver into its own class and add FileAssetBaseTypeToContentTypeStrategyImpl, which mime-matches FILEASSET content types and falls back to the default FileAsset. - Register both strategies; fix BaseTypeToContentTypeStrategyResolver.subscribe which ignored its baseContentType arg and always registered under DOTASSET. Frontend: - Revert uploadDotAsset to its original 2-arg form; add uploadFileByBaseType (DotUploadFileService) and newContentletByBaseType (DotWorkflowActionsFireService) which send baseType instead of contentType. - Content Drive now emits DOTASSET/FILEASSET and routes uploads through the new method; root-level uploads carry the current site identifier so they land on the browsed site, not the default host. Tests: resolver unit test (subscribe regression + FILEASSET registration), FileAsset strategy integration test, and frontend specs for the new methods, base-type selection, and current-site root upload. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
3729505 to
1962f75
Compare
🤖 dotBot Review (Bedrock)Reviewed 18 file(s); 12 candidate(s) → 0 confirmed, 0 uncertain (unverified, kept for review).
✅ No issues found after verification. zai.glm-5 · Run: #28254070253 · tokens: in: 137269 · out: 10940 · total: 148209 · calls: 59 |
|
|
||
| try { | ||
|
|
||
| return APILocator.getDotAssetAPI().tryMatch(file, currentHost, user); |
There was a problem hiding this comment.
🟠 [High] Potential NPE if user or host are null
At lines 31-32, user and currentHost are extracted from contextMap without null checks. These are passed to tryMatch(file, currentHost, user) at line 42. In DotAssetAPIImpl.tryMatch (line 26), it calls getMimeType(file) which can throw if file operations fail, and then calls the overloaded tryMatch(mimeType, currentHost, user). If user or currentHost are null and the implementation dereferences them (e.g., for permission checks via hasPermission), this will cause NPE. The try-catch at lines 43-45 catches DotDataException and DotSecurityException but not NullPointerException, which would propagate up.
Clean single-model e2e of the agentic reviewer (dotCMS/ai-workflows#55 @v3.3.0-beta.10).
Model:
zai.glm-5— bedrock-harness.Reviewed diff is only the real dotCMS#36317 change (18 files); the test workflow + removal of other repo workflows live on the base branch.
Throwaway — do not merge.