Add session participants routes

[creatorrr]

User description

Summary

• support listing session agents and users
• expose new routes to list session participants
• add TypeSpec endpoints for agents and users of a session

Testing

• ruff check .
• ruff format .

---

PR Type

Enhancement

---

Description

• Add endpoints to list agents and users in a session

  • New API routes for /sessions/{session_id}/agents and /sessions/{session_id}/users
  • SQL queries to fetch session agents and users

• Update TypeSpec to document new session participant endpoints

---

Changes walkthrough 📝

	Relevant files
Enhancement	6 files __init__.py Export new session agent and user query functions                +4/-0      get_session_agents.py Add SQL query to fetch session agents                                        +51/-0    get_session_users.py Add SQL query to fetch session users                                          +46/-0    __init__.py Export new session agent and user routers                                +2/-0      get_session_agents.py Add API endpoint to list session agents                                    +27/-0    get_session_users.py Add API endpoint to list session users                                      +25/-0
Documentation	1 files endpoints.tsp Add TypeSpec endpoints for session agents and users            +17/-1

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

---

Important

Add SQL queries and API endpoints to list session agents and users, updating TypeSpec endpoints accordingly.

• New Functionality:
  • Add get_session_agents and get_session_users functions in queries/sessions to fetch agents and users for a session.
  • Introduce API endpoints in routers/sessions to list agents (get_session_agents) and users (get_session_users) for a session.
• TypeSpec Updates:
  • Update endpoints.tsp to include listAgents and listUsers endpoints for sessions.
• Misc:
  • Update imports in queries/sessions/__init__.py and routers/sessions/__init__.py to include new functions.

^{This description was created by for 588ba49. You can customize this summary. It will automatically update as commits are pushed.}

[qodo-merge-for-open-source]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Query Performance The query joins multiple tables without any pagination mechanism. For sessions with many agents, this could lead to performance issues. Consider adding pagination parameters. query = """ SELECT a.agent_id, a.developer_id, a.name, a.canonical_name, a.about, a.instructions, a.model, a.metadata, a.default_settings, a.default_system_template, a.created_at, a.updated_at, p.canonical_name AS project FROM session_lookup sl JOIN agents a ON sl.participant_id = a.agent_id AND sl.developer_id = a.developer_id LEFT JOIN project_agents pa ON a.agent_id = pa.agent_id AND a.developer_id = pa.developer_id LEFT JOIN projects p ON pa.project_id = p.project_id AND pa.developer_id = p.developer_id WHERE sl.developer_id = $1 AND sl.session_id = $2 AND sl.participant_type = 'agent'; """ Missing Pagination The endpoint returns all agents for a session without pagination support, which could cause performance issues for sessions with many agents. Consider implementing pagination similar to other list endpoints. @router.get("/sessions/{session_id}/agents", tags=["sessions"]) async def get_session_agents( session_id: UUID, x_developer_id: Annotated[UUID, Depends(get_developer_id)], ) -> ListResponse[Agent]: """Return agents associated with the session.""" agents = await get_session_agents_query( developer_id=x_developer_id, session_id=session_id, ) return ListResponse[Agent](items=agents)

[qodo-merge-for-open-source]

CI Feedback 🧐

(Feedback updated until commit 2a0f520)

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Typecheck

Failed stage: Generate openapi code [❌]

Failure summary: The action failed during TypeSpec compilation with 2 errors in the file endpoints.tsp: 1. Line 28: Unknown identifier ListResponse in listAgents(): ListResponse<Agents.Agent>; 2. Line 33: Unknown identifier ListResponse in listUsers(): ListResponse<Users.User>; The TypeSpec compiler could not find the definition for the ListResponse type that is being used in these two endpoints.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 155: prune-cache: true 156: ignore-nothing-to-cache: false 157: ##[endgroup] 158: Downloading uv from "https://github.com/astral-sh/uv/releases/download/0.7.12/uv-x86_64-unknown-linux-gnu.tar.gz" ... 159: [command]/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/b9f9945f-94b4-454d-88a1-419b80f44a29 -f /home/runner/work/_temp/bc07b183-6b86-4225-8a82-0dd2898464a7 160: Added /opt/hostedtoolcache/uv/0.7.12/x86_64 to the path 161: Added /home/runner/.local/bin to the path 162: Set UV_CACHE_DIR to /home/runner/work/_temp/setup-uv-cache 163: Successfully installed uv version 0.7.12 164: Searching files using cache dependency glob: **/uv.lock 165: /home/runner/work/julep/julep/agents-api/uv.lock 166: /home/runner/work/julep/julep/cli/uv.lock 167: /home/runner/work/julep/julep/integrations-service/uv.lock 168: Found 3 files to hash. 169: Trying to restore uv cache from GitHub Actions cache with key: setup-uv-1-x86_64-unknown-linux-gnu-0.7.12-d2fb266502043ea806ace17d24fc614bc58c57b06c32d25d4a98237661d5d333 170: ##[warning]Failed to restore: getCacheEntry failed: Cache service responded with 503 171: No GitHub Actions cache found for key: setup-uv-1-x86_64-unknown-linux-gnu-0.7.12-d2fb266502043ea806ace17d24fc614bc58c57b06c32d25d4a98237661d5d333 ... 195: Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.12.10/x64 196: Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.12.10/x64 197: Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.12.10/x64 198: LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.12.10/x64/lib 199: ##[endgroup] 200: added 108 packages, and audited 109 packages in 1s 201: 13 packages are looking for funding 202: run `npm fund` for details 203: found 0 vulnerabilities 204: /home/runner/work/julep/julep 205: + set -e 206: + cd typespec/ 207: + tsp compile . 208: TypeSpec compiler v0.61.2 209: Diagnostics were reported during compilation: 210: �[36m/home/runner/work/julep/julep/typespec/sessions/endpoints.tsp�[39m:�[33m28�[39m:�[33m19�[39m - �[31merror�[39m �[90munknown-identifier�[39m: Unknown identifier ListResponse 211: > 28 | listAgents(): ListResponse<Agents.Agent>; 212: | ^^^^^^^^^^^^ 213: �[36m/home/runner/work/julep/julep/typespec/sessions/endpoints.tsp�[39m:�[33m33�[39m:�[33m18�[39m - �[31merror�[39m �[90munknown-identifier�[39m: Unknown identifier ListResponse 214: > 33 | listUsers(): ListResponse<Users.User>; 215: | ^^^^^^^^^^^^ 216: Found 2 errors. 217: ##[error]Process completed with exit code 1. 218: Post job cleanup.

[qodo-merge-for-open-source]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Add pagination parameters The endpoint is missing pagination parameters that are typically needed for list endpoints. Add limit and offset parameters with default values to support pagination of user results. agents-api/agents_api/routers/sessions/get_session_users.py [14-25] @router.get("/sessions/{session_id}/users", tags=["sessions"]) async def get_session_users( session_id: UUID, x_developer_id: Annotated[UUID, Depends(get_developer_id)], + limit: int = 100, + offset: int = 0, ) -> ListResponse[User]: """Return users associated with the session.""" users = await get_session_users_query( developer_id=x_developer_id, session_id=session_id, ) return ListResponse[User](items=users) [Suggestion processed] Suggestion importance[1-10]: 5 __ Why: Adding pagination parameters (limit and offset) is a reasonable improvement for list endpoints, enhancing scalability and usability. However, the suggestion does not update the call to get_session_users_query to actually use these parameters, so the improvement is only partial and not fully functional.	Low
Update

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 588ba49 in 1 minute and 2 seconds. Click for details.

• Reviewed 243 lines of code in 7 files
• Skipped 0 files when reviewing.
• Skipped posting 7 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. agents-api/agents_api/queries/sessions/__init__.py:17

• Draft comment:
  New query imports for 'get_session_agents' and 'get_session_users' have been added and included in all; structure is consistent.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

2. agents-api/agents_api/queries/sessions/get_session_agents.py:40

• Draft comment:
  The agent query function is well structured with proper error handling, metrics, and parameterized SQL.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

3. agents-api/agents_api/queries/sessions/get_session_users.py:35

• Draft comment:
  The user query function mirrors the agent query; it properly uses decorators and parameterized SQL for security.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

4. agents-api/agents_api/routers/sessions/__init__.py:8

• Draft comment:
  Router initialization now includes the new session agents and users endpoints; naming and import order are consistent.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

5. agents-api/agents_api/routers/sessions/get_session_agents.py:16

• Draft comment:
  The FastAPI endpoint for listing session agents is clear; dependency injection and return type (ListResponse[Agent]) are used appropriately.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

6. agents-api/agents_api/routers/sessions/get_session_users.py:14

• Draft comment:
  The FastAPI endpoint for listing session users is implemented similarly; it correctly uses dependency injection and returns the expected ListResponse.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

7. typespec/sessions/endpoints.tsp:25

• Draft comment:
  New Typespec endpoints for 'listAgents' and 'listUsers' are added with proper annotations; ensure they align with backend response models.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

Workflow ID: wflow_MvOTvnpMbpHljU1Q

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[qodo-merge-for-open-source]

Suggestion: Add pagination parameters

Suggested change

	x_developer_id: Annotated[UUID, Depends(get_developer_id)],
	) -> ListResponse[User]:
	x_developer_id: Annotated[UUID, Depends(get_developer_id)],
	limit: int = 100,
	offset: int = 0,
	) -> ListResponse[User]:

[gitguardian]

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
17693055	Triggered	JSON Web Token	2a0f520	cli/tests/test_auth.py	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secret safely. Learn here the best practices.
3. Revoke and rotate this secret.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}