Conversation
Reviewer ChecklistPlease leverage this checklist to ensure your code review is thorough before approving Testing, Bugs, Errors, Logs, Documentation
System Compatibility
Quality
|
This stack of pull requests is managed by Graphite. Learn more about stacking. |
![propel-code-bot[bot]](https://avatars.githubusercontent.com/in/1179004?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment has been minimized.
This comment has been minimized.
Sicheng-Pan
force-pushed
the
03-06-_enh_delete_with_limit
branch
2 times, most recently
from
19c9b46 to
b5e2b71
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment has been minimized.
This comment has been minimized.
Sicheng-Pan
force-pushed
the
03-06-_enh_delete_with_limit
branch
from
b5e2b71 to
2755df3
Compare
There was a problem hiding this comment.
Changes suggested to add validation, correct API docs, and expose new delete limit in bindings.
Status: Changes Suggested | Risk: Medium
Issues Identified & Suggestions
- Validate delete limit bounds to avoid no-op/exhaustion:
rust/types/src/api_types.rs - Fix OpenAPI response type for delete endpoint:
rust/frontend/src/server.rs - Expose limit and deleted count in Python bindings:
rust/python_bindings/src/bindings.rs
Review Details
📁 9 files reviewed | 💬 3 comments
👍 / 👎 individual comments to help improve reviews for you
| collection_id: CollectionUuid, | ||
| ids: Option<Vec<String>>, | ||
| r#where: Option<Where>, | ||
| limit: Option<u32>, |
There was a problem hiding this comment.
[Security] Missing validation: The limit parameter is accepted as Option<u32> but lacks validation for sensible bounds. A client could send limit: 0 or limit: u32::MAX, both of which are problematic.
Issues:
limit: 0makes the operation a no-op (why allow it?)limit: u32::MAX(4.2 billion) could cause memory exhaustion- No documented maximum safe value
Fix: Add validation in try_new():
if let Some(limit_val) = limit {
if limit_val == 0 {
return Err(ChromaValidationError::from((
"limit",
"must be greater than 0",
)));
}
if limit_val > MAX_DELETE_LIMIT { // e.g., 10000
return Err(ChromaValidationError::from((
"limit",
format!("must not exceed {}", MAX_DELETE_LIMIT),
)));
}
}Context for Agents
**Missing validation**: The `limit` parameter is accepted as `Option<u32>` but lacks validation for sensible bounds. A client could send `limit: 0` or `limit: u32::MAX`, both of which are problematic.
**Issues**:
- `limit: 0` makes the operation a no-op (why allow it?)
- `limit: u32::MAX` (4.2 billion) could cause memory exhaustion
- No documented maximum safe value
**Fix**: Add validation in `try_new()`:
```rust
if let Some(limit_val) = limit {
if limit_val == 0 {
return Err(ChromaValidationError::from((
"limit",
"must be greater than 0",
)));
}
if limit_val > MAX_DELETE_LIMIT { // e.g., 10000
return Err(ChromaValidationError::from((
"limit",
format!("must not exceed {}", MAX_DELETE_LIMIT),
)));
}
}
```
File: rust/types/src/api_types.rs
Line: 1580There was a problem hiding this comment.
For backward compact we need to support None, which is equivalent to u32::MAX. Limit by itself is not going to introduce additional cost than what we already have
| collection_id, | ||
| ids, | ||
| r#where, | ||
| None, |
There was a problem hiding this comment.
[Requirements] The limit parameter is hardcoded to None here, meaning the new functionality is not exposed to Python users. Additionally, the return value (deleted count) is discarded by returning Ok(()).
Please update the delete method signature to accept an optional limit argument and return the deleted count, ensuring feature parity for the Python bindings.
Context for Agents
The `limit` parameter is hardcoded to `None` here, meaning the new functionality is not exposed to Python users. Additionally, the return value (deleted count) is discarded by returning `Ok(())`.
Please update the `delete` method signature to accept an optional `limit` argument and return the deleted count, ensuring feature parity for the Python bindings.
File: rust/python_bindings/src/bindings.rs
Line: 577There was a problem hiding this comment.
Will be resolved in next PR on stack
Sicheng-Pan
force-pushed
the
03-06-_enh_delete_with_limit
branch
from
2755df3 to
c0b3443
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Sicheng-Pan
force-pushed
the
03-06-_enh_delete_with_limit
branch
from
c0b3443 to
dab3721
Compare
Sicheng-Pan
force-pushed
the
03-06-_enh_delete_with_limit
branch
from
dab3721 to
861f644
Compare
|
Add delete limits with deleted-count responses across API and frontends This PR introduces a Server handlers, service-based and in-memory frontends, and generated JS client types were updated to surface the new payload/response shape, and extensive Rust tests were added to validate limit behavior across where/ids scenarios and looped deletions. This summary was automatically generated by @propel-code-bot |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| encoding: None, | ||
| metadata: None, | ||
| })); | ||
| if let Some(limit) = limit { |
There was a problem hiding this comment.
can we just error if user ids len > limit??
There was a problem hiding this comment.
limit is relevant only when a where is specified. added validation for this
| assert_eq!(count(&mut frontend, &collection).await, 2); | ||
|
|
||
| // Limit is 100, but only 2 records match. | ||
| let response = frontend |
There was a problem hiding this comment.
can we add a test that loops over batches to use this correctly?
| #[cfg_attr(feature = "utoipa", derive(utoipa::ToSchema))] | ||
| pub struct DeleteCollectionRecordsPayload { | ||
| pub ids: Option<Vec<String>>, | ||
| pub limit: Option<u32>, |
There was a problem hiding this comment.
I think you need a default here to be b/w compatible
There was a problem hiding this comment.
added serde default
Sicheng-Pan
force-pushed
the
03-06-_enh_delete_with_limit
branch
from
045a146 to
0ce6340
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Sicheng-Pan
force-pushed
the
03-06-_enh_delete_with_limit
branch
from
0ce6340 to
1d4a302
Compare
Sicheng-Pan
force-pushed
the
03-06-_enh_delete_with_limit
branch
from
1d4a302 to
0e11fca
Compare
## Description of changes _Summarize the changes made by this PR._ - Improvements & Bug fixes - N/A - New functionality - Introduce `limit: Option<u32>` in the collection delete route. The response now returns how many records have been deleted. ## Test plan _How are these changes tested?_ - [ ] Tests pass locally with `pytest` for python, `yarn test` for js, `cargo test` for rust ## Migration plan _Are there any migrations, or any forwards/backwards compatibility changes needed in order to make sure this change deploys reliably?_ ## Observability plan _What is the plan to instrument and monitor this change?_ ## Documentation Changes _Are all docstrings for user-facing APIs updated if required? Do we need to make documentation changes in the [docs section](https://github.com/chroma-core/chroma/tree/main/docs/docs.trychroma.com)?_
## Description of changes _Summarize the changes made by this PR._ - Improvements & Bug fixes - N/A - New functionality - Introduce `limit: Option<u32>` in the collection delete route. The response now returns how many records have been deleted. ## Test plan _How are these changes tested?_ - [ ] Tests pass locally with `pytest` for python, `yarn test` for js, `cargo test` for rust ## Migration plan _Are there any migrations, or any forwards/backwards compatibility changes needed in order to make sure this change deploys reliably?_ ## Observability plan _What is the plan to instrument and monitor this change?_ ## Documentation Changes _Are all docstrings for user-facing APIs updated if required? Do we need to make documentation changes in the [docs section](https://github.com/chroma-core/chroma/tree/main/docs/docs.trychroma.com)?_
This PR cherry-picks the commit 9100022 onto release/2026-02-20. If there are unresolved conflicts, please resolve them manually. Co-authored-by: Macronova <[email protected]>
This PR cherry-picks the commit 9100022 onto rc/2026-03-06. If there are unresolved conflicts, please resolve them manually. Co-authored-by: Macronova <[email protected]>
2 participants
Description of changes
Summarize the changes made by this PR.
limit: Option<u32>in the collection delete route. The response now returns how many records have been deleted.Test plan
How are these changes tested?
pytestfor python,yarn testfor js,cargo testfor rustMigration plan
Are there any migrations, or any forwards/backwards compatibility changes needed in order to make sure this change deploys reliably?
Observability plan
What is the plan to instrument and monitor this change?
Documentation Changes
Are all docstrings for user-facing APIs updated if required? Do we need to make documentation changes in the docs section?