Discriminate session size

[chris-adam]

Summary by CodeRabbit

• New Features

  • Configurable maximum session size (default 100 MB) added to settings.
  • Exposed controls to get/set the max session size.
  • Sessions now track aggregated file sizes and enforce the configured limit when adding files.
  • File additions are distributed across sessions to respect size limits; removing files updates session size accordingly.

• Tests

  • Added tests validating file-size computation, session size tracking, and session allocation when limits are reached.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds per-session size tracking and enforcement: new max_session_size setting with registry accessors, utilities to compute file sizes, and session selection/update logic to prevent sessions exceeding the configured maximum.

Changes

Cohort / File(s)	Summary
Settings src/imio/esign/browser/settings.py	Added max_session_size: schema.Int to IImioEsignSettings (title, description, default=100, min=1, required).
Config src/imio/esign/config.py	Added get_registry_max_session_size(default=100) and set_registry_max_session_size(value) to read/write imio.esign.max_session_size in the registry.
Utilities & Session Management src/imio/esign/utils.py, src/imio/esign/tests/test_utils.py	Added get_filesize(uid); add_files_to_session() now computes total size, passes size to discriminate_sessions(), uses/updates session["size"], and changed title default to "". discriminate_sessions() gains size parameter and filters sessions that would exceed registry max. remove_files_from_session() subtracts file sizes. Tests added/updated to cover sizing behavior.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Utils as Utils (get_filesize, add_files_to_session)
    participant Registry as Registry (get_registry_max_session_size)
    participant Sessions as SessionStore

    Client->>Utils: add_files_to_session(uids, signers, ...)
    Utils->>Utils: sum = Σ get_filesize(uid)
    Utils->>Registry: get_registry_max_session_size()
    Utils->>Sessions: discriminate_sessions(signers, ..., size=sum)
    Sessions-->>Utils: candidate session(s)
    alt fits in an existing session
        Utils->>Sessions: update session (append files, session["size"] += sum)
    else create new session
        Utils->>Sessions: create session with session["size"] = sum
    end
    Utils-->>Client: return session info

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐇 I count the bytes that tumble in,

I tuck them safe, then keep them thin,
A registry whisper sets the gate,
I hop and sort — no overflow to sate.

🚥 Pre-merge checks | ✅ 2 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 57.14% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (11 files): ⚔️ CHANGES.rst (content) ⚔️ src/imio/esign/browser/settings.py (content) ⚔️ src/imio/esign/browser/table.py (content) ⚔️ src/imio/esign/browser/templates/session_info.pt (content) ⚔️ src/imio/esign/browser/templates/sessions.pt (content) ⚔️ src/imio/esign/browser/views.py (content) ⚔️ src/imio/esign/config.py (content) ⚔️ src/imio/esign/locales/fr/LC_MESSAGES/imio.esign.po (content) ⚔️ src/imio/esign/locales/imio.esign.pot (content) ⚔️ src/imio/esign/tests/test_utils.py (content) ⚔️ src/imio/esign/utils.py (content) These conflicts must be resolved before merging into main.	Resolve conflicts locally and push changes to this branch.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Discriminate session size' clearly and concisely summarizes the main objective of the pull request, which adds session size validation and discrimination logic across multiple modules.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch SE-270/discriminate_session_size

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/imio/esign/utils.py`:
- Around line 33-38: The get_filesize function can raise AttributeError when
annex.file is None; update get_filesize (which uses uuidToObject and annex) to
guard the fallback path by checking annex.file is not None before accessing
annex.file.size and return a safe default (e.g., 0) if annex.file is missing;
keep the existing categorized_elements branch intact and only use
annex.file.size when annex.file exists.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing null check for annex.file in fallback path.

If annex.file is None, accessing annex.file.size on line 37 will raise an AttributeError. Other functions in this file (e.g., get_files_from_uids at line 294) explicitly check for this condition.

🛡️ Proposed fix

 def get_filesize(uid):
     annex = uuidToObject(uuid=uid, unrestricted=True)
     if hasattr(annex.__parent__, "categorized_elements"):
         return annex.__parent__.categorized_elements.get(uid, {}).get("filesize", 0)
+    if not annex.file:
+        return 0
     return annex.file.size

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	def get_filesize(uid):
	annex = uuidToObject(uuid=uid, unrestricted=True)
	if hasattr(annex.__parent__, "categorized_elements"):
	return annex.__parent__.categorized_elements.get(uid, {}).get("filesize", 0)
	return annex.file.size
	def get_filesize(uid):
	annex = uuidToObject(uuid=uid, unrestricted=True)
	if hasattr(annex.__parent__, "categorized_elements"):
	return annex.__parent__.categorized_elements.get(uid, {}).get("filesize", 0)
	if not annex.file:
	return 0
	return annex.file.size

🤖 Prompt for AI Agents

In `@src/imio/esign/utils.py` around lines 33 - 38, The get_filesize function can
raise AttributeError when annex.file is None; update get_filesize (which uses
uuidToObject and annex) to guard the fallback path by checking annex.file is not
None before accessing annex.file.size and return a safe default (e.g., 0) if
annex.file is missing; keep the existing categorized_elements branch intact and
only use annex.file.size when annex.file exists.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/imio/esign/utils.py (1)

85-102: ⚠️ Potential issue | 🟠 Major

session["size"] only grows; removals don’t decrement it.

This will quickly make size-based discrimination inaccurate and overly restrictive. Track per-file sizes and subtract on removal (or recompute from remaining files).

🧩 Proposed fix (track per-file size and decrement on removal)

-    size = sum(get_filesize(uid) for uid in files_uids)
+    sizes = [get_filesize(uid) for uid in files_uids]
+    size = sum(sizes)
@@
-    for uid in files_uids:
+    for uid, file_size in zip(files_uids, sizes):
         annex = uuidToObject(uuid=uid, unrestricted=True)
@@
         session["files"].append(
             {
                 "scan_id": annex.scan_id,
                 "filename": new_filename + ext,
                 "title": annex.title or "no_title",
                 "uid": uid,
                 "context_uid": context_uid,
                 "status": "",
+                "size": file_size,
             }
         )

 def remove_files_from_session(files_uids):
@@
-        del session["files"][i]
+        removed = session["files"][i]
+        del session["files"][i]
+        if "size" in removed:
+            session["size"] = max(0, session.get("size", 0) - removed["size"])

🤖 Fix all issues with AI agents

In `@src/imio/esign/utils.py`:
- Around line 69-79: When an explicit session_id is provided the code skips
size-based discrimination so oversized batches can create or reuse sessions
beyond the cap; update the block that handles session_id/session so it checks
the computed size (from get_filesize) against the configured max session size
(use the same limit used by discriminate_sessions) and if size exceeds the max,
log an error and set session_id = session = None (or otherwise refuse to attach
to a session) so the flow treats it as no-session and prevents creating/using an
oversized session; reference get_session_annotation, get_filesize, size,
session_id, session, and discriminate_sessions to locate where to add the
validation and logging.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Max session size isn’t enforced for explicit session_id or oversized batches.

If session_id is provided, size discrimination is bypassed, and a single batch larger than the max can still create a session. This allows sessions to exceed the configured cap.

🛡️ Proposed fix

     annot = get_session_annotation()
-    size = sum(get_filesize(uid) for uid in files_uids)
+    size = sum(get_filesize(uid) for uid in files_uids)
+    max_size = get_registry_max_session_size() * 1024**2
+    if size > max_size:
+        logger.error("Files total size %s exceeds max session size %s.", size, max_size)
+        return None, None
     if session_id is not None:
         if session_id not in annot["sessions"]:
             logger.error("Session with id %s not found in esign annotations.", session_id)
             session_id = session = None
         else:
             session = annot["sessions"][session_id]
+            if session.get("size", 0) + size > max_size:
+                logger.error("Session %s would exceed max session size %s.", session_id, max_size)
+                return None, None
     else:
         session_id, session = discriminate_sessions(signers, seal, acroform, discriminators=discriminators, size=size)

🤖 Prompt for AI Agents

In `@src/imio/esign/utils.py` around lines 69 - 79, When an explicit session_id is
provided the code skips size-based discrimination so oversized batches can
create or reuse sessions beyond the cap; update the block that handles
session_id/session so it checks the computed size (from get_filesize) against
the configured max session size (use the same limit used by
discriminate_sessions) and if size exceeds the max, log an error and set
session_id = session = None (or otherwise refuse to attach to a session) so the
flow treats it as no-session and prevents creating/using an oversized session;
reference get_session_annotation, get_filesize, size, session_id, session, and
discriminate_sessions to locate where to add the validation and logging.

[chris-adam]

Yes, providing a session ID by pass any discriminator

[coderabbitai]

@chris-adam, Thank you for clarifying! I understand that bypassing discriminators when an explicit session_id is provided is intentional behavior. This gives callers direct control to add files to a specific session regardless of size limits or other discriminator criteria.

If this is the desired behavior, the implementation is correct as-is. The size limit effectively applies only during automatic session discrimination (when session_id is None), not when explicitly targeting a session.

---

✏️ Learnings added

Learnt from: chris-adam
Repo: IMIO/imio.esign PR: 8
File: src/imio/esign/utils.py:69-79
Timestamp: 2026-02-09T08:37:06.190Z
Learning: In `src/imio/esign/utils.py`, when an explicit `session_id` is provided to `add_files_to_session()`, all discriminators (including size limits) are intentionally bypassed. Size-based discrimination only applies during automatic session selection when `session_id` is `None`.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[sgeulette]

ok pour la logique.
Peux-tu ajouter/modifier les tests ?

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@src/imio/esign/tests/test_utils.py`:
- Line 6: The import line referencing IMIO_ESIGN_INTEGRATION_TESTING contains an
unnecessary noqa directive; remove the trailing "# noqa: E501" from the import
(the symbol to edit is IMIO_ESIGN_INTEGRATION_TESTING in the import statement)
so the line is just a normal import without the unused noqa comment.
- Around line 250-276: The test test_session_size_discrimination mutates global
state by calling set_registry_max_session_size(1) without restoring it; capture
the previous value before calling set_registry_max_session_size (e.g. prev =
set_registry_max_session_size(...)? or call a getter if available), then restore
it in a teardown/cleanup or a finally block so other tests aren’t affected;
update the test to use addCleanup or a try/finally around the call to
set_registry_max_session_size to ensure the original registry value is restored
after the test finishes, referencing set_registry_max_session_size and
test_session_size_discrimination to locate the change.

[sgeulette]

j'ai corrigé et amélioré un test