Open WebUI: Add full end-to-end example rig #1038
Conversation
WalkthroughThis change introduces a complete integration stack for CrateDB with Open WebUI, including all necessary configuration files, Docker Compose orchestration, environment and setup scripts, test automation, and documentation. It also adds CI workflow and automated dependency management for the new application under the Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant OpenWebUI
participant CrateDB-MCPO
participant CrateDB
User->>OpenWebUI: Access UI / API
OpenWebUI->>CrateDB-MCPO: Tool server API request (e.g., Text-to-SQL)
CrateDB-MCPO->>CrateDB: SQL query / metadata request
CrateDB-->>CrateDB-MCPO: Query results / metadata
CrateDB-MCPO-->>OpenWebUI: Response via OpenAPI
OpenWebUI-->>User: Rendered results / chat response
sequenceDiagram
participant CI
participant SetupScript
participant OpenWebUI
participant CrateDB
participant CrateDB-MCPO
CI->>SetupScript: Run setup.sh
SetupScript->>CrateDB: Execute init.sql
SetupScript->>OpenWebUI: Authenticate & configure via HTTP API
SetupScript->>CrateDB-MCPO: Fetch system prompt
SetupScript->>OpenWebUI: POST tool server config, model config
SetupScript->>OpenWebUI: POST embedding config
SetupScript-->>CI: Setup complete
CI->>SetupScript: Run test.sh
SetupScript->>OpenWebUI: Authenticate & test model availability
SetupScript-->>CI: Test result
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~18 minutes Suggested reviewers
Poem
Note ⚡️ Unit Test Generation is now available in beta!Learn more here, or try it out under "Finishing Touches" below. ✨ Finishing Touches
🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
🧹 Nitpick comments (6)
application/open-webui/backlog.md (1)
3-6: Consider tracking backlog items as GitHub issuesKeeping TODOs only in a markdown file risks them being forgotten. Converting them into actionable GitHub issues (and linking from here) gives visibility and assignees.
application/open-webui/init.sql (1)
3-8: Add primary key / quotetimestampcolumn to avoid future pitfalls
timestampshadows the built-in function name; quoting ("timestamp") avoids ambiguous-identifier errors in some SQL clients.- The table lacks a primary key or clustering key; even a synthetic
(timestamp, sensor_id)key greatly improves point-look-ups and shard pruning in CrateDB.Example:
CREATE TABLE IF NOT EXISTS time_series_data ( "timestamp" TIMESTAMP, value DOUBLE, location STRING, sensor_id INT, PRIMARY KEY ("timestamp", sensor_id) );application/open-webui/README.md (2)
18-19: Service count mismatch between docs andcompose.ymlThe README claims “three services”, but the Compose file includes CrateDB, MCPO, Open WebUI,
setup, andwait-for-it(5 in total). Update the bullet list to prevent onboarding confusion.
26-30: Placeholder typo in environment variable exampleThe variable is
OPENAI_API_KEY, but the placeholder reads<your_openapi_key>. Minor, yet this trips copy-&-paste.-export OPENAI_API_KEY=<your_openapi_key> +export OPENAI_API_KEY=<your_openai_api_key>application/open-webui/compose.yml (2)
52-56: Re-enable MCPO health-check for deterministic startupCommenting the health-check breaks
depends_on … condition: service_healthysemantics for future services.
Uncomment unless there is a strong reason.- #healthcheck: - # test: [ "CMD", "curl", "--fail", "http://localhost:8000/docs" ] - # start_period: 3s - # interval: 10s + healthcheck: + test: [ "CMD", "curl", "--fail", "http://localhost:8000/docs" ] + start_period: 3s + interval: 10s
97-107:setupshould depend on CrateDB as well
setupexecutes SQL against CrateDB but only waits for Open WebUI. Add CrateDB (and optionally MCPO) todepends_onto prevent race conditions.depends_on: open-webui: condition: service_healthy + cratedb: + condition: service_healthy
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (7)
application/open-webui/README.md(1 hunks)application/open-webui/backlog.md(1 hunks)application/open-webui/compose.yml(1 hunks)application/open-webui/init.sql(1 hunks)application/open-webui/setup.Dockerfile(1 hunks)application/open-webui/setup.sh(1 hunks)application/open-webui/tool-servers.json(1 hunks)
🧠 Learnings (3)
application/open-webui/setup.Dockerfile (1)
Learnt from: amotl
PR: #1033
File: topic/machine-learning/llm-langchain/README.md:138-156
Timestamp: 2025-07-21T18:46:07.556Z
Learning: The uvx command is the launcher program provided by the uv package manager, used to run Python tools in isolated environments without installing them globally. It is not part of uvicorn-ext.
application/open-webui/tool-servers.json (1)
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
application/open-webui/README.md (1)
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
🪛 Checkov (3.2.334)
application/open-webui/compose.yml
[MEDIUM] 47-48: Basic Auth Credentials
(CKV_SECRET_4)
🧰 Additional context used
🧠 Learnings (3)
application/open-webui/setup.Dockerfile (1)
Learnt from: amotl
PR: #1033
File: topic/machine-learning/llm-langchain/README.md:138-156
Timestamp: 2025-07-21T18:46:07.556Z
Learning: The uvx command is the launcher program provided by the uv package manager, used to run Python tools in isolated environments without installing them globally. It is not part of uvicorn-ext.
application/open-webui/tool-servers.json (1)
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
application/open-webui/README.md (1)
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
🪛 Checkov (3.2.334)
application/open-webui/compose.yml
[MEDIUM] 47-48: Basic Auth Credentials
(CKV_SECRET_4)
🔇 Additional comments (6)
application/open-webui/tool-servers.json (2)
4-7:auth_type: "bearer"with an emptykeyis inconsistentOpen WebUI treats
beareras an authenticated scheme. Supplying an empty token will usually make every request fail with 401.
• If MCPO is intentionally unauthenticated, switchauth_typeto"none"and dropkey.
• Otherwise inject the token at build/run time (e.g. via env-subst insetup.sh).
2-2: Validate property name against Open WebUI APIThe REST endpoint
/api/v1/configs/tool_serversexpects the JSON body to start with atool_serversarray (lower-case snake-case) in recent versions. Using the upper-caseTOOL_SERVER_CONNECTIONSmight be ignored. Please confirm compatibility with the exact Open WebUI release you ship incompose.yml.application/open-webui/setup.Dockerfile (1)
1-1:python:3.13-slim-bookwormis a pre-release tagPython 3.13 is still in beta; APIs or wheel availability may change and break reproducibility. Pin to the latest stable (e.g.
python:3.12-slim-bookworm) unless 3.13 features are required.application/open-webui/README.md (1)
41-44: Verify exposed ports match Compose configurationPort
6200for Open WebUI differs from its default 8080. Ensurecompose.ymlpublishes6200or adjust the docs accordingly to avoid 404s.application/open-webui/setup.sh (2)
26-27: Send JSON instead of form-encoded fieldsHTTPie sends form-encoded data by default. To ensure the
/api/v1/users/user/settings/updateendpoint receives a JSON payload, switch to--jsonor use the:=operator:-http --ignore-stdin ${OPEN_WEBUI_URL}/api/v1/users/user/settings/update Authorization:"Bearer $token" ui[system]="$( cratedb-mcp show-prompt )" ui[notificationEnabled]="true" +http --ignore-stdin \ + --json \ + "${OPEN_WEBUI_URL}/api/v1/users/user/settings/update" \ + Authorization:"Bearer $token" \ + ui:="{\"system\":\"$(cratedb-mcp show-prompt)\",\"notificationEnabled\":true}"• Confirm that this endpoint expects a JSON body rather than form-encoded fields.
28-35: Use explicit JSON mode for configuration HTTP callsThe
tool_servers,models, andretrieval/embeddingendpoints expectapplication/json. Without--json(or an explicitContent-Type: application/json), these requests can silently fail with 415/400.Please update
application/open-webui/setup.sh(lines 28–35) as follows:- http --ignore-stdin ${OPEN_WEBUI_URL}/api/v1/configs/tool_servers Authorization:"Bearer $token" "@tool-servers.json" + http --json --ignore-stdin POST ${OPEN_WEBUI_URL}/api/v1/configs/tool_servers \ + Authorization:"Bearer $token" < tool-servers.json - http --ignore-stdin ${OPEN_WEBUI_URL}/api/v1/configs/models Authorization:"Bearer $token" DEFAULT_MODELS="gpt-4.1" MODEL_ORDER_LIST="[]" + http --json --ignore-stdin POST ${OPEN_WEBUI_URL}/api/v1/configs/models \ + Authorization:"Bearer $token" DEFAULT_MODELS="gpt-4.1" MODEL_ORDER_LIST="[]" - http --ignore-stdin ${OPEN_WEBUI_URL}/api/v1/retrieval/embedding/update Authorization:"Bearer $token" embedding_engine="openai" embedding_model="text-embedding-3-small" + http --json --ignore-stdin POST ${OPEN_WEBUI_URL}/api/v1/retrieval/embedding/update \ + Authorization:"Bearer $token" embedding_engine="openai" embedding_model="text-embedding-3-small"Please verify these changes against your server’s expectations.
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (2)
application/open-webui/README.md (2)
34-44: Convert bare URLs to Markdown links to satisfy MD034 and improve UXMarkdown-lint flags these naked URLs; wrapping them keeps the doc tidy and clickable:
-- CrateDB: http://localhost:4200/ -- Open WebUI: http://localhost:6200/ +- [CrateDB](http://localhost:4200/) +- [Open WebUI](http://localhost:6200/) @@ - - Swagger: http://localhost:5200/docs - - OpenAPI: http://localhost:5200/openapi.json + - [Swagger](http://localhost:5200/docs) + - [OpenAPI](http://localhost:5200/openapi.json) @@ - - Swagger: http://localhost:6200/docs - - OpenAPI: http://localhost:6200/openapi.json + - [Swagger](http://localhost:6200/docs) + - [OpenAPI](http://localhost:6200/openapi.json)
19-27: Clarify precedence between shell exports and.envvaluesThe guide first recommends
export OPENAI_API_KEY=…, then hints at putting it into.env. Newcomers may wonder which value wins and when. Adding one sentence such as:“Values in your shell override the ones in
.envwhen runningdocker compose, so set only one of them.”would save some trial-and-error.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
application/open-webui/.env(1 hunks)application/open-webui/README.md(1 hunks)
🧰 Additional context used
🧠 Learnings (1)
application/open-webui/README.md (1)
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
🪛 dotenv-linter (3.3.0)
application/open-webui/.env
[warning] 11-11: [ExtraBlankLine] Extra blank line detected
[warning] 19-19: [QuoteCharacter] The value has quote characters (', ")
[warning] 20-20: [QuoteCharacter] The value has quote characters (', ")
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
34-34: Bare URL used
(MD034, no-bare-urls)
35-35: Bare URL used
(MD034, no-bare-urls)
40-40: Bare URL used
(MD034, no-bare-urls)
41-41: Bare URL used
(MD034, no-bare-urls)
43-43: Bare URL used
(MD034, no-bare-urls)
44-44: Bare URL used
(MD034, no-bare-urls)
🔇 Additional comments (1)
application/open-webui/README.md (1)
68-70: Service count is outdated—compose.ymldefines five services, not threeREADME lists only CrateDB, CrateDB MCPO and Open WebUI, but the stack also spins up the
setuphelper and await-for-it(or similar) utility. Update the bullet to avoid reader confusion and future drift.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
application/open-webui/.env (1)
9-11: Remove consecutive blank lines to satisfy dotenv-linter.There are two successive blank lines after the commented
OPENAI_API_KEYentry.
Most linters (and some CI hooks) flag this asExtraBlankLine.-# OPENAI_API_KEY=your_openai_api_key - - +# OPENAI_API_KEY=your_openai_api_key +application/open-webui/README.md (1)
34-45: Convert bare URLs to Markdown links for lint compliance.
markdownlintflags these asMD034. Switching to link syntax also improves readability:-- CrateDB: http://localhost:4200/ -- Open WebUI: http://localhost:6200/ +- [CrateDB](http://localhost:4200/) +- [Open WebUI](http://localhost:6200/)Apply the same style to the Swagger/OpenAPI URLs below.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
application/open-webui/.env(1 hunks)application/open-webui/README.md(1 hunks)
🧰 Additional context used
🧠 Learnings (2)
application/open-webui/.env (1)
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_mcp.py:16-16
Timestamp: 2025-07-20T00:15:45.273Z
Learning: When providing API key examples in documentation, use clear placeholders like "your_api_key_here" instead of realistic-looking fake keys, even if they contain "--invalid--" markers, to avoid triggering security scanners and provide clearer guidance to users.
application/open-webui/README.md (1)
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
🪛 dotenv-linter (3.3.0)
application/open-webui/.env
[warning] 11-11: [ExtraBlankLine] Extra blank line detected
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
34-34: Bare URL used
(MD034, no-bare-urls)
35-35: Bare URL used
(MD034, no-bare-urls)
40-40: Bare URL used
(MD034, no-bare-urls)
41-41: Bare URL used
(MD034, no-bare-urls)
43-43: Bare URL used
(MD034, no-bare-urls)
44-44: Bare URL used
(MD034, no-bare-urls)
🔇 Additional comments (1)
application/open-webui/.env (1)
19-20: Previous “export” issue resolved – nice!The variables now use plain
KEY=value, making the file directly consumable by Docker Compose. ✅
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (4)
application/open-webui/README.md (4)
22-27: Clarify.envvs. shell export forOPENAI_API_KEY.The snippet shows only the shell export, but the paragraph explicitly mentions that the
.envfile can be used instead. For first-time users it might be worth adding a one-liner that they can copy-paste into.env, e.g.
echo "OPENAI_API_KEY=<your_openai_api_key>" >> .env, or at least pointing out that the variable must not be committed to VC.
This tiny addition avoids confusion and prevents accidental key leaks.
37-50: Replace bare URLs with Markdown links.Markdown-lint flags MD034 for these six bare URLs. Switching to
[text](url)form improves readability and passes lint without changing the rendered output.- CrateDB: http://localhost:4200/ + [CrateDB](http://localhost:4200/)(The same for the remaining five occurrences.)
79-83: Simplify volume cleanup.Instead of two separate
docker volume rm …calls, a singledocker compose down -vremoves the containers and the named volumes in one step, saving users from memorising volume names.
32-33: Consider adding the-dflag in the example command.Running
docker compose upwithout-dties up the current terminal. Most users reading quick-start docs expect the detached mode, sodocker compose up -dis often more ergonomic while still allowing them to follow logs withdocker compose logs -fwhen needed.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
application/open-webui/.env(1 hunks)application/open-webui/README.md(1 hunks)
✅ Files skipped from review due to trivial changes (1)
- application/open-webui/.env
🧰 Additional context used
🧠 Learnings (1)
application/open-webui/README.md (2)
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
39-39: Bare URL used
(MD034, no-bare-urls)
40-40: Bare URL used
(MD034, no-bare-urls)
45-45: Bare URL used
(MD034, no-bare-urls)
46-46: Bare URL used
(MD034, no-bare-urls)
48-48: Bare URL used
(MD034, no-bare-urls)
49-49: Bare URL used
(MD034, no-bare-urls)
amotl
force-pushed
the
open-webui
branch
3 times, most recently
from
66b0d35 to
9bf92e8
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (2)
.github/workflows/application-open-webui.yml (1)
39-51: Fix lint warnings & quote shell expansionsYAML-/Shell-lint is already complaining; quick win:
- - name: Acquire sources + - name: Acquire sources @@ - # TODO: Generalize invocation into `ngr` test runner. - + # TODO: Generalize invocation into `ngr` test runner. @@ - exit $( docker wait open-webui-test-1 ) + exit "$(docker wait open-webui-test-1)"• indentation = 2 spaces under
steps
• remove trailing blanks
• quote command substitution to silence SC2046application/open-webui/README.md (1)
105-108: Document only user-facing services or call out helpers explicitlyListing three services here is fine (per earlier discussion) but a tiny note such as “helper jobs (
setup,test, …) excluded for brevity” would avert future confusion.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (11)
.github/dependabot.yml(1 hunks).github/workflows/application-open-webui.yml(1 hunks)application/open-webui/.env(1 hunks)application/open-webui/README.md(1 hunks)application/open-webui/compose.yml(1 hunks)application/open-webui/init/.env(1 hunks)application/open-webui/init/Dockerfile(1 hunks)application/open-webui/init/init.sql(1 hunks)application/open-webui/init/setup.sh(1 hunks)application/open-webui/init/test.sh(1 hunks)application/open-webui/init/tool-servers.json(1 hunks)
✅ Files skipped from review due to trivial changes (5)
- .github/dependabot.yml
- application/open-webui/init/.env
- application/open-webui/init/Dockerfile
- application/open-webui/init/init.sql
- application/open-webui/init/tool-servers.json
🚧 Files skipped from review as they are similar to previous changes (1)
- application/open-webui/.env
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: amotl
PR: crate/cratedb-examples#1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
application/open-webui/compose.yml (5)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1033
File: topic/machine-learning/llm-langchain/README.md:138-156
Timestamp: 2025-07-21T18:46:07.556Z
Learning: In CrateDB MCP server configuration, the correct environment variable name is CRATEDB_MCP_TRANSPORT, not CRATEDB_MCP_ADAPTER_TRANSPORT. This variable is used throughout the CrateDB MCP codebase to specify the transport protocol.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_mcp.py:16-16
Timestamp: 2025-07-20T00:15:45.273Z
Learning: When providing API key examples in documentation, use clear placeholders like "your_api_key_here" instead of realistic-looking fake keys, even if they contain "--invalid--" markers, to avoid triggering security scanners and provide clearer guidance to users.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
application/open-webui/README.md (3)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
🪛 actionlint (1.7.7)
.github/workflows/application-open-webui.yml
43-43: shellcheck reported issue in this script: SC2046:warning:8:6: Quote this to prevent word splitting
(shellcheck)
🪛 YAMLlint (1.37.1)
.github/workflows/application-open-webui.yml
[warning] 39-39: wrong indentation: expected 4 but found 6
(indentation)
[error] 45-45: trailing spaces
(trailing-spaces)
[error] 49-49: trailing spaces
(trailing-spaces)
🪛 Checkov (3.2.334)
application/open-webui/compose.yml
[MEDIUM] 47-48: Basic Auth Credentials
(CKV_SECRET_4)
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
45-45: Bare URL used
(MD034, no-bare-urls)
46-46: Bare URL used
(MD034, no-bare-urls)
51-51: Bare URL used
(MD034, no-bare-urls)
52-52: Bare URL used
(MD034, no-bare-urls)
54-54: Bare URL used
(MD034, no-bare-urls)
55-55: Bare URL used
(MD034, no-bare-urls)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: OS ubuntu-latest
🔇 Additional comments (3)
application/open-webui/init/setup.sh (1)
45-46: KeepDEFAULT_MODELSconsistent with the test harnessIf you decide to keep
gpt-4.55in the test, update this line accordingly; otherwise update the test as suggested. A single source of truth prevents drift.application/open-webui/compose.yml (2)
37-40:curlmay not exist in the CrateDB image – verify health-checkMany slim images (including Crate’s Alpine variant) omit
curl, causing the container to stay inunhealthyforever.Consider:
- test: [ "CMD", "curl", "--fail", "http://localhost:4200" ] + test: [ "CMD-SHELL", "wget -q -O- http://localhost:4200 || exit 1" ]or add
apk add curlin an init container.
68-80: Environment section is fine – value is pulled from.envGood call using
${OPENAI_API_KEY}so Compose passes the value through without stripping it.
amotl
force-pushed
the
open-webui
branch
2 times, most recently
from
436ca33 to
2c99c80
Compare
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (3)
application/open-webui/README.md (2)
8-10: Clarify wording & tighten the non-production disclaimerThe current phrasing is grammatically awkward and could be mis-read as partially secure. A tighter sentence helps readers instantly grasp that this stack is demo-only.
-It is mostly about demonstration purposes, and does not include any measures -of security concerns. In this spirit, it is not suitable for production use. +This stack is intended solely for demonstration purposes and does **not** implement +any security hardening. Do **not** deploy it to production.
54-65: Replace bare URLs with Markdown links to satisfy MD034markdownlint flags the bare links; switching to proper Markdown links silences the linter and improves readability.
-- CrateDB: http://localhost:4200/ -- Open WebUI: http://localhost:6200/ +- [CrateDB](http://localhost:4200/) +- [Open WebUI](http://localhost:6200/) - - Swagger: http://localhost:5200/docs - - OpenAPI: http://localhost:5200/openapi.json + - [Swagger](http://localhost:5200/docs) + - [OpenAPI](http://localhost:5200/openapi.json) - - Swagger: http://localhost:6200/docs - - OpenAPI: http://localhost:6200/openapi.json + - [Swagger](http://localhost:6200/docs) + - [OpenAPI](http://localhost:6200/openapi.json)application/open-webui/compose.yml (1)
52-56: Turn the MCPO health-check back on for better orchestrationWith the check commented out,
depends_on: condition: service_healthyin downstream containers can’t be used effectively. Re-enabling the probe adds only a small overhead and prevents “port open but app not ready” races.- #healthcheck: - # test: [ "CMD", "curl", "--fail", "http://localhost:8000/docs" ] - # start_period: 3s - # interval: 10s + healthcheck: + test: [ "CMD", "curl", "--fail", "http://localhost:8000/docs" ] + start_period: 3s + interval: 10s + timeout: 30s + retries: 5
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (11)
.github/dependabot.yml(1 hunks).github/workflows/application-open-webui.yml(1 hunks)application/open-webui/.env(1 hunks)application/open-webui/README.md(1 hunks)application/open-webui/compose.yml(1 hunks)application/open-webui/init/.env(1 hunks)application/open-webui/init/Dockerfile(1 hunks)application/open-webui/init/init.sql(1 hunks)application/open-webui/init/setup.sh(1 hunks)application/open-webui/init/test.sh(1 hunks)application/open-webui/init/tool-servers.json(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (9)
- .github/dependabot.yml
- application/open-webui/init/.env
- application/open-webui/init/init.sql
- application/open-webui/init/tool-servers.json
- application/open-webui/init/Dockerfile
- application/open-webui/.env
- application/open-webui/init/test.sh
- application/open-webui/init/setup.sh
- .github/workflows/application-open-webui.yml
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: amotl
PR: crate/cratedb-examples#1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
application/open-webui/README.md (3)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
application/open-webui/compose.yml (5)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1033
File: topic/machine-learning/llm-langchain/README.md:138-156
Timestamp: 2025-07-21T18:46:07.556Z
Learning: In CrateDB MCP server configuration, the correct environment variable name is CRATEDB_MCP_TRANSPORT, not CRATEDB_MCP_ADAPTER_TRANSPORT. This variable is used throughout the CrateDB MCP codebase to specify the transport protocol.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_mcp.py:16-16
Timestamp: 2025-07-20T00:15:45.273Z
Learning: When providing API key examples in documentation, use clear placeholders like "your_api_key_here" instead of realistic-looking fake keys, even if they contain "--invalid--" markers, to avoid triggering security scanners and provide clearer guidance to users.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
54-54: Bare URL used
(MD034, no-bare-urls)
55-55: Bare URL used
(MD034, no-bare-urls)
60-60: Bare URL used
(MD034, no-bare-urls)
61-61: Bare URL used
(MD034, no-bare-urls)
63-63: Bare URL used
(MD034, no-bare-urls)
64-64: Bare URL used
(MD034, no-bare-urls)
🪛 Checkov (3.2.334)
application/open-webui/compose.yml
[MEDIUM] 47-48: Basic Auth Credentials
(CKV_SECRET_4)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: OS ubuntu-latest
🔇 Additional comments (3)
application/open-webui/README.md (1)
114-118: Service count statement aligns with previous review context – looks goodThe README correctly lists the three user-facing daemon services and explicitly excludes helper jobs, consistent with earlier discussion and learnings. No action needed.
application/open-webui/compose.yml (2)
47-48: Hard-coded demo credentials accepted
CRATEDB_CLUSTER_URLembedscrate:cratewhich would normally trigger a secret-scan finding, but per repository policy these inline creds are kept for simplicity in demos. No change required.
96-99: Consider re-activating the dependency on MCPOIf Open WebUI is expected to call MCPO immediately on start-up (e.g. tool-server discovery during boot), leaving this dependency commented may cause intermittent 5xx errors on first requests. If that interaction happens only after manual configuration, keeping it disabled is fine—please verify.
- #depends_on: - # cratedb-mcpo: - # condition: service_healthy + depends_on: + cratedb-mcpo: + condition: service_healthy
There was a problem hiding this comment.
Actionable comments posted: 3
♻️ Duplicate comments (1)
application/open-webui/compose.yml (1)
47-48: Hard-coded Basic-Auth credentials kept intentionally – no actionThe
crate:cratepair is acceptable here per previous discussion and repository policy for demo stacks.
No further changes required.
🧹 Nitpick comments (2)
application/open-webui/README.md (2)
54-65: Convert bare URLs to proper Markdown links
markdownlint(MD034) flags the unwrapped URLs. Wrapping them in link-syntax avoids stylistic warnings and produces clickable anchors.- - CrateDB: http://localhost:4200/ - - Open WebUI: http://localhost:6200/ + - [CrateDB](http://localhost:4200/) + - [Open WebUI](http://localhost:6200/) @@ - - CrateDB MCPO: - - Swagger: http://localhost:5200/docs - - OpenAPI: http://localhost:5200/openapi.json - - Open WebUI: - - Swagger: http://localhost:6200/docs - - OpenAPI: http://localhost:6200/openapi.json + - **CrateDB MCPO** + - [Swagger](http://localhost:5200/docs) + - [OpenAPI spec](http://localhost:5200/openapi.json) + - **Open WebUI** + - [Swagger](http://localhost:6200/docs) + - [OpenAPI spec](http://localhost:6200/openapi.json)
68-78: Clarify prerequisite toggles to prevent mis-configurationMany first-time users overlook the “Function Calling: Native” and “Temperature 0.0” steps. Consider adding a sentence that the setup script already enforces these values, but they can be reviewed/changed via the UI for experimentation.
This avoids confusion when the manual UI state diverges from scripted defaults.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
.github/dependabot.yml(1 hunks).github/workflows/application-open-webui.yml(1 hunks)application/open-webui/README.md(1 hunks)application/open-webui/compose.yml(1 hunks)application/open-webui/init/Dockerfile(1 hunks)application/open-webui/init/test.sh(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (4)
- application/open-webui/init/Dockerfile
- .github/dependabot.yml
- application/open-webui/init/test.sh
- .github/workflows/application-open-webui.yml
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: amotl
PR: crate/cratedb-examples#1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
application/open-webui/README.md (3)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
application/open-webui/compose.yml (5)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1033
File: topic/machine-learning/llm-langchain/README.md:138-156
Timestamp: 2025-07-21T18:46:07.556Z
Learning: In CrateDB MCP server configuration, the correct environment variable name is CRATEDB_MCP_TRANSPORT, not CRATEDB_MCP_ADAPTER_TRANSPORT. This variable is used throughout the CrateDB MCP codebase to specify the transport protocol.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_mcp.py:16-16
Timestamp: 2025-07-20T00:15:45.273Z
Learning: When providing API key examples in documentation, use clear placeholders like "your_api_key_here" instead of realistic-looking fake keys, even if they contain "--invalid--" markers, to avoid triggering security scanners and provide clearer guidance to users.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
54-54: Bare URL used
(MD034, no-bare-urls)
55-55: Bare URL used
(MD034, no-bare-urls)
60-60: Bare URL used
(MD034, no-bare-urls)
61-61: Bare URL used
(MD034, no-bare-urls)
63-63: Bare URL used
(MD034, no-bare-urls)
64-64: Bare URL used
(MD034, no-bare-urls)
🪛 Checkov (3.2.334)
application/open-webui/compose.yml
[MEDIUM] 47-48: Basic Auth Credentials
(CKV_SECRET_4)
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (3)
application/open-webui/compose.yml (3)
52-55: Health-check for MCPO still commented outSame race-condition risk noted previously; enabling with a lightweight
wgetkeepsdepends_on: … service_healthyusable.
96-98: Re-enabledepends_onto prevent WebUI → MCPO 502s on cold start
112-113: Gatesetupon MCPO health for deterministic provisioning
🧹 Nitpick comments (3)
application/open-webui/README.md (3)
8-9: Tighten wording for clarityThe phrase is a bit clunky and double-negatives make the message harder to parse.
-It is mostly about demonstration purposes, and does not include any measures -of security concerns. In this spirit, it is not suitable for production use. +This stack is intended solely for demonstration purposes and is **not** hardened +for production security.
36-41: Show a minimal.envexample to speed up onboardingMost users will copy-paste; giving them an explicit snippet avoids guesswork.
### Start services @@ -```shell -export OPENAI_API_KEY=<your_openai_api_key> -``` +Create a `.env` file next to `compose.yml`: + +```dotenv +# .env +OPENAI_API_KEY=your_openai_api_key_here +``` + +Or export it for a one-off run: + +```shell +export OPENAI_API_KEY=<your_openai_api_key> +```
54-64: Convert bare URLs into markdown links for MD034 complianceLint failures are noise in CI; wrapping the URLs keeps the doc readable and quiets markdown-lint.
-- CrateDB: http://localhost:4200/ -- Open WebUI: http://localhost:6200/ +- [CrateDB](http://localhost:4200/) +- [Open WebUI](http://localhost:6200/) @@ - - Swagger: http://localhost:5200/docs - - OpenAPI: http://localhost:5200/openapi.json + - [Swagger](http://localhost:5200/docs) + - [OpenAPI](http://localhost:5200/openapi.json) @@ - - Swagger: http://localhost:6200/docs - - OpenAPI: http://localhost:6200/openapi.json + - [Swagger](http://localhost:6200/docs) + - [OpenAPI](http://localhost:6200/openapi.json)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (11)
.github/dependabot.yml(1 hunks).github/workflows/application-open-webui.yml(1 hunks)application/open-webui/.env(1 hunks)application/open-webui/README.md(1 hunks)application/open-webui/compose.yml(1 hunks)application/open-webui/init/.env(1 hunks)application/open-webui/init/Dockerfile(1 hunks)application/open-webui/init/init.sql(1 hunks)application/open-webui/init/setup.sh(1 hunks)application/open-webui/init/test.sh(1 hunks)application/open-webui/init/tool-servers.json(1 hunks)
✅ Files skipped from review due to trivial changes (1)
- application/open-webui/init/Dockerfile
🚧 Files skipped from review as they are similar to previous changes (8)
- application/open-webui/init/.env
- .github/dependabot.yml
- application/open-webui/.env
- application/open-webui/init/test.sh
- .github/workflows/application-open-webui.yml
- application/open-webui/init/setup.sh
- application/open-webui/init/tool-servers.json
- application/open-webui/init/init.sql
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: amotl
PR: crate/cratedb-examples#1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
application/open-webui/README.md (4)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
application/open-webui/compose.yml (5)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1033
File: topic/machine-learning/llm-langchain/README.md:138-156
Timestamp: 2025-07-21T18:46:07.556Z
Learning: In CrateDB MCP server configuration, the correct environment variable name is CRATEDB_MCP_TRANSPORT, not CRATEDB_MCP_ADAPTER_TRANSPORT. This variable is used throughout the CrateDB MCP codebase to specify the transport protocol.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_mcp.py:16-16
Timestamp: 2025-07-20T00:15:45.273Z
Learning: When providing API key examples in documentation, use clear placeholders like "your_api_key_here" instead of realistic-looking fake keys, even if they contain "--invalid--" markers, to avoid triggering security scanners and provide clearer guidance to users.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
54-54: Bare URL used
(MD034, no-bare-urls)
55-55: Bare URL used
(MD034, no-bare-urls)
60-60: Bare URL used
(MD034, no-bare-urls)
61-61: Bare URL used
(MD034, no-bare-urls)
63-63: Bare URL used
(MD034, no-bare-urls)
64-64: Bare URL used
(MD034, no-bare-urls)
🪛 Checkov (3.2.334)
application/open-webui/compose.yml
[MEDIUM] 47-48: Basic Auth Credentials
(CKV_SECRET_4)
🔇 Additional comments (1)
application/open-webui/compose.yml (1)
36-39: CrateDB image may not containcurl; switch health-check to BusyBoxwgetor use aCMD-SHELLIf
curlis missing the container will be marked unhealthy forever, blocking every downstream service.healthcheck: - test: [ "CMD", "curl", "--fail", "http://localhost:4200" ] + # BusyBox `wget` ships in the Crate image; avoids adding curl. + test: [ "CMD", "wget", "-qO-", "http://localhost:4200" ] start_period: 3s interval: 10sWould you double-check that
wgetis present in thecrate/crate:6.0.0image, or install a tiny curl if not?
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (3)
application/open-webui/compose.yml (3)
52-59: Still missing MCPO health-check – earlier suggestion applies unchanged
Health-check is commented out; without itdepends_on: condition: service_healthyon downstream services cannot work. See prior diff withwget.
96-99: Re-enable dependency on MCPO to avoid WebUI 502s on start-up
Same remark as in the previous review – leave the block uncommented so WebUI waits until MCPO is healthy.
109-115: Gatesetupon MCPO health to make provisioning deterministic
The provisioning script posts data to MCPO; uncommenting this dependency avoids sporadic 502s.
🧹 Nitpick comments (3)
application/open-webui/compose.yml (2)
37-39: Preferwgetovercurl– it is already in the CrateDB imageThe official
crate:6.0.0image ships with BusyBoxwgetbut nocurl.
Usingcurlhere will make the health-check fail instantly on fresh pulls.- test: [ "CMD", "curl", "--fail", "http://localhost:4200" ] +# BusyBox’s wget is present in the crate image by default. + test: ["CMD", "wget", "-qO-", "http://localhost:4200"]
68-84: Trim verbose WebUI env overrides for brevity (optional)Most of these flags are already the defaults in 0.6.18 (
ENABLE_SIGNUP,ENABLE_LOGIN_FORM,WEBUI_AUTH, etc.). Keeping only the non-default ones (OPENAI_API_KEY,DEFAULT_USER_ROLE,DEFAULT_MODELS) would shorten the file without changing behaviour.application/open-webui/README.md (1)
45-48: Add-dflag to compose command for typical detached usage-docker compose up +docker compose up -dRunning in detached mode is what most users expect for long-running stacks.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
.github/dependabot.yml(1 hunks).github/workflows/application-open-webui.yml(1 hunks)application/open-webui/README.md(1 hunks)application/open-webui/compose.yml(1 hunks)application/open-webui/init/Dockerfile(1 hunks)application/open-webui/init/test.sh(1 hunks)
✅ Files skipped from review due to trivial changes (2)
- .github/dependabot.yml
- application/open-webui/init/Dockerfile
🚧 Files skipped from review as they are similar to previous changes (2)
- application/open-webui/init/test.sh
- .github/workflows/application-open-webui.yml
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: amotl
PR: crate/cratedb-examples#1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
application/open-webui/README.md (4)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
application/open-webui/compose.yml (5)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.527Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.102Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1033
File: topic/machine-learning/llm-langchain/README.md:138-156
Timestamp: 2025-07-21T18:46:07.556Z
Learning: In CrateDB MCP server configuration, the correct environment variable name is CRATEDB_MCP_TRANSPORT, not CRATEDB_MCP_ADAPTER_TRANSPORT. This variable is used throughout the CrateDB MCP codebase to specify the transport protocol.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_mcp.py:16-16
Timestamp: 2025-07-20T00:15:45.273Z
Learning: When providing API key examples in documentation, use clear placeholders like "your_api_key_here" instead of realistic-looking fake keys, even if they contain "--invalid--" markers, to avoid triggering security scanners and provide clearer guidance to users.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
54-54: Bare URL used
(MD034, no-bare-urls)
55-55: Bare URL used
(MD034, no-bare-urls)
60-60: Bare URL used
(MD034, no-bare-urls)
61-61: Bare URL used
(MD034, no-bare-urls)
63-63: Bare URL used
(MD034, no-bare-urls)
64-64: Bare URL used
(MD034, no-bare-urls)
🪛 Checkov (3.2.334)
application/open-webui/compose.yml
[MEDIUM] 47-48: Basic Auth Credentials
(CKV_SECRET_4)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: OS ubuntu-latest
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (3)
application/open-webui/README.md (3)
36-45: Guard against checking secrets into VCS
.envis convenient, but newcomers may accidentally commit it. A brief reminder (e.g. “Don’t commit this file – add it to .gitignore or use a secret-management mechanism”) would help prevent leaked API keys.
56-69: Replace bare URLs to satisfymarkdownlintand improve readability
MD034is flagged for every plain URL. Wrapping them in markdown links keeps the doc lint-clean without altering meaning:-- CrateDB: http://localhost:4200/ -- Open WebUI: http://localhost:6200/ +- [CrateDB](http://localhost:4200/) +- [Open WebUI](http://localhost:6200/)…and similarly for the Swagger/OpenAPI endpoints.
47-52: Consider detached mode for smoother first-run UX
docker compose upstreams verbose logs and blocks the terminal. Most demo guides use the detached flag and then showdocker compose logs -fas an option:-docker compose up +docker compose up -d +# watch logs (optional) +docker compose logs -fMakes the quick-start friendlier.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
application/open-webui/README.md(1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: amotl
PR: crate/cratedb-examples#1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
application/open-webui/README.md (4)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.146Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
58-58: Bare URL used
(MD034, no-bare-urls)
59-59: Bare URL used
(MD034, no-bare-urls)
64-64: Bare URL used
(MD034, no-bare-urls)
65-65: Bare URL used
(MD034, no-bare-urls)
67-67: Bare URL used
(MD034, no-bare-urls)
68-68: Bare URL used
(MD034, no-bare-urls)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: OS ubuntu-latest
🔇 Additional comments (1)
application/open-webui/README.md (1)
118-123: Verify.envcoverage – isOPEN_WEBUI_URLstill required?
Earlier setup scripts (init/setup.sh) referencedOPEN_WEBUI_URL. The table now lists onlyOPENAI_API_KEY. Double-check that the script no longer expects the URL; if it does, document it here to avoid fresh-user failures.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
- This adds the new tool `get_table_columns`. - Activate health checks for MCPO container.
- Use `function_calling=native` and `temperature=0`
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (4)
application/open-webui/README.md (3)
36-46: Ship a template.env.exampleand keep real keys out of the repoDocumenting the variable is great, but many users will copy-paste and accidentally commit their real key.
Typical demo repos ship a*.examplethat is git-tracked and ask users tocp .env.example .env.
No code change required, just add the skeleton file and tweak the wording.
47-53: Suggestdocker compose up -d --buildfor a smoother first runRunning in detached mode lets the terminal return immediately, and
--buildguarantees local images are rebuilt when you tweak the init scripts.-docker compose up +docker compose up -d --build
63-70: Replace bare URLs with Markdown links to silence MD034 warningsStatic analysis flags every naked URL. Swapping to link syntax keeps the rendered output identical and removes the warning noise.
- CrateDB: http://localhost:4200/ - Open WebUI: http://localhost:6200/ + [CrateDB](http://localhost:4200/) + [Open WebUI](http://localhost:6200/)Repeat for the API and Jupyter entries below.
application/open-webui/compose.yml (1)
166-167:deploy.replicasis ignored by classic Compose – useprofilesinsteadThe
replicas: 0stanza only affects Swarm mode.
If you want thetestservice skipped unless explicitly requested:test: build: context: init command: bash /app/test.sh + profiles: ["test"]Users can then run
docker compose --profile test up.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (11)
.github/dependabot.yml(1 hunks).github/workflows/application-open-webui.yml(1 hunks)application/open-webui/.env(1 hunks)application/open-webui/README.md(1 hunks)application/open-webui/compose.yml(1 hunks)application/open-webui/init/.env(1 hunks)application/open-webui/init/Dockerfile(1 hunks)application/open-webui/init/init.sql(1 hunks)application/open-webui/init/setup.sh(1 hunks)application/open-webui/init/test.sh(1 hunks)application/open-webui/init/tool-servers.json(1 hunks)
✅ Files skipped from review due to trivial changes (2)
- .github/dependabot.yml
- application/open-webui/init/Dockerfile
🚧 Files skipped from review as they are similar to previous changes (7)
- application/open-webui/init/.env
- application/open-webui/.env
- application/open-webui/init/test.sh
- application/open-webui/init/init.sql
- application/open-webui/init/setup.sh
- .github/workflows/application-open-webui.yml
- application/open-webui/init/tool-servers.json
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: amotl
PR: crate/cratedb-examples#1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. This has been verified by direct testing with the command `docker run --rm -it crate/crate:6.0.0 curl --help`.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official CrateDB Docker image crate/crate:6.0.0 includes curl (version 8.12.1), as demonstrated by amotl. Note that Docker is not available in the CodeRabbit sandbox environment, so Docker image contents cannot be directly tested through shell scripts.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official crate/crate:6.0.0 Docker image includes curl (version 8.12.1 as demonstrated by amotl), contrary to test results that may vary depending on execution environment, platform architecture, or image registry differences.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. The image name should be specified as "crate/crate:6.0.0" not just "crate:6.0.0".
application/open-webui/compose.yml (9)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.146Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official CrateDB Docker image crate/crate:6.0.0 includes curl (version 8.12.1), as demonstrated by amotl. Note that Docker is not available in the CodeRabbit sandbox environment, so Docker image contents cannot be directly tested through shell scripts.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. This has been verified by direct testing with the command docker run --rm -it crate/crate:6.0.0 curl --help.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official crate/crate:6.0.0 Docker image includes curl (version 8.12.1 as demonstrated by amotl), contrary to test results that may vary depending on execution environment, platform architecture, or image registry differences.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. The image name should be specified as "crate/crate:6.0.0" not just "crate:6.0.0".
Learnt from: amotl
PR: #1033
File: topic/machine-learning/llm-langchain/README.md:138-156
Timestamp: 2025-07-21T18:46:07.556Z
Learning: In CrateDB MCP server configuration, the correct environment variable name is CRATEDB_MCP_TRANSPORT, not CRATEDB_MCP_ADAPTER_TRANSPORT. This variable is used throughout the CrateDB MCP codebase to specify the transport protocol.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_mcp.py:16-16
Timestamp: 2025-07-20T00:15:45.273Z
Learning: When providing API key examples in documentation, use clear placeholders like "your_api_key_here" instead of realistic-looking fake keys, even if they contain "--invalid--" markers, to avoid triggering security scanners and provide clearer guidance to users.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
application/open-webui/README.md (6)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.146Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official CrateDB Docker image crate/crate:6.0.0 includes curl (version 8.12.1), as demonstrated by amotl. Note that Docker is not available in the CodeRabbit sandbox environment, so Docker image contents cannot be directly tested through shell scripts.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. This has been verified by direct testing with the command docker run --rm -it crate/crate:6.0.0 curl --help.
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
🪛 Checkov (3.2.334)
application/open-webui/compose.yml
[MEDIUM] 48-49: Basic Auth Credentials
(CKV_SECRET_4)
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
58-58: Bare URL used
(MD034, no-bare-urls)
59-59: Bare URL used
(MD034, no-bare-urls)
64-64: Bare URL used
(MD034, no-bare-urls)
65-65: Bare URL used
(MD034, no-bare-urls)
67-67: Bare URL used
(MD034, no-bare-urls)
68-68: Bare URL used
(MD034, no-bare-urls)
70-70: Bare URL used
(MD034, no-bare-urls)
🔇 Additional comments (2)
application/open-webui/compose.yml (2)
53-56: MCPO health-check assumescurlis in the image – verify or switch towgetIf
ghcr.io/crate/cratedb-mcpo:0.0.6doesn’t bundle curl the container will be markedunhealthyforever, blocking all dependants.
Earlier iterations suggested using BusyBoxwgetto avoid bloating the image; pick one and ensure it’s baked in.
130-134:minimal-notebookimage typically lacks curl – health-check may failJupyter’s base Debian slim doesn’t install curl by default. Consider one of:
- test: [ "CMD", "curl", "--fail", "http://localhost:8888" ] + test: [ "CMD", "wget", "-qO-", "http://localhost:8888" ]or install curl in a lightweight layer.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
application/open-webui/README.md (3)
56-70: Service list and service count are inconsistentYou present Jupyter as a user-facing endpoint (lines 69-70) but later describe the compose file as defining three services. From a reader’s standpoint Jupyter is every bit as visible as CrateDB or WebUI, so either:
- Drop the Jupyter section from the “User interface” list, or
- Adjust the later text to mention four user-facing services.
Staying internally consistent avoids confusion for first-time users.
120-123: “three services” wording contradicts current compose.yml
compose.ymlnow defines four long-running daemons (cratedb,cratedb-mcpo,open-webui,jupyter). The helper jobs are still excluded, which is fine, but the number should be updated to keep the README truthful.- CrateDB, CrateDB MCPO, and Open WebUI. Helper jobs (setup, test, ...) + CrateDB, CrateDB MCPO, Open WebUI, and Jupyter. Helper jobs (setup, test, ...)
36-45: Recommend explaining the.envshortcut explicitlyNewcomers often overlook that Docker Compose auto-loads a project-level
.envfile. A short sentence like “Docker Compose automatically picks up variables from.env; no additional flags are required” would improve clarity and prevent support questions.(No change required in code, only wording.)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (11)
.github/dependabot.yml(1 hunks).github/workflows/application-open-webui.yml(1 hunks)application/open-webui/.env(1 hunks)application/open-webui/README.md(1 hunks)application/open-webui/compose.yml(1 hunks)application/open-webui/init/.env(1 hunks)application/open-webui/init/Dockerfile(1 hunks)application/open-webui/init/init.sql(1 hunks)application/open-webui/init/setup.sh(1 hunks)application/open-webui/init/test.sh(1 hunks)application/open-webui/init/tool-servers.json(1 hunks)
✅ Files skipped from review due to trivial changes (2)
- .github/dependabot.yml
- application/open-webui/init/Dockerfile
🚧 Files skipped from review as they are similar to previous changes (7)
- application/open-webui/.env
- application/open-webui/init/.env
- application/open-webui/init/tool-servers.json
- application/open-webui/init/setup.sh
- .github/workflows/application-open-webui.yml
- application/open-webui/init/test.sh
- application/open-webui/init/init.sql
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. This has been verified by direct testing with the command `docker run --rm -it crate/crate:6.0.0 curl --help`.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official CrateDB Docker image crate/crate:6.0.0 includes curl (version 8.12.1), as demonstrated by amotl. Note that Docker is not available in the CodeRabbit sandbox environment, so Docker image contents cannot be directly tested through shell scripts.
Learnt from: amotl
PR: crate/cratedb-examples#1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official crate/crate:6.0.0 Docker image includes curl (version 8.12.1 as demonstrated by amotl), contrary to test results that may vary depending on execution environment, platform architecture, or image registry differences.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. The image name should be specified as "crate/crate:6.0.0" not just "crate:6.0.0".
application/open-webui/compose.yml (9)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.146Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official CrateDB Docker image crate/crate:6.0.0 includes curl (version 8.12.1), as demonstrated by amotl. Note that Docker is not available in the CodeRabbit sandbox environment, so Docker image contents cannot be directly tested through shell scripts.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. This has been verified by direct testing with the command docker run --rm -it crate/crate:6.0.0 curl --help.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official crate/crate:6.0.0 Docker image includes curl (version 8.12.1 as demonstrated by amotl), contrary to test results that may vary depending on execution environment, platform architecture, or image registry differences.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. The image name should be specified as "crate/crate:6.0.0" not just "crate:6.0.0".
Learnt from: amotl
PR: #1033
File: topic/machine-learning/llm-langchain/README.md:138-156
Timestamp: 2025-07-21T18:46:07.556Z
Learning: In CrateDB MCP server configuration, the correct environment variable name is CRATEDB_MCP_TRANSPORT, not CRATEDB_MCP_ADAPTER_TRANSPORT. This variable is used throughout the CrateDB MCP codebase to specify the transport protocol.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_mcp.py:16-16
Timestamp: 2025-07-20T00:15:45.273Z
Learning: When providing API key examples in documentation, use clear placeholders like "your_api_key_here" instead of realistic-looking fake keys, even if they contain "--invalid--" markers, to avoid triggering security scanners and provide clearer guidance to users.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
application/open-webui/README.md (6)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.146Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official CrateDB Docker image crate/crate:6.0.0 includes curl (version 8.12.1), as demonstrated by amotl. Note that Docker is not available in the CodeRabbit sandbox environment, so Docker image contents cannot be directly tested through shell scripts.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. This has been verified by direct testing with the command docker run --rm -it crate/crate:6.0.0 curl --help.
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
🪛 Checkov (3.2.334)
application/open-webui/compose.yml
[MEDIUM] 48-49: Basic Auth Credentials
(CKV_SECRET_4)
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
58-58: Bare URL used
(MD034, no-bare-urls)
59-59: Bare URL used
(MD034, no-bare-urls)
64-64: Bare URL used
(MD034, no-bare-urls)
65-65: Bare URL used
(MD034, no-bare-urls)
67-67: Bare URL used
(MD034, no-bare-urls)
68-68: Bare URL used
(MD034, no-bare-urls)
70-70: Bare URL used
(MD034, no-bare-urls)
🔇 Additional comments (3)
application/open-webui/compose.yml (3)
38-41:curlin CrateDB health-check is 👍CrateDB 6.0.0 indeed ships
curl, so the health-check will work on all official images. Nothing to change here.
54-56:curldependency in MCPO health-check is safe
cratedb-mcpo:0.0.6is based on python:3.12-slim and already containscurl, so the probe is fine.
69-96: Hard-coded Jupyter token & OpenAI key placeholders are fine for demosGiven the prior agreement that example stacks may expose credentials inline, the static token (
123456) and the explicit${OPENAI_API_KEY}interpolation are acceptable. Just be aware they will trigger secret scanners downstream.
| # Configure system prompt. | ||
| http --ignore-stdin ${OPEN_WEBUI_URL}/api/v1/users/user/settings/update Authorization:"Bearer $token" \ | ||
| ui[system]="$( cratedb-mcp show-prompt )" \ | ||
| ui[params][function_calling]="native" \ | ||
| ui[params][temperature]:=0.0 \ | ||
| ui[notificationEnabled]="true" |
There was a problem hiding this comment.
@WalBeh: It looks like this works well for me now. I don't need to configure the settings manually each time when creating a new chat.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (3)
application/open-webui/compose.yml (2)
5-6: Specify a Compose version for broader portabilityCompose files without an explicit
version:header are perfectly valid with moderndocker compose, but older tooling (including swarm-centric stacks or CI linters) may warn or mis-interpret features such asdeploy,healthcheckconditions, orprofiles.
Adding an explicit schema version (e.g.version: "3.9") at the top keeps the file future-proof and avoids unexpected parser fall-backs.# https://docs.openwebui.com/getting-started/quick-start +version: "3.9" --- networks:
166-167:deploy.replicas: 0is ignored bydocker compose→ useprofilesto disable auto-start
deployis only honoured by Swarm.
With plaindocker composethetestcontainer will still start unless the user specifies--scale, defeating the intention to keep the job dormant.Consider the lighter-weight profiles mechanism:
test: build: context: init command: bash /app/test.sh + profiles: ["test"] networks: - llm-demo - depends_on: - setup: - condition: service_completed_successfully - deploy: - replicas: 0 + depends_on: + setup: + condition: service_completed_successfullyThen run on-demand with:
docker compose --profile test run --rm testapplication/open-webui/README.md (1)
58-70: Convert bare URLs to Markdown links for lint-clean docsmarkdownlint flags the naked HTTP links.
Wrapping them keeps the README tidy and clickable without raising MD034.-- CrateDB: http://localhost:4200/ -- Open WebUI: http://localhost:6200/ +- [CrateDB](http://localhost:4200/) +- [Open WebUI](http://localhost:6200/) @@ -- CrateDB MCPO: - - Swagger: http://localhost:5200/docs - - OpenAPI: http://localhost:5200/openapi.json -- Open WebUI: - - Swagger: http://localhost:6200/docs - - OpenAPI: http://localhost:6200/openapi.json -- Jupyter: - - http://localhost:7200/ +- **CrateDB MCPO** + - [Swagger](http://localhost:5200/docs) + - [OpenAPI](http://localhost:5200/openapi.json) +- **Open WebUI** + - [Swagger](http://localhost:6200/docs) + - [OpenAPI](http://localhost:6200/openapi.json) +- **Jupyter** – [Notebook UI](http://localhost:7200/)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
application/open-webui/README.md(1 hunks)application/open-webui/compose.yml(1 hunks)application/open-webui/init/setup.sh(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- application/open-webui/init/setup.sh
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. This has been verified by direct testing with the command `docker run --rm -it crate/crate:6.0.0 curl --help`.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official CrateDB Docker image crate/crate:6.0.0 includes curl (version 8.12.1), as demonstrated by amotl. Note that Docker is not available in the CodeRabbit sandbox environment, so Docker image contents cannot be directly tested through shell scripts.
Learnt from: amotl
PR: crate/cratedb-examples#1038
File: application/open-webui/compose.yml:103-108
Timestamp: 2025-07-27T22:22:57.501Z
Learning: The ghcr.io/open-webui/open-webui:0.6.18 Docker image includes curl as an available HTTP client tool, as verified by amotl through real-world testing. The health check using `test: [ "CMD", "curl", "--fail", "http://localhost:8080" ]` works correctly with this image.
Learnt from: amotl
PR: crate/cratedb-examples#1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official crate/crate:6.0.0 Docker image includes curl (version 8.12.1 as demonstrated by amotl), contrary to test results that may vary depending on execution environment, platform architecture, or image registry differences.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. The image name should be specified as "crate/crate:6.0.0" not just "crate:6.0.0".
application/open-webui/README.md (6)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:103-108
Timestamp: 2025-07-27T22:22:57.501Z
Learning: The ghcr.io/open-webui/open-webui:0.6.18 Docker image includes curl as an available HTTP client tool, as verified by amotl through real-world testing. The health check using test: [ "CMD", "curl", "--fail", "http://localhost:8080" ] works correctly with this image.
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.146Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
Learnt from: amotl
PR: #937
File: topic/machine-learning/llm-langchain/requirements-dev.txt:2-2
Timestamp: 2025-05-12T20:10:38.614Z
Learning: The cratedb-toolkit package supports various extras including "io", "datasets", "influxdb", "mongodb", "testing", and many others.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official CrateDB Docker image crate/crate:6.0.0 includes curl (version 8.12.1), as demonstrated by amotl. Note that Docker is not available in the CodeRabbit sandbox environment, so Docker image contents cannot be directly tested through shell scripts.
application/open-webui/compose.yml (10)
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:44-48
Timestamp: 2025-07-23T22:00:51.593Z
Learning: In the cratedb-examples repository, hard-coded credentials like "crate:crate" in Docker Compose files are acceptable for demonstration purposes to maintain simplicity and avoid unnecessary layers of indirection, even when flagged by security tools like Checkov.
Learnt from: amotl
PR: #1038
File: application/open-webui/README.md:68-72
Timestamp: 2025-07-23T20:40:47.146Z
Learning: In Docker Compose documentation, when describing service counts, distinguish between main daemon services that users interact with versus auxiliary helper jobs/setup containers. Focus documentation on the user-facing services rather than technical infrastructure services.
Learnt from: amotl
PR: #1038
File: application/open-webui/compose.yml:103-108
Timestamp: 2025-07-27T22:22:57.501Z
Learning: The ghcr.io/open-webui/open-webui:0.6.18 Docker image includes curl as an available HTTP client tool, as verified by amotl through real-world testing. The health check using test: [ "CMD", "curl", "--fail", "http://localhost:8080" ] works correctly with this image.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official CrateDB Docker image crate/crate:6.0.0 includes curl (version 8.12.1), as demonstrated by amotl. Note that Docker is not available in the CodeRabbit sandbox environment, so Docker image contents cannot be directly tested through shell scripts.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. This has been verified by direct testing with the command docker run --rm -it crate/crate:6.0.0 curl --help.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:34.402Z
Learning: The official crate/crate:6.0.0 Docker image includes curl (version 8.12.1 as demonstrated by amotl), contrary to test results that may vary depending on execution environment, platform architecture, or image registry differences.
Learnt from: amotl
PR: crate/cratedb-examples#0
File: :0-0
Timestamp: 2025-07-24T12:30:01.944Z
Learning: The official crate/crate:6.0.0 Docker image includes curl as an available HTTP client tool. The image name should be specified as "crate/crate:6.0.0" not just "crate:6.0.0".
Learnt from: amotl
PR: #1033
File: topic/machine-learning/llm-langchain/README.md:138-156
Timestamp: 2025-07-21T18:46:07.556Z
Learning: In CrateDB MCP server configuration, the correct environment variable name is CRATEDB_MCP_TRANSPORT, not CRATEDB_MCP_ADAPTER_TRANSPORT. This variable is used throughout the CrateDB MCP codebase to specify the transport protocol.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_mcp.py:16-16
Timestamp: 2025-07-20T00:15:45.273Z
Learning: When providing API key examples in documentation, use clear placeholders like "your_api_key_here" instead of realistic-looking fake keys, even if they contain "--invalid--" markers, to avoid triggering security scanners and provide clearer guidance to users.
Learnt from: amotl
PR: #1032
File: topic/machine-learning/llama-index/demo_nlsql.py:28-29
Timestamp: 2025-07-20T00:14:38.710Z
Learning: In demonstration and example code within the cratedb-examples repository, prefer simpler code without extensive error handling to maintain clarity and readability of the examples.
🪛 markdownlint-cli2 (0.17.2)
application/open-webui/README.md
58-58: Bare URL used
(MD034, no-bare-urls)
59-59: Bare URL used
(MD034, no-bare-urls)
64-64: Bare URL used
(MD034, no-bare-urls)
65-65: Bare URL used
(MD034, no-bare-urls)
67-67: Bare URL used
(MD034, no-bare-urls)
68-68: Bare URL used
(MD034, no-bare-urls)
70-70: Bare URL used
(MD034, no-bare-urls)
🪛 Checkov (3.2.334)
application/open-webui/compose.yml
[MEDIUM] 48-49: Basic Auth Credentials
(CKV_SECRET_4)
About
Building upon previous work around MCP/MCPO, this patch includes a full demo stack for presenting Open WebUI with CrateDB, based on Docker Compose. It aims to work out of the box, just add your
OPENAI_API_KEY./cc @surister, @kneth
Documentation
Preview: README
Screenshots