fix(dotAI): QA fixes - image model default, playground overflow, embeddings host resolution

[ihoffmann-dot]

Summary

Three bug fixes found during QA testing of the dotAI integration.

• Default image model: update the example providerConfig JSON in the dotAI config UI from dall-e-3 to gpt-image-1
• Image Playground overflow: fix JSON.stringify(json, 2) (wrong signature — JSON was not pretty-printed) and add overflow-wrap, word-break, and <pre> wrapping so the response JSON no longer causes the page to overflow horizontally
• Embeddings host resolution: EmbeddingContentListener was calling getEmbeddingsAPI() without a host, causing EmbeddingsAPIImpl to always fall back to System Host config even when the dotAI app was configured on a specific site only — indexing silently failed with "no provider config" when System Host had no config

Changes

• dot-ai-config-detail.component.ts: dall-e-3 → gpt-image-1 in EXAMPLE_CONFIG
• dotai.js: fix JSON.stringify call, add overflow styles, wrap JSON in <pre>
• EmbeddingContentListener.java: extract resolveHost(hostId) helper, pass resolved Host to getEmbeddingsAPI(host) in both addToIndexesIfNeeded and deleteFromIndexes

Related Issue

This PR fixes #35150

[claude]

Claude finished @ihoffmann-dot's task in 2m 5s —— View job

---

PR Review

The three fixes are correct and minimal. A few things worth a second look:

Findings

1. Scope of the embeddings-host fix is incomplete (most important)

The premise of the listener fix — that getEmbeddingsAPI() without a host wrongly falls back to System Host — applies to other call sites that operate on per-contentlet flows. DotEmbeddingsActionlet is the clearest one: it already resolves the host at DotEmbeddingsActionlet.java:74-75 and then discards it, calling getEmbeddingsAPI() host-less on lines 80 and 85. That workflow actionlet will keep silently failing on non-System-Host configurations after this PR ships.

Other host-less call sites that may merit follow-up: EmbeddingsResource.java (156, 171, 199, 200, 266, 289), SearchResource.java:132, EmbeddingsTool.java (87, 98), CompletionsAPIImpl.java (96, 115, 126), EmbeddingsAPIImpl.java:265. REST endpoints arguably can derive host from the request; the workflow actionlet cannot. Fix this →

2. EmbeddingContentListener.addToIndexesIfNeeded resolves host twice

EmbeddingContentListener.java:127-128 calls resolveHost(contentlet.getHost()) and then getConfigJson(contentlet.getHost()) immediately after — and getConfigJson → getAppConfig → resolveHost does the same lookup again. Same issue in deleteFromIndexes (156-157). Minor, but worth threading the resolved host through getAppConfig/getConfigJson since you already need it.

3. Null-host edge case in resolveHost / BulkEmbeddingsRunner

Try.of(() -> hostAPI.find(...)).getOrElse(systemHost()) only falls back on exception. If find() returns null (host genuinely not found, no throw), null propagates into getEmbeddingsAPI(host), the provider's unwrap returns null, and EmbeddingsAPIImpl ends up calling ConfigService.INSTANCE.config(null). The pre-existing getAppConfig had the same shape, so this isn't a regression, but if you wanted to harden it: Try.of(...).toJavaOptional().orElse(systemHost()) would cover both null and exception.

4. BulkEmbeddingsRunner — small things

• BulkEmbeddingsRunner.java:53 uses APILocator.systemUser() for the host lookup instead of the runner's user field. Probably fine (host lookups with respectFrontendRoles=false are not user-sensitive here) but inconsistent with the rest of the class.
• Lines 56 and 60 each call getEmbeddingsAPI(host) separately. Could extract once into a local.

5. XSS in dotai.js — pre-existing, but the PR touches the exact lines

The template at dotai.js:584-590 interpolates ${rewrittenPrompt} and ${jsonString} into innerHTML without escaping. JSON.stringify does not escape <, >, or /, so a response containing </pre><script>...</script> (or a revised prompt echoing user input) breaks out of the <pre>. Admin-only playground UI limits severity, but since you're adding a <pre> wrapper here, switching to textContent for the JSON block would be a one-liner that closes it for free.

6. deleteFromIndexes — getConfigJson return value ignored

Already pre-existing (line 157 in the new code, was line 153 before). It's there as a side-effect call to throw DotAIAppConfigDisabledException when the app is disabled. Confusing on read; a one-line comment would help, or an explicit getAppConfig(contentlet.getHost()) call would make the intent obvious.

Clean parts

• JSON.stringify(json, null, 2) fix is correct (2 as replacer was silently ignored).
• gpt-image-1 example change is straightforward.
• Overflow CSS additions look reasonable; overflow:hidden on the outer wrapper plus overflow-x:auto on the inner <pre> is the right shape.

---

• Examine the 4 changed files
• Check for bugs, edge cases, design issues
• Post review
  · Branch

[nollymar]

can this logic be tested?