Fix circular imports and extract bandit plugins

[google-labs-jules]

This PR addresses critical infrastructure blockers and architectural improvements identified in ASC1_CRITICAL_WORK_SYNTHESIS_2025-11-07.md.

Changes:

1. Circular Import Resolution (P0-2):

   • Moved get_qdrant_client factory from domains.memory.vector.qdrant.domains.qdrant_provider to a new module domains.memory.vector.client_factory.
   • Updated qdrant_provider.py to import from the new factory, breaking the circular dependency chain with memory tools.
   • Updated src/domains/memory/qdrant_provider.py similarly.

2. Bandit Plugins Extraction (P2.1):

   • Consolidated bandit routing logic (LinUCB, Thompson Sampling) into a unified plugins module: src/ultimate_discord_intelligence_bot/services/openrouter_service/plugins/__init__.py.
   • Defined BanditPlugin protocol for standardization.
   • This enables AdaptiveRoutingManager to import plugins cleanly without legacy dependencies.

3. Compliance:

   • Verified tool exports using scripts/validate_tools_exports.py.
   • Verified metrics instrumentation using scripts/metrics_instrumentation_guard.py.

Verification:

• tests/fast/test_fast.py passed (after installing dependencies).
• Compliance scripts passed.

---

PR created automatically by Jules for task 10588732889125479474 started by @Giftedx

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

---

For security, I will only act on instructions from the user who triggered this task.

New to Jules? Learn more at jules.google/docs.

[github-actions]

🤖 Hi @google-labs-jules[bot], I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 I'm sorry @google-labs-jules[bot], but I was unable to process your request. Please see the logs for more details.

[claude]

Code Review: PR #35 - Fix circular imports and extract bandit plugins

Overview

This PR addresses critical P0-2 infrastructure work by resolving circular import issues and consolidating bandit routing logic. The changes are well-structured and align with the architectural goals outlined in the PR description.

---

Strengths

1. Circular Import Resolution - The extraction of get_qdrant_client into domains/memory/vector/client_factory.py is a clean solution that breaks the circular dependency chain. The module is well-documented with clear explanations of purpose and typing strategy.

2. Code Consolidation - The bandit plugins consolidation follows good architectural principles by defining a clear BanditPlugin protocol, providing multiple implementations, and maintaining backward compatibility.

3. Documentation - Both new modules have excellent docstrings explaining the rationale, dependencies, and usage patterns.

---

CRITICAL ISSUES

1. Unused Pool Configuration Variables (client_factory.py:225-228)

The pool configuration variables (_pool_size, _pool_timeout, _pool_recycle) are read from environment but NEVER USED. The QdrantClient is instantiated without any connection pool parameters, making these dead code.

Impact: Misleading documentation claims "Connection pooling for better performance" but no pooling is configured. Users may set these environment variables expecting them to work.

Recommendation: Either remove these unused variables and update the docstring, OR actually implement connection pooling if the qdrant-client library supports it.

2. Overly Broad Exception Handling

Security Concern: The secure fallback logic (ENABLE_SECURE_QDRANT_FALLBACK) could mask authentication failures or network issues, potentially using a dummy client in production when a real connection should be required.

Recommendation: Use specific exception types instead of bare except Exception.

---

MAJOR ISSUES

3. Matrix Inverse Implementation (plugins/init.py:138-163)

The manual matrix inversion has potential numerical stability issues. Returns identity matrix on singular matrix detection which could lead to incorrect behavior.

Recommendation: Use NumPy's np.linalg.inv() which handles edge cases and is much faster.

4. Missing Input Validation (plugins/init.py:207-210)

Feature dimension mismatch is silently truncated/padded. This hides bugs where the feature extractor returns wrong dimensions.

Recommendation: Raise ValueError on dimension mismatch instead of silently fixing it.

5. Testing Gaps

Missing test coverage for new client_factory.py module, bandit plugin implementations, and edge cases.

---

Overall Assessment

Architecture: Excellent - The circular import fix is well-designed
Code Quality: Good with concerns - Unused variables need addressing
Security: Moderate concerns - Exception handling could mask real issues
Testing: Insufficient - Missing test coverage for new code

Recommendation: REQUEST CHANGES - Address the critical issues (unused pool variables, exception handling) and add basic test coverage before merging. The architectural improvements are solid, but the implementation needs polish.

---

Review completed following repository guidelines from CLAUDE.md