Hidden Assumptions in semantic-kernel
12 assumptions this code never checks · 4 critical · spanning Contract, Shape, Environment, Resource, Temporal, Ordering, Domain, Scale
Every codebase relies on things it never checks. Most of them are routine. CodeSea looked at microsoft/semantic-kernel and picked out the few most likely to cause trouble. The full list is just below.
Most of what this code assumes is routine. These 3 are the ones most likely to cause trouble here. The rest are minor; they're under "Show everything".
Client fails silently or throws connection errors if hub URL changes, hub is unavailable, or method names don't match server implementation
All HTTP requests fail with network errors, 404s, or 400s if server is down, URLs change, or request/response schemas don't match backend
BERT scoring fails with index errors or produces meaningless scores if array lengths differ or contain null/empty strings
Show everything (9 more)
Environment variables CONTAINER_APP_NAME and CONTAINER_APP_ENV_DNS_SUFFIX are always set and contain valid Azure Container App values
If this fails: Manifest generation creates invalid URLs with 'None' values, breaking bot registration and webhook routing
python/samples/demos/copilot_studio_skill/src/api/app.py:copilot_manifest
System has sufficient disk space and network connectivity to download 'Unbabel/wmt22-cometkiwi-da' model (~2GB) on first request
If this fails: First comet_score request hangs indefinitely or crashes with disk space errors; subsequent requests may fail if download was incomplete
dotnet/samples/Demos/QualityCheck/python-server/app/main.py:comet_score
OAuth authorization callback arrives at HTTP server within a reasonable timeframe and contains expected 'code' parameter
If this fails: OAuth flow hangs forever if user closes browser, takes too long, or if authorization server sends different parameter names
python/samples/demos/mcp_with_oauth/agent/main.py:CallbackHandler
Process events 'PublishDocumentation' and 'RequestUserReview' contain structured message objects that handlers can process without type checking
If this fails: Event handlers receive unexpected data types or malformed messages, causing runtime errors or silent data corruption in UI state
dotnet/samples/Demos/ProcessFrameworkWithSignalR/src/ProcessFramework.Aspire.SignalR.ReactFrontend/src/services/signalr/documentGeneration.client.ts:subscribeToProcessEvents
SignalR event handlers ('RequestUserReview', 'PublishDocumentation') are registered before connection.start() completes and no events arrive during startup
If this fails: Early process events are lost if server emits them immediately after connection establishment but before handlers are fully registered
dotnet/samples/Demos/ProcessFrameworkWithSignalR/src/ProcessFramework.Aspire.SignalR.ReactFrontend/src/services/signalr/documentGeneration.client.ts:constructor
All text content is in English language ('lang="en"') as hardcoded, regardless of actual input language
If this fails: BERT scores are meaningless for non-English text, leading to incorrect quality assessments for multilingual content
dotnet/samples/Demos/QualityCheck/python-server/app/main.py:bertscore
COMET model predictions run on CPU ('accelerator="cpu"') regardless of available hardware or input batch size
If this fails: Processing large translation batches becomes extremely slow (minutes instead of seconds) even when GPUs are available
dotnet/samples/Demos/QualityCheck/python-server/app/main.py:comet_score
Configuration file 'config/settings.json' exists and contains valid JSON with expected schema structure for API keys and endpoints
If this fails: Settings loading fails with file not found or JSON parsing errors, requiring manual reconfiguration of all AI service connections
dotnet/notebooks/config/Settings.cs:ReadSettings
ChatMessageContent.content property contains renderable content (string, JSX, or serializable objects) suitable for display in UI
If this fails: Chat renders '[object Object]' or crashes with serialization errors if content contains functions, circular references, or complex objects
dotnet/samples/Demos/ProcessFrameworkWithSignalR/src/ProcessFramework.Aspire.SignalR.ReactFrontend/src/components/SimpleChat.tsx:renderMessage
See the full structural analysis of semantic-kernel: the pipeline, data models, and system behavior that put these assumptions in context.
Full analysis of microsoft/semantic-kernel →Frequently Asked Questions
What does semantic-kernel assume that could break in production?
The one most likely to cause trouble: SignalR hub is running at hardcoded URL 'http://localhost:5125/pfevents' and has methods 'UserRequestFeatureDocumentation', 'RequestUserReviewDocumentationFromProcess', etc. If this fails, Client fails silently or throws connection errors if hub URL changes, hub is unavailable, or method names don't match server implementation
How many hidden assumptions does semantic-kernel have?
CodeSea found 12 assumptions semantic-kernel relies on but never validates, 4 of them critical, spanning Contract, Shape, Environment, Resource, Temporal, Ordering, Domain, Scale. Most are routine — the analysis flags the two or three most likely to actually bite.
What is a hidden assumption?
Something the code depends on but never checks: a data shape, an ordering, an environment condition, a scale limit, or a contract with another service. It holds until the world it runs in changes, then fails silently.