Skip to content

refactor(server): merge pkg/api into pkg/server, drop legacy direct handlers#1127

Merged
mchmarny merged 4 commits into
mainfrom
refactor/merge-pkg-api-into-server
May 30, 2026
Merged

refactor(server): merge pkg/api into pkg/server, drop legacy direct handlers#1127
mchmarny merged 4 commits into
mainfrom
refactor/merge-pkg-api-into-server

Conversation

@mchmarny

Copy link
Copy Markdown
Member

Summary

Folds pkg/api into pkg/server so the HTTP handlers live next to the only binary that serves them (aicrd), and routes all business logic through the pkg/client/v1 facade. Updates package godoc and contributor docs to match.

Motivation / Context

pkg/api purpose (HTTP REST handlers) was being conflated with the AICR API spec at api/aicr/v1/server.yaml and the SDK at pkg/client/v1. The package name was a navigation trap — three distinct concepts under three nearly identical labels. There is no second HTTP-serving binary planned and pkg/server is not meant for reuse, so a flat merge is the simplest fix.

Fixes: N/A
Related: N/A

Type of Change

  • Refactoring (no functional changes)
  • Documentation update

Component(s) Affected

  • API server (cmd/aicrd, pkg/server)
  • Recipe engine / data (pkg/recipe)
  • Bundlers (pkg/bundler, pkg/component/*)
  • Docs/examples (docs/, examples/)

Implementation Notes

Commit 1 — refactor(server): merge pkg/api into pkg/server, drop legacy direct handlers:

  • Handler files moved into pkg/server (allowlist, bundle, recipe, query, openapi sync, version negotiation); server.go renamed to serve.go.
  • Legacy direct-construction handlers deleted: pkg/bundler/handler.go HandleBundles, pkg/recipe/handler.go, pkg/recipe/handler_query.go — these were superseded by the facade and were the source of the import cycle that blocked the merge.
  • QueryRequest + ParseQueryRequestFromBody preserved in pkg/recipe/query_request.go (still used by the facade-backed handler).
  • cmd/aicrd/main.go now calls server.Serve(); ldflags retargeted to pkg/server.{version,commit,date} in .goreleaser.yaml and the contract test in pkg/validator/catalog/catalog_test.go.
  • .claude/CLAUDE.md and AGENTS.md package tables synced; DEVELOPMENT.md, docs/contributor/api-server*.md, docs/contributor/index.md, docs/integrator/public-api.md, .github/labeler.yml, .github/PULL_REQUEST_TEMPLATE.md, .github/copilot-instructions.md, and stale godoc references in pkg/recipe, pkg/logging, pkg/serializer, pkg/evidence/attestation refreshed.
  • Drop orphaned keyError const in pkg/bundler/bundler.go and rename shadowed local version in pkg/server/version.go.

Commit 2 — docs: align package godoc and contributor docs with current state:

Sweep of 26 doc.go and markdown files (surgical edits only) to bring them in line with the merged server, the pkg/client/v1 facade evolution, the per-field union validator merge, and the dropped per-component bundlers. Highlights: README.md Go Library entry now points to pkg/client/v1; DEVELOPMENT.md directory tree and CLI command list updated; pkg/header, pkg/version, pkg/config, pkg/build doc.go rewrites to match real types/APIs; collector example code corrected to construct via &Collector{} and return singular *Measurement; pkg/snapshotter partial-snapshot behavior accurately stated; ADR-004 (query command) flipped to Accepted and Implemented.

Testing

unset GITLAB_TOKEN && make qualify
  • go build ./... clean
  • golangci-lint run -c .golangci.yaml ./... — 0 issues
  • Unit tests pass across all affected packages (collector, recipe, bundler, validator, snapshotter, cli, client/v1, server, evidence, component) with -count=1
  • make check-agents-sync passes (CLAUDE.md / AGENTS.md from line 5 onward match)

Risk Assessment

  • Medium — Touches the import graph and the HTTP-serving binary, but no functional behavior changes. Legacy direct handlers that were deleted had no remaining callers outside their own tests.

Rollout notes: Internal-only refactor; no API surface change. pkg/api is gone — external Go callers should already be using pkg/client/v1 (the documented stable surface).

Checklist

  • Tests pass locally (make test with -race)
  • Linter passes (make lint)
  • I did not skip/disable tests to make CI green
  • I added/updated tests for new functionality (N/A — refactor)
  • I updated docs if user-facing behavior changed
  • Changes follow existing patterns in the codebase
  • Commits are cryptographically signed (git commit -S)

mchmarny added 2 commits May 30, 2026 11:05
…andlers

pkg/api's purpose (HTTP REST handlers) was conflated with the AICR API
spec at api/aicr/v1/server.yaml and the SDK at pkg/client/v1. Fold the
handlers into pkg/server (the only HTTP-serving binary) and route all
business logic through the pkg/client/v1 facade.

- Move handler files into pkg/server (allowlist, bundle, recipe, query,
  openapi sync, version negotiation); rename server.go -> serve.go.
- Delete legacy direct-construction handlers superseded by the facade:
  pkg/bundler/handler.go HandleBundles, pkg/recipe/handler.go,
  pkg/recipe/handler_query.go. Resolves the import cycle that blocked
  the merge.
- Preserve QueryRequest + ParseQueryRequestFromBody in
  pkg/recipe/query_request.go (still used by the facade-backed handler).
- cmd/aicrd/main.go now calls server.Serve(); ldflags retargeted to
  pkg/server.{version,commit,date} in .goreleaser.yaml and the
  contract test in pkg/validator/catalog/catalog_test.go.
- Sync .claude/CLAUDE.md and AGENTS.md package tables, refresh
  DEVELOPMENT.md, docs/contributor/api-server.md,
  docs/contributor/api-server-extending.md, docs/contributor/index.md,
  docs/integrator/public-api.md, .github/labeler.yml,
  .github/PULL_REQUEST_TEMPLATE.md, .github/copilot-instructions.md,
  and stale godoc references in pkg/recipe, pkg/logging, pkg/serializer,
  pkg/evidence/attestation.
- Drop orphaned keyError const in pkg/bundler/bundler.go and rename
  shadowed local version in pkg/server/version.go.
Sweep of doc.go and markdown after the pkg/api -> pkg/server merge and
the broader facade/recipe/collector evolution. Surgical edits only; no
rewrites or new top-level sections.

Root + DEVELOPMENT:
- README.md: Go Library entry now points to pkg/client/v1 (SDK facade).
- DEVELOPMENT.md: drop pkg/api from the directory tree, add
  pkg/client/v1; pkg/server description rewritten; API endpoints list
  filled in (/v1/recipe, /v1/query, /v1/bundle); CLI command list
  expanded from 4 to the actual 11; bundle attestation noted as opt-in.

User docs: clean, no drift (verified against pkg/recipe/criteria.go,
pkg/errors, pkg/defaults, pkg/cli, pkg/server, api/aicr/v1/server.yaml,
recipes/registry.yaml).

Integrator docs:
- docs/integrator/index.md: added missing public-api.md + go-library.md
  rows already linked from siblings.
- docs/integrator/go-library.md: MakeBundle timeout caveat documented
  (opt-in via BundleOptions.Timeout, uncapped when zero).

Contributor docs:
- docs/contributor/api-server.md: handler paths and code samples now
  reflect pkg/server/recipe_handler.go and the aicr.Client facade
  (newRecipeHandler, ResolveRecipeFromCriteria, http.MaxBytesReader);
  Internal Packages list includes pkg/client/v1 and pkg/bundler.
- docs/contributor/cli.md: dropped stale uninstall.sh from bundle output.
- docs/design/004-query-command.md: status flipped to Accepted and
  Implemented; points to pkg/recipe/query.go and HandleQuery.

Core package doc.go (factual drift only):
- pkg/recipe: added CriteriaOSTalos to OS list.
- pkg/bundler: deployer list now covers helm, argocd, argocd-helm, flux,
  helmfile, localformat; stale truncated component list dropped.
- pkg/bundler/config: Deployer types list completed.
- pkg/collector: Factory signature includes CreateNodeTopologyCollector;
  subpackages list updated.
- pkg/collector/{file,k8s,os,systemd}: example code matches real API
  (Parser with options, &Collector{} construction, singular Measurement).
- pkg/validator: RBAC composition corrected (ServiceAccount + per-run
  ClusterRoleBinding to cluster-admin; constraints moved to pkg root).
- pkg/snapshotter: bogus Snapshotter interface dropped; AgentConfig and
  RequireGPU fields added; partial-snapshot behavior accurately stated.
- pkg/evidence: attestation and verifier subpackages no longer "will
  land" -- both exist.
- pkg/cli: Architecture notes facade delegation through pkg/client/v1;
  pkg/component reframed as shared utilities.
- pkg/component: preamble notes registry-driven DefaultBundler replaces
  per-component packages.

Utility package doc.go (factual drift only):
- pkg/header: Header struct shape and Kind constants match real types
  (typed Kind, flat Metadata map[string]string).
- pkg/version: prerelease/build metadata moved to "Supported" (preserved
  in Extras; not used for ordering).
- pkg/config: scope widened to snapshot/recipe/bundle/validate.
- pkg/oci: three -> four operations.
- pkg/build: documents BuildSpec schema + LoadSpec/Validate/WriteBack
  primitives instead of overstated build pipeline.
- pkg/client/v1/aicr.go: Surface subsection enumerating the four
  end-to-end operations (ResolveRecipe/LoadRecipe, BundleComponents,
  CollectSnapshot, ValidateState).
@github-actions

Copy link
Copy Markdown
Contributor

@github-actions

github-actions Bot commented May 30, 2026

Copy link
Copy Markdown
Contributor

Coverage Report ✅

Metric Value
Coverage 76.2%
Threshold 75%
Status Pass
Coverage Badge
![Coverage](https://img.shields.io/badge/coverage-76.2%25-green)

Merging this branch will decrease overall coverage

Impacted Packages Coverage Δ 🤖
github.com/NVIDIA/aicr/cmd/aicrd 0.00% (ø)
github.com/NVIDIA/aicr/pkg/api 0.00% (-54.80%) 💀 💀 💀 💀 💀
github.com/NVIDIA/aicr/pkg/build 83.82% (ø)
github.com/NVIDIA/aicr/pkg/bundler 62.20% (-10.25%) 💀
github.com/NVIDIA/aicr/pkg/bundler/config 96.35% (ø)
github.com/NVIDIA/aicr/pkg/cli 65.44% (ø)
github.com/NVIDIA/aicr/pkg/client/v1 78.29% (ø)
github.com/NVIDIA/aicr/pkg/collector 91.30% (ø)
github.com/NVIDIA/aicr/pkg/collector/file 98.59% (ø)
github.com/NVIDIA/aicr/pkg/collector/k8s 71.00% (ø)
github.com/NVIDIA/aicr/pkg/collector/os 92.71% (ø)
github.com/NVIDIA/aicr/pkg/collector/systemd 45.83% (ø)
github.com/NVIDIA/aicr/pkg/component 78.72% (ø)
github.com/NVIDIA/aicr/pkg/config 92.72% (ø)
github.com/NVIDIA/aicr/pkg/evidence 0.00% (ø)
github.com/NVIDIA/aicr/pkg/evidence/attestation 71.31% (ø)
github.com/NVIDIA/aicr/pkg/header 100.00% (ø)
github.com/NVIDIA/aicr/pkg/logging 95.77% (ø)
github.com/NVIDIA/aicr/pkg/oci 70.29% (ø)
github.com/NVIDIA/aicr/pkg/recipe 85.94% (-0.71%) 👎
github.com/NVIDIA/aicr/pkg/serializer 72.32% (ø)
github.com/NVIDIA/aicr/pkg/server 75.93% (-17.69%) 💀
github.com/NVIDIA/aicr/pkg/snapshotter 45.86% (ø)
github.com/NVIDIA/aicr/pkg/validator 29.76% (ø)
github.com/NVIDIA/aicr/pkg/version 100.00% (ø)

Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/NVIDIA/aicr/cmd/aicrd/main.go 0.00% (ø) 3 0 3
github.com/NVIDIA/aicr/pkg/api/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/build/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/bundler/bundler.go 72.07% (ø) 605 436 169
github.com/NVIDIA/aicr/pkg/bundler/config/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/bundler/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/bundler/handler.go 0.00% (-74.00%) 96 (-54) 0 (-111) 96 (+57) 💀 💀 💀 💀 💀
github.com/NVIDIA/aicr/pkg/cli/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/client/v1/aicr.go 81.38% (ø) 349 284 65
github.com/NVIDIA/aicr/pkg/collector/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/collector/file/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/collector/k8s/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/collector/os/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/collector/systemd/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/component/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/config/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/evidence/attestation/emit.go 43.59% (ø) 78 34 44
github.com/NVIDIA/aicr/pkg/evidence/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/header/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/logging/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/oci/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/recipe/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/recipe/handler.go 0.00% (-80.00%) 0 (-40) 0 (-32) 0 (-8) 💀 💀 💀 💀 💀
github.com/NVIDIA/aicr/pkg/recipe/handler_query.go 0.00% (-84.21%) 0 (-76) 0 (-64) 0 (-12) 💀 💀 💀 💀 💀
github.com/NVIDIA/aicr/pkg/recipe/query_request.go 0.00% (ø) 17 (+17) 0 17 (+17)
github.com/NVIDIA/aicr/pkg/serializer/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/server/allowlist.go 66.67% (+66.67%) 3 (+3) 2 (+2) 1 (+1) 🌟
github.com/NVIDIA/aicr/pkg/server/bundle_handler.go 30.19% (+30.19%) 53 (+53) 16 (+16) 37 (+37) 🌟
github.com/NVIDIA/aicr/pkg/server/consts.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/server/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/server/recipe_handler.go 73.47% (+73.47%) 98 (+98) 72 (+72) 26 (+26) 🌟
github.com/NVIDIA/aicr/pkg/server/serve.go 0.00% (ø) 23 (+23) 0 23 (+23)
github.com/NVIDIA/aicr/pkg/server/version.go 95.00% (ø) 20 19 1
github.com/NVIDIA/aicr/pkg/snapshotter/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/validator/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/version/doc.go 0.00% (ø) 0 0 0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

@coderabbitai

coderabbitai Bot commented May 30, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR consolidates the HTTP server implementation from pkg/api to pkg/server, transitioning handlers to use the pkg/client/v1 facade. It adds a new QueryRequest parser, rewrites handler wiring and error helpers to package-local functions, updates Serve() wiring in cmd/aicrd, migrates and simplifies tests to the server package, removes legacy bundler/recipe HTTP handler surfaces, and updates documentation, build ldflags, labeler, and templates to reference pkg/server and the client facade.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

  • NVIDIA/aicr#1108: Introduced an aicr.Client-backed handler surface that this PR migrates and rewires into pkg/server.

Suggested reviewers

  • yuanchen8911
🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The PR title accurately and concisely describes the main change: merging pkg/api into pkg/server and removing legacy direct handlers.
Description check ✅ Passed The PR description comprehensively explains the motivation, implementation, testing, and risk assessment related to the pkg/api merge into pkg/server.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch refactor/merge-pkg-api-into-server

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
pkg/header/doc.go (1)

100-100: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Update the validation bullet to timestamp terminology.

Line 100 still says “Created timestamp,” but the updated header model/documentation uses metadata["timestamp"]. Keeping this stale term makes the package docs internally inconsistent.

✏️ Proposed doc fix
-//   - Created timestamp is reasonable
+//   - Metadata timestamp is reasonable
As per coding guidelines, "Ensure code comments are accurate and helpful".
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/header/doc.go` at line 100, Update the documentation bullet that
currently reads "Created timestamp" to use the new `metadata["timestamp"]`
terminology so docs match the header model; locate the validation bullet in
pkg/header/doc.go referencing the created timestamp and replace the phrase with
either "timestamp" or explicitly `metadata["timestamp"]` to reflect the updated
header field naming.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@DEVELOPMENT.md`:
- Around line 195-196: Add a single blank line immediately before the "#### API
Server" heading in DEVELOPMENT.md to satisfy markdown lint rule MD022; locate
the heading text "#### API Server" and insert one empty line above it so the
heading is separated from the previous paragraph.

In `@docs/contributor/api-server.md`:
- Around line 36-40: Update the architecture diagram reference that still points
to pkg/server/server.go so it instead points to the current server entry
pkg/server/serve.go; locate the diagram nodes (A, B, B1, C) in
docs/contributor/api-server.md and change the C node label or link that
currently shows "pkg/server/server.go" to "pkg/server/serve.go" (and verify the
B node arrow to C remains B1 --> C).

In `@pkg/collector/k8s/doc.go`:
- Around line 57-58: The doc example directly constructs k8s.Collector with
&k8s.Collector{}; change it to use the collector factory and functional options:
create a factory with collector.NewDefaultFactory(...) (passing required
dependencies/config), then obtain the collector via the factory (e.g.,
factory.NewCollector(ctx, /* functional options */) or factory.New(ctx, /*
options */) depending on the factory API) and use that instance instead of
&k8s.Collector{} to align with the collector.NewDefaultFactory and
functional-options pattern.

In `@pkg/collector/os/doc.go`:
- Around line 54-55: Replace the direct struct construction (&os.Collector{})
with the package factory pattern: call collector.NewDefaultFactory(...) to
obtain a factory configured with the appropriate functional options, then use
the factory to create the collector instance (e.g. factory.NewCollector(...) or
factory.Create(...)) and call Collect on that instance; update the example code
to show creating the factory (collector.NewDefaultFactory(...)), instantiating
the collector from it, handling errors, and then calling collector.Collect(ctx)
instead of using os.Collector directly.

In `@pkg/collector/systemd/doc.go`:
- Around line 35-41: Replace direct struct literals of systemd.Collector with
the factory/options pattern: stop creating instances via &systemd.Collector{...}
and instead obtain them through the collector factory (e.g.,
collector.NewDefaultFactory or the package's factory function) and pass service
names via the provided functional options; update both documented examples that
currently instantiate systemd.Collector directly to call the factory (e.g.,
collector.NewDefaultFactory(...) or systemd.NewWithOptions(...)) and supply
Services using the option helpers so the docs show the required collector
initialization contract.

In `@pkg/server/doc.go`:
- Around line 30-42: The documented middleware chain in pkg/server/doc.go is out
of order; update the comment to match the repository standard by listing
middleware in the order used by the server: metricsMiddleware →
versionMiddleware → requestIDMiddleware → panicRecoveryMiddleware →
rateLimitMiddleware → loggingMiddleware → handler (i.e., metrics, version,
requestID, panic, rateLimit, logging, then the actual handler), ensuring you
reference the exact middleware names (metricsMiddleware, versionMiddleware,
requestIDMiddleware, panicRecoveryMiddleware, rateLimitMiddleware,
loggingMiddleware) so docs and implementation guidance are aligned.

---

Outside diff comments:
In `@pkg/header/doc.go`:
- Line 100: Update the documentation bullet that currently reads "Created
timestamp" to use the new `metadata["timestamp"]` terminology so docs match the
header model; locate the validation bullet in pkg/header/doc.go referencing the
created timestamp and replace the phrase with either "timestamp" or explicitly
`metadata["timestamp"]` to reflect the updated header field naming.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 7d4b24dd-b2bb-405e-8989-5589824eedf2

📥 Commits

Reviewing files that changed from the base of the PR and between d3fa48b and 1a9991e.

📒 Files selected for processing (61)
  • .claude/CLAUDE.md
  • .github/PULL_REQUEST_TEMPLATE.md
  • .github/copilot-instructions.md
  • .github/labeler.yml
  • .goreleaser.yaml
  • AGENTS.md
  • DEVELOPMENT.md
  • README.md
  • cmd/aicrd/main.go
  • docs/contributor/api-server-extending.md
  • docs/contributor/api-server.md
  • docs/contributor/cli.md
  • docs/contributor/index.md
  • docs/design/004-query-command.md
  • docs/integrator/go-library.md
  • docs/integrator/index.md
  • docs/integrator/public-api.md
  • pkg/api/bundle_handler_test.go
  • pkg/api/doc.go
  • pkg/build/doc.go
  • pkg/bundler/bundler.go
  • pkg/bundler/config/doc.go
  • pkg/bundler/doc.go
  • pkg/bundler/handler.go
  • pkg/bundler/handler_test.go
  • pkg/cli/doc.go
  • pkg/client/v1/aicr.go
  • pkg/collector/doc.go
  • pkg/collector/file/doc.go
  • pkg/collector/k8s/doc.go
  • pkg/collector/os/doc.go
  • pkg/collector/systemd/doc.go
  • pkg/component/doc.go
  • pkg/config/doc.go
  • pkg/evidence/attestation/emit.go
  • pkg/evidence/doc.go
  • pkg/header/doc.go
  • pkg/logging/doc.go
  • pkg/oci/doc.go
  • pkg/recipe/doc.go
  • pkg/recipe/handler.go
  • pkg/recipe/handler_query.go
  • pkg/recipe/handler_query_test.go
  • pkg/recipe/handler_test.go
  • pkg/recipe/query_request.go
  • pkg/serializer/doc.go
  • pkg/server/allowlist.go
  • pkg/server/bundle_handler.go
  • pkg/server/bundle_handler_test.go
  • pkg/server/consts.go
  • pkg/server/doc.go
  • pkg/server/openapi_sync_test.go
  • pkg/server/recipe_handler.go
  • pkg/server/recipe_handler_test.go
  • pkg/server/serve.go
  • pkg/server/serve_test.go
  • pkg/server/version.go
  • pkg/snapshotter/doc.go
  • pkg/validator/catalog/catalog_test.go
  • pkg/validator/doc.go
  • pkg/version/doc.go
💤 Files with no reviewable changes (9)
  • docs/contributor/api-server-extending.md
  • pkg/api/bundle_handler_test.go
  • pkg/recipe/handler.go
  • pkg/recipe/handler_query.go
  • pkg/api/doc.go
  • pkg/bundler/bundler.go
  • pkg/recipe/handler_test.go
  • pkg/bundler/handler_test.go
  • pkg/recipe/handler_query_test.go

Comment thread DEVELOPMENT.md
Comment thread docs/contributor/api-server.md
Comment thread pkg/collector/k8s/doc.go Outdated
Comment thread pkg/collector/os/doc.go Outdated
Comment thread pkg/collector/systemd/doc.go Outdated
Comment thread pkg/server/doc.go Outdated
mchmarny added 2 commits May 30, 2026 11:38
- DEVELOPMENT.md: add blank line after "API Server" heading (MD022).
- pkg/collector/{k8s,os,systemd}/doc.go: switch example code from
  direct &Collector{} construction to the canonical
  collector.NewDefaultFactory() factory pattern (with
  WithSystemDServices option for the systemd example).
- pkg/server/doc.go: rewrite middleware chain section to match the
  actual outermost-to-innermost order in Server.withMiddleware
  (metrics, version, requestID, timeout, logging, panicRecovery,
  rateLimit, bodyLimit).

CodeRabbit suggestion on docs/contributor/api-server.md diagram
intentionally skipped: pkg/server/server.go still exists (Server
struct + Run live there) and is correctly distinct from
pkg/server/serve.go (Serve entry point).
CodeRabbit out-of-diff finding on PR #1127: the godoc "Validation"
bullet still said "Created timestamp" although Header now stores
the value at metadata["timestamp"] (lowercase, flat map). Match
the bullet to the actual field name.
@mchmarny

Copy link
Copy Markdown
Member Author

Addressed the out-of-diff finding on pkg/header/doc.go in bb1ed52 — "Created timestamp" → "Metadata["timestamp"]" to match the actual field name. All inline comments from the original review are now resolved.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
pkg/server/doc.go (1)

30-44: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Middleware order in docs conflicts with repository standard.

This section documents loggingMiddleware before panicRecoveryMiddleware and rateLimitMiddleware, which diverges from the required metrics → version → requestID → panic → rateLimit → logging → handler order.

As per coding guidelines: "pkg/server/**/*.go: Add middleware in order: metrics → version → requestID → panic → rateLimit → logging → handler".

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/server/doc.go` around lines 30 - 44, The doc comment lists middleware in
the wrong order; update the middleware chain description to match the repo
standard ordering: metricsMiddleware → versionMiddleware → requestIDMiddleware →
panicRecoveryMiddleware → rateLimitMiddleware → loggingMiddleware → (handler)
and ensure any surrounding entries like timeoutMiddleware and
bodyLimitMiddleware are placed consistently relative to that sequence; edit the
comment that mentions loggingMiddleware, panicRecoveryMiddleware, and
rateLimitMiddleware in pkg/server/doc.go so the list matches the exact
middleware symbol names (metricsMiddleware, versionMiddleware,
requestIDMiddleware, panicRecoveryMiddleware, rateLimitMiddleware,
loggingMiddleware) and reflects that they are applied outermost-to-innermost
before the handler.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@pkg/server/doc.go`:
- Around line 30-44: The doc comment lists middleware in the wrong order; update
the middleware chain description to match the repo standard ordering:
metricsMiddleware → versionMiddleware → requestIDMiddleware →
panicRecoveryMiddleware → rateLimitMiddleware → loggingMiddleware → (handler)
and ensure any surrounding entries like timeoutMiddleware and
bodyLimitMiddleware are placed consistently relative to that sequence; edit the
comment that mentions loggingMiddleware, panicRecoveryMiddleware, and
rateLimitMiddleware in pkg/server/doc.go so the list matches the exact
middleware symbol names (metricsMiddleware, versionMiddleware,
requestIDMiddleware, panicRecoveryMiddleware, rateLimitMiddleware,
loggingMiddleware) and reflects that they are applied outermost-to-innermost
before the handler.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 3efb178f-2a1e-4945-9b71-09a6221201f2

📥 Commits

Reviewing files that changed from the base of the PR and between 1a9991e and bb1ed52.

📒 Files selected for processing (6)
  • DEVELOPMENT.md
  • pkg/collector/k8s/doc.go
  • pkg/collector/os/doc.go
  • pkg/collector/systemd/doc.go
  • pkg/header/doc.go
  • pkg/server/doc.go

@mchmarny mchmarny merged commit 5d45e98 into main May 30, 2026
33 checks passed
@mchmarny mchmarny deleted the refactor/merge-pkg-api-into-server branch May 30, 2026 18:55
@mchmarny mchmarny self-assigned this May 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant