feat: add postgrest as a supported service type

[moizpgedge]

Add PostgREST to the Control Plane API as a valid service type with config validation. All config fields are optional with sensible defaults.

Changes:

• Add "postgrest" to the service_type enum in Goa DSL and regenerate API types
• Replace hardcoded MCP-only check with allowlist-based service type validation and switch-based config dispatch
• Implement ParsePostgRESTServiceConfig() with fields: db_schemas, db_anon_role, db_pool, max_rows, jwt_secret, jwt_aud, jwt_role_claim_key, server_cors_allowed_origins

PLAT-498

Summary

Adds postgrest as a valid service type in the Control Plane API and wires up config validation with sensible defaults for all fields.

Changes

• Add "postgrest" to the service_type enum in Goa DSL; regenerate API types and OpenAPI specs
• Replace hardcoded != "mcp" check with an allowlist + switch-based config dispatch in validateServiceSpec
• Implement ParsePostgRESTServiceConfig() with eight optional fields: db_schemas, db_anon_role, db_pool, max_rows, jwt_secret, jwt_aud, jwt_role_claim_key, server_cors_allowed_origins
• Add 21 unit tests covering defaults, overrides, type errors, range boundaries, unknown keys, and multi-error collection

Testing

go test ./server/internal/database/... ./server/internal/api/apiv1/...

Checklist

• Tests added or updated (unit and/or e2e, as needed)
• Documentation updated (if needed)
• Issue is linked (branch name or URL in PR description)
• Changelog entry added for user-facing behavior changes
• Breaking changes (if any) are clearly called out in the PR description

Notes for Reviewers

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR extends service type support by adding "postgrest" alongside the existing "mcp" type. It introduces PostgREST service configuration validation, parsing logic, and comprehensive tests. The orchestrator provisioning remains restricted to MCP services pending future work.

Changes

Cohort / File(s)	Summary
API Schema Update api/apiv1/design/database.go	Extended service_type enum to accept "postgrest" in addition to "mcp".
Validation Layer server/internal/api/apiv1/validate.go, server/internal/api/apiv1/validate_test.go	Added PostgREST validation in validateServiceSpec, introduced validatePostgRESTServiceConfig function, and expanded test coverage with PostgREST-specific scenarios and updated error message formatting.
Configuration Model server/internal/database/postgrest_service_config.go, server/internal/database/postgrest_service_config_test.go	Introduced PostgRESTServiceConfig type with parsing function supporting field defaults, type validation, range checks, and comprehensive unit tests.
Orchestrator Guard server/internal/orchestrator/swarm/orchestrator.go	Added guard to restrict provisioning to "mcp" service type, deferring PostgREST provisioning to future work.

Poem

🐰 A hop, a bound, new service blooms!
PostgREST joins where MCP now grooms,
Validation flows like carrots in spring,
Config defaults make databases sing,
With guards in place, we test with care,
Future provisions wait, laid out fair!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 22.22% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding postgrest as a supported service type, which aligns with the primary objective of the changeset.
Description check	✅ Passed	The PR description includes all required sections: a summary explaining what was added, a detailed bulleted list of changes, testing instructions, and a completed checklist noting tests were added and the issue was linked.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/PLAT-498/PostgRest-service-API-&-validation

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can make CodeRabbit's review stricter and more nitpicky using the `assertive` profile, if that's what you prefer.

Change the reviews.profile setting to assertive to make CodeRabbit's nitpick more issues in your PRs.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@server/internal/api/apiv1/validate.go`:
- Around line 252-257: The validation currently allows "postgrest" but the swarm
orchestrator only supports "mcp", so update the allowlist in validate.go to only
permit "mcp" (remove "postgrest") wherever supportedServiceTypes is defined (the
occurrences around svc.ServiceType checks at the shown block and the similar
block at lines 283-287), ensuring validation appends a newValidationError via
appendPath(path, "service_type") for any non-"mcp" values so invalid inputs are
rejected before provisioning.

In `@server/internal/database/postgrest_service_config.go`:
- Around line 54-55: Current code sets dbAnonRole :=
"pgedge_application_read_only" which implicitly enables anonymous access; change
to make anonymous access opt-in by default (set dbAnonRole to empty string or
nil) and remove the implicit default role. Also update the related block that
handles jwtSecret (jwtSecret variable/logic used around lines 95–100) so that if
dbAnonRole is non-empty you require/validate a jwtSecret is explicitly provided,
otherwise leave jwtSecret optional; ensure any code that serializes or writes
PostgREST config omits db_anon_role when dbAnonRole is empty.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 53c6c627-2897-419c-ab51-6999bfdc3769

📥 Commits

Reviewing files that changed from the base of the PR and between 673a4a6 and e8534d5.

⛔ Files ignored due to path filters (6)

• api/apiv1/gen/http/control_plane/client/types.go is excluded by !**/gen/**
• api/apiv1/gen/http/control_plane/server/types.go is excluded by !**/gen/**
• api/apiv1/gen/http/openapi.json is excluded by !**/gen/**
• api/apiv1/gen/http/openapi.yaml is excluded by !**/gen/**
• api/apiv1/gen/http/openapi3.json is excluded by !**/gen/**
• api/apiv1/gen/http/openapi3.yaml is excluded by !**/gen/**

📒 Files selected for processing (6)

• api/apiv1/design/database.go
• server/internal/api/apiv1/validate.go
• server/internal/api/apiv1/validate_test.go
• server/internal/database/postgrest_service_config.go
• server/internal/database/postgrest_service_config_test.go
• server/internal/orchestrator/swarm/orchestrator.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Reject postgrest here until the provisioning path exists.

This now admits postgrest as a valid API input, but server/internal/orchestrator/swarm/orchestrator.go still rejects every non-mcp service type and that error is propagated straight out of GenerateServiceInstanceResources. The result is a request that passes validation and only fails once the workflow starts provisioning. Please surface this as a validation error here until the swarm implementation is ready.

Also applies to: 283-287

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/internal/api/apiv1/validate.go` around lines 252 - 257, The validation
currently allows "postgrest" but the swarm orchestrator only supports "mcp", so
update the allowlist in validate.go to only permit "mcp" (remove "postgrest")
wherever supportedServiceTypes is defined (the occurrences around
svc.ServiceType checks at the shown block and the similar block at lines
283-287), ensuring validation appends a newValidationError via appendPath(path,
"service_type") for any non-"mcp" values so invalid inputs are rejected before
provisioning.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

find . -type f -name "postgrest_service_config.go" | head -5

Repository: pgEdge/control-plane

Length of output: 118

---

🏁 Script executed:

# Read the postgrest_service_config.go file to understand the full context
cat -n server/internal/database/postgrest_service_config.go

Repository: pgEdge/control-plane

Length of output: 5676

---

🏁 Script executed:

# Search for any validation logic or initialization that might mitigate the concern
rg -A 5 -B 5 "db_anon_role|jwt_secret" server/internal/database/postgrest_service_config.go

Repository: pgEdge/control-plane

Length of output: 2038

---

🏁 Script executed:

# Check if there's any usage of this config in tests or main code to understand security context
rg -l "postgrest_service_config\|PostgRESTServiceConfig" server/ --type go | head -10

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Check for any comments or documentation about the security design
rg -B 3 -A 3 "db_anon_role|pgedge_application_read_only" server/ --type go | head -40

Repository: pgEdge/control-plane

Length of output: 2959

---

🏁 Script executed:

# Check if there are any integration points or examples that show intended usage
rg -l "PostgRESTServiceConfig\|db_anon_role" server/ --type go

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Look for test cases or examples that might shed light on intended behavior
find server -name "*test.go" -type f -exec rg -l "postgrest\|PostgREST" {} \;

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Check if db_anon_role can be set to empty/nil/unset anywhere
rg -A 10 -B 5 "db_anon_role.*=" server/ --type go | head -50

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Check where PostgRESTServiceConfig is used and if there are any guards or warnings
rg -B 5 -A 10 "ParsePostgRESTServiceConfig\|PostgRESTServiceConfig" server/ --type go | head -80

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Check if there's any documentation or comments about security implications
rg -i "anonymous|security|auth" server/internal/database/ --type go

Repository: pgEdge/control-plane

Length of output: 338

---

🏁 Script executed:

# Look at the service instance/spec to see how this config is deployed
rg -B 5 -A 15 "postgrest\|PostgREST" server/internal/orchestrator/swarm/service_instance_spec.go 2>/dev/null | head -50

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Search for README or documentation about PostgREST setup
find . -name "README*" -o -name "*.md" | xargs grep -l -i "postgrest\|anonymous" 2>/dev/null | head -5

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Check if there are environment variables or deployment configs that might override defaults
find server -name "*.go" | xargs grep -l "db_anon_role\|postgrest.*config" | head -10

Repository: pgEdge/control-plane

Length of output: 217

---

🏁 Script executed:

# Look for any comments in the file about design decisions or security considerations
head -100 server/internal/database/postgrest_service_config.go | grep -i "optional\|default\|anonymous\|security"

Repository: pgEdge/control-plane

Length of output: 917

---

🏁 Script executed:

# Check if there's validation that requires jwt_secret when db_anon_role is set
rg -B 10 -A 10 "jwt_secret.*required\|require.*jwt" server/internal/database/ --type go

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Understand PostgREST behavior by checking if there's any related documentation or config examples
find . -type f \( -name "*.md" -o -name "*.txt" \) | xargs grep -i "postgrest" 2>/dev/null | head -20

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Check the test file to understand intended behavior and validation
cat -n server/internal/database/postgrest_service_config_test.go

Repository: pgEdge/control-plane

Length of output: 8398

---

🏁 Script executed:

# Check the api validation test to see if there's any auth-related validation
rg -B 5 -A 10 "postgrest\|PostgREST" server/internal/api/apiv1/validate_test.go

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Check how this config is actually deployed and used in the service
rg -B 5 -A 15 "DBAnonRole|db_anon_role" server/internal/orchestrator/swarm/ --type go

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Check if there's any validation at service creation time that enforces auth
rg -B 3 -A 10 "service.*spec\|ServiceSpec" server/internal/orchestrator/swarm/service_spec.go | head -60

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Check if there's any documentation or design docs about this choice
find . -type f \( -name "*.md" -o -name "*.txt" \) -exec grep -l "anon\|anonymous\|authentication" {} \; 2>/dev/null | head -5

Repository: pgEdge/control-plane

Length of output: 174

---

🏁 Script executed:

# Check the service credentials doc for any context about design decisions
cat -n docs/development/service-credentials.md | head -100

Repository: pgEdge/control-plane

Length of output: 4868

---

🏁 Script executed:

# Check if there's any configuration validation at the service creation level that might mitigate this
rg -B 5 -A 15 "PostgRESTServiceConfig\|postgrest.*config" server/internal/orchestrator/swarm/service_instance_spec.go 2>/dev/null | head -80

Repository: pgEdge/control-plane

Length of output: 46

---

🏁 Script executed:

# Look for any README content about PostgREST setup or security
cat README.md | grep -A 20 -B 5 -i "postgrest\|anonymous" 2>/dev/null

Repository: pgEdge/control-plane

Length of output: 46

---

Make anonymous access opt-in, not the default.

PostgREST uses db_anon_role to permit unauthenticated requests; when unset, anonymous access is blocked. The current defaults enable implicit anonymous access: an empty config applies db_anon_role = "pgedge_application_read_only" while leaving jwt_secret optional. The pgedge_application_read_only role grants SELECT on all tables across configured schemas, so a minimal configuration inadvertently exposes data without an explicit authentication decision. Either leave db_anon_role unset by default or require jwt_secret whenever it is defaulted.

Also applies to: lines 95–100

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/internal/database/postgrest_service_config.go` around lines 54 - 55,
Current code sets dbAnonRole := "pgedge_application_read_only" which implicitly
enables anonymous access; change to make anonymous access opt-in by default (set
dbAnonRole to empty string or nil) and remove the implicit default role. Also
update the related block that handles jwtSecret (jwtSecret variable/logic used
around lines 95–100) so that if dbAnonRole is non-empty you require/validate a
jwtSecret is explicitly provided, otherwise leave jwtSecret optional; ensure any
code that serializes or writes PostgREST config omits db_anon_role when
dbAnonRole is empty.

[rshoemaker]

This looks pretty good as a foundational PR - no major concerns with it.