refactor: clean up imports and comments in various files

[tolgaozen]

Summary by CodeRabbit

• New Features

  • OpenID Connect JWT authentication with JWKS auto-refresh and configurable retry/backoff.
  • New CLI command for inspecting configuration.

• Improvements

  • Clarified boolean/float parsing errors.
  • More robust DSL parsing across line breaks.
  • Expanded OTLP exporter support with richer HTTP/gRPC options.

• Refactor

  • Internal cleanup and clearer telemetry exporter construction.

• Style/Documentation

  • Commenting and formatting updates in storage and schema areas.

• Tests

  • Updated tests to match revised parsing error messages.

[coderabbitai]

Walkthrough

Adds a new OpenID Authn implementation with JWKS auto-refresh, JWT parsing, backoff/retry state and validation; introduces a Cobra constructor for config command; tracks previousToken in the DSL parser; refactors OTLP telemetry exporters; updates tests and many comment/formatting tweaks across various files.

Changes

Cohort / File(s)	Summary
OpenID OIDC Authn internal/authn/openid/authn.go	Adds exported Authn and Config types, JWT/JWKS imports, jwk.AutoRefresh setup, JWT parser, backoff/retry fields and validation, initialization in NewOidcAuthn, and prefetching of JWKS.
CLI Config command pkg/cmd/config.go	Adds exported NewConfigCommand() *cobra.Command to construct the config inspection command; introduces a local conf var that may shadow an existing conf symbol.
DSL Parser pkg/dsl/parser/parser.go	Adds previousToken field to Parser, updates token advancement and lookbehind helpers, and adjusts newline handling after operators.
Telemetry — OTLP exporters (logs/metrics/traces) pkg/telemetry/logexporters/otlp.go, pkg/telemetry/meterexporters/otlp.go, pkg/telemetry/meterexporters/otlp_grpc.go, pkg/telemetry/tracerexporters/otlp.go, pkg/telemetry/tracerexporters/otlp_grpc.go	Refactors exporter constructors to explicit HTTP vs gRPC branches with protocol-specific option construction (endpoint, path, insecure/TLS, headers). Public APIs unchanged.
Attribute tests pkg/attribute/attribute_test.go	Adjusted expected error message strings for boolean and float parsing cases.
Development coverage pkg/development/coverage/coverage.go	Renamed loop variables, added/clarified comments, guarded totals calculation logic; behavior preserved.
Storage — imports/comments/formatting internal/storage/memory/bundle_reader.go, internal/storage/postgres/schema_reader.go, internal/storage/postgres/tenant_reader.go, internal/storage/postgres/utils/version.go	Import reorderings, inline comment additions, minor formatting and doc tweaks; no behavioral changes.
Schema loader & sample pkg/schema/loader.go, pkg/schema/schema.txt	Removed stray blank lines, adjusted sample indentation/formatting; no semantic changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Caller
  participant NewOIDC as NewOidcAuthn
  participant JWKS as jwk.AutoRefresh
  participant HTTP as HTTP Client

  Caller->>NewOIDC: NewOidcAuthn(cfg, httpClient)
  NewOIDC->>NewOIDC: validate cfg & backoff params
  NewOIDC->>JWKS: init AutoRefresh(JWKS URI, client)
  JWKS->>HTTP: GET {JWKsURI}
  HTTP-->>JWKS: JWKS document / error
  alt JWKS fetch OK
    JWKS-->>NewOIDC: cached keys
    NewOIDC-->>Caller: return Authn instance
  else JWKS fetch failed
    NewOIDC-->>Caller: return error
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• refactor(authn): streamline context usage and enhance code readability #2521 — Modifies internal/authn/openid/authn.go; touches JWKS fetching and key-retrieval/backoff flows overlapping with these changes.
• refactor: rename files for consistency and improved readability #2516 — Related edits to OpenID authn imports/usage that align with the new Authn implementation.
• feat: update permify api v1.4.4 #2433 — Adds tests and validations around NewOidcAuthn and OIDC configuration that directly map to constructor/backoff behavior here.

Suggested reviewers

• tolgaOzen

Poem

I nibble code beneath moon's light,
Keys refresh so tokens take flight,
Parsers remember hops they made,
Exporters hum, no metrics fade,
A rabbit ships these changes bright. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The provided title indicates only cleanup of imports and comments, but the pull request actually introduces substantial functional work such as OpenID Connect authentication support, JWT handling, new telemetry exporters, and parser enhancements, so the title does not capture the main changes.	Please revise the title to concisely summarize the primary functional additions—such as “add OpenID Connect authentication and enhance telemetry exporters”—rather than just import and comment cleanup.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/update-authn-telemetry

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

pkg/cmd/config.go (1)

265-265: Fix table header setup

Line 265 calls table.Header(...), but tablewriter.Table exposes SetHeader(...)—there is no Header method. As written, this code will fail to compile.

-	table.Header([]string{"Key", "Value", "Source"})
+	table.SetHeader([]string{"Key", "Value", "Source"})

pkg/dsl/parser/parser.go (1)

100-110: Keep previousToken updated in nextWithIgnores.

previousToken now drives newline handling (Line 604) but we only update it inside next(). parseRuleStatement and other paths call nextWithIgnores() while building bodies, so previousToken stays stuck on an earlier token. That breaks the new newline checks—e.g. a newline after ( will no longer be recognized once we advance via nextWithIgnores, leading to skipped tokens or parse errors. Please mirror the previousToken assignment inside nextWithIgnores to keep parser state consistent.

Also applies to: 36-44

internal/authn/openid/authn.go (1)

218-230: Unlock mutex before returning after successful retry.

When globalRetryCount hits the limit you drop the lock, fetch the key once, then re-lock (Line 218). On success you return while still holding mutex, so every subsequent call deadlocks on oidc.mutex.Lock(). Please release the lock before returning (e.g. oidc.mutex.Unlock(); return raw, nil).

🧹 Nitpick comments (2)

pkg/telemetry/meterexporters/otlp_grpc.go (1)

15-21: Avoid appending headers twice

WithHeaders(headers) is included in the base slice and then appended again when len(headers) > 0, so we end up pushing the same option twice. Please keep the add inside the conditional (and drop it from the initial slice) so we only register headers when they actually exist.

pkg/development/coverage/coverage.go (1)

264-275: attributes(): avoid sparse slice and early abort; append matches only

Preallocating len(attributes) and assigning by index leaves empty strings for non-matching entities; also one parse error nukes all results. Build a compact slice and skip bad inputs.

-func attributes(en string, attributes []string) []string {
-    attrs := make([]string, len(attributes))
-    for index, attrStr := range attributes { // Iterate attribute strings
-        a, err := attribute.Attribute(attrStr)
-        if err != nil {
-            return []string{}
-        }
-        if a.GetEntity().GetType() != en {
-            continue
-        }
-        attrs[index] = fmt.Sprintf("%s#%s", a.GetEntity().GetType(), a.GetAttribute()) // Format attribute
-    } // End iteration
-    return attrs // Return attributes
-} // End attributes
+func attributes(en string, attributes []string) []string {
+    attrs := make([]string, 0, len(attributes))
+    for _, attrStr := range attributes { // Iterate attribute strings
+        a, err := attribute.Attribute(attrStr)
+        if err != nil {
+            continue
+        }
+        if a.GetEntity().GetType() != en {
+            continue
+        }
+        attrs = append(attrs, fmt.Sprintf("%s#%s", a.GetEntity().GetType(), a.GetAttribute())) // Format attribute
+    } // End iteration
+    return attrs // Return attributes
+} // End attributes

Based on learnings

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3ad63e4 and 05fa43c.

📒 Files selected for processing (16)

• internal/authn/openid/authn.go (1 hunks)
• internal/storage/memory/bundle_reader.go (0 hunks)
• internal/storage/postgres/schema_reader.go (6 hunks)
• internal/storage/postgres/tenant_reader.go (1 hunks)
• internal/storage/postgres/utils/version.go (1 hunks)
• pkg/attribute/attribute_test.go (3 hunks)
• pkg/cmd/config.go (1 hunks)
• pkg/development/coverage/coverage.go (6 hunks)
• pkg/dsl/parser/parser.go (4 hunks)
• pkg/schema/loader.go (0 hunks)
• pkg/schema/schema.txt (1 hunks)
• pkg/telemetry/logexporters/otlp.go (1 hunks)
• pkg/telemetry/meterexporters/otlp.go (1 hunks)
• pkg/telemetry/meterexporters/otlp_grpc.go (1 hunks)
• pkg/telemetry/tracerexporters/otlp.go (1 hunks)
• pkg/telemetry/tracerexporters/otlp_grpc.go (1 hunks)

💤 Files with no reviewable changes (2)

• pkg/schema/loader.go
• internal/storage/memory/bundle_reader.go

🧰 Additional context used

🧬 Code graph analysis (7)

pkg/telemetry/tracerexporters/otlp.go (2)

pkg/telemetry/logexporters/otlp.go (1)

• NewOTLP (12-49)

pkg/telemetry/meterexporters/otlp.go (1)

• NewOTLP (13-58)

pkg/telemetry/logexporters/otlp.go (2)

pkg/telemetry/meterexporters/otlp.go (1)

• NewOTLP (13-58)

pkg/telemetry/tracerexporters/otlp.go (1)

• NewOTLP (12-52)

pkg/telemetry/meterexporters/otlp_grpc.go (1)

pkg/telemetry/tracerexporters/otlp_grpc.go (1)

• NewOTLPGrpc (11-34)

pkg/telemetry/tracerexporters/otlp_grpc.go (1)

pkg/telemetry/meterexporters/otlp_grpc.go (1)

• NewOTLPGrpc (10-32)

internal/storage/postgres/schema_reader.go (1)

internal/schema/schema.go (1)

• GetEntityByName (89-97)

pkg/development/coverage/coverage.go (1)

pkg/attribute/attribute.go (1)

• Attribute (22-131)

pkg/telemetry/meterexporters/otlp.go (2)

pkg/telemetry/logexporters/otlp.go (1)

• NewOTLP (12-49)

pkg/telemetry/tracerexporters/otlp.go (1)

• NewOTLP (12-52)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Analyze (go)
• GitHub Check: Test with Coverage
• GitHub Check: Test with Coverage

🔇 Additional comments (2)

pkg/development/coverage/coverage.go (2)

93-95: LGTM: ref/loop variable rename only

Behavior unchanged; clearer naming.

---

1-4: Go ≥1.21 confirmed; stdlib slices supported
All go.mod files declare Go 1.24.6, so importing "slices" from the standard library is safe.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

pkg/development/coverage/coverage.go (2)

1-4: Consider removing or simplifying the basic inline comments.

The inline comments on package declaration and imports are somewhat verbose and don't add significant value beyond what the code already conveys.

Apply this diff if you'd like to simplify:

-package coverage // Coverage analysis package
-import (         // Package imports
-	"fmt"    // Formatting
-	"slices" // Slice operations
+package coverage
+
+import (
+	"fmt"
+	"slices"

---

180-215: Division-by-zero guards successfully address the critical issue.

The explicit zero-denominator checks at lines 199-213 prevent panics when there are no entities, relationships, attributes, or assertions. This resolves the critical issue flagged in the previous review.

However, the variable names could be clearer. totalRelationships actually counts entities (not relationships), and totalCoveredRelationships sums percentages (not counts). Consider renaming for clarity in a follow-up:

entityCount := 0
sumRelationshipPercent := 0
// ... similar for attributes and assertions

This would make the averaging logic more explicit.

Based on learnings

pkg/telemetry/logexporters/otlp.go (1)

1-55: Consider reducing inline comments.

Every line has an inline comment, which can reduce readability. Consider keeping only comments that explain non-obvious logic, complex decisions, or important gotchas.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 05fa43c and 9604080.

📒 Files selected for processing (2)

• pkg/development/coverage/coverage.go (6 hunks)
• pkg/telemetry/logexporters/otlp.go (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

pkg/development/coverage/coverage.go (1)

pkg/attribute/attribute.go (1)

• Attribute (22-131)

pkg/telemetry/logexporters/otlp.go (2)

pkg/telemetry/tracerexporters/otlp.go (1)

• NewOTLP (12-52)

pkg/telemetry/meterexporters/otlp.go (1)

• NewOTLP (13-58)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Test with Coverage
• GitHub Check: Analyze (go)
• GitHub Check: Test with Coverage

🔇 Additional comments (3)

pkg/development/coverage/coverage.go (2)

93-95: Good variable renaming for clarity.

The rename from i, en to idx, entityDef improves readability. The inline comments are optional but don't hurt.

---

276-287: Good variable renaming in the loop.

The rename from i to index improves clarity. The inline comments are optional but acceptable.

pkg/telemetry/logexporters/otlp.go (1)

25-44: Headers are now correctly forwarded.

The critical issue from the previous review has been resolved. Both HTTP (lines 25-27) and gRPC (lines 42-44) exporters now properly forward the headers parameter to their respective clients, ensuring authentication and metadata reach the OTLP collector.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

pkg/telemetry/logexporters/otlp.go (1)

26-28: Header propagation and secure gRPC TLS are correctly restored.

Both HTTP/gRPC now pass headers; gRPC secure path sets explicit TLS creds. Parity with meter/tracer exporters achieved.

Also applies to: 45-47, 41-44

🧹 Nitpick comments (3)

pkg/telemetry/logexporters/otlp.go (3)

12-15: Normalize protocol and use named constants (defensive + clearer).

Avoid case/typo surprises and magic strings.

Apply:

 import (
   "context"
   "fmt"
+  "strings"
   ...
 )

+const (
+  ProtocolHTTP = "http"
+  ProtocolGRPC = "grpc"
+)

 func NewOTLP(endpoint string, insecure bool, urlpath string, headers map[string]string, protocol string) (*otlplogs.Exporter, error) {
-  switch protocol { // Determine protocol type
+  protocol = strings.ToLower(strings.TrimSpace(protocol))
+  switch protocol { // Determine protocol type
-  case "http": // HTTP protocol configuration
+  case ProtocolHTTP: // HTTP protocol configuration
-  case "grpc": // gRPC protocol configuration
+  case ProtocolGRPC: // gRPC protocol configuration

---

29-31: Use a bounded context for exporter creation.

Guard init against hangs with a small timeout.

Apply:

 import (
   "context"
   "fmt"
+  "time"
   ...
 )

 func NewOTLP(..., protocol string) (*otlplogs.Exporter, error) {
+  ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+  defer cancel()
   switch protocol {
     case "http":
-      httpExporter, httpErr := otlplogs.NewExporter(context.Background(), otlplogs.WithClient(
+      httpExporter, httpErr := otlplogs.NewExporter(ctx, otlplogs.WithClient(
         otlplogshttp.NewClient(httpOptions...),
       ))
     case "grpc":
-      grpcExporter, grpcErr := otlplogs.NewExporter(context.Background(), otlplogs.WithClient(
+      grpcExporter, grpcErr := otlplogs.NewExporter(ctx, otlplogs.WithClient(
         otlplogsgrpc.NewClient(grpcOptions...),
       ))

If adopted, consider aligning meter/tracer exporters too for consistency. Based on relevant code snippets

Also applies to: 48-50

---

56-57: Clarify error message for unsupported protocol.

Make it self-explanatory.

Apply:

-    return nil, fmt.Errorf("unsupported protocol: %s", protocol) // Return error
+    return nil, fmt.Errorf("unsupported protocol: %q (expected \"http\" or \"grpc\")", protocol) // Return error

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9604080 and e7c4a23.

📒 Files selected for processing (1)

• pkg/telemetry/logexporters/otlp.go (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

pkg/telemetry/logexporters/otlp.go (2)

pkg/telemetry/meterexporters/otlp.go (1)

• NewOTLP (13-58)

pkg/telemetry/tracerexporters/otlp.go (1)

• NewOTLP (12-52)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Test with Coverage
• GitHub Check: Analyze (go)
• GitHub Check: Test with Coverage