fix: ability to exclude rule ids from eligible versions endpoint

[adityachoudhari26]

Summary by CodeRabbit

• New Features

  • Added ability to exclude specific policy rule IDs when evaluating eligible versions, so callers can view eligible versions while skipping selected policies.

• Tests

  • Added end-to-end test verifying excluding a rule ID bypasses a policy pin and restores broader version eligibility.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0ba4bf30-0a83-4e13-a289-fdda65979b51

📥 Commits

Reviewing files that changed from the base of the PR and between 2fa710d and af0f16d.

📒 Files selected for processing (1)

• apps/workspace-engine/svc/controllers/desiredrelease/policyeval/policyeval.go

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

---

📝 Walkthrough

Walkthrough

This PR extends the eligible-versions endpoint with an optional excludeRuleIds parameter allowing callers to skip specific policy rules during version eligibility evaluation. Changes span OpenAPI specs, type definitions, a new evaluator filtering helper, request handlers integrating the filter, and comprehensive end-to-end tests.

Changes

Policy rule ID exclusion for eligible-versions endpoint

Layer / File(s)	Summary
OpenAPI contract updates apps/api/openapi/openapi.json, apps/api/openapi/paths/release-targets.jsonnet, apps/workspace-engine/oapi/openapi.json, apps/workspace-engine/oapi/spec/paths/release_targets.jsonnet	Updated OpenAPI specifications in both API gateway and workspace-engine to define the new optional excludeRuleIds field (array of UUID strings) in the eligible-versions endpoint request body schema.
Type definitions and generated types apps/api/src/types/openapi.ts, apps/workspace-engine/pkg/oapi/oapi.gen.go, e2e/api/schema.ts, packages/workspace-engine-sdk/src/schema.ts	Updated TypeScript and Go request body types across the API gateway, workspace-engine, and SDK packages to include the optional excludeRuleIds: string[] field.
Policy evaluator filtering implementation apps/workspace-engine/svc/controllers/desiredrelease/policyeval/policyeval.go, apps/workspace-engine/svc/controllers/desiredrelease/policyeval/policyeval_test.go	Introduced FilterEvaluatorsByRuleID helper that excludes evaluators by rule ID, with comprehensive test coverage validating nil/empty handling, order preservation, duplicate handling, and input immutability.
Request handler integration apps/api/src/routes/v1/workspaces/release-targets.ts, apps/workspace-engine/svc/http/server/openapi/release_targets/eligible_versions.go	API gateway extracts excludeRuleIds from request and forwards it to workspace-engine; handler constructs exclude list and applies filter to evaluators before policy evaluation.
End-to-end test verification e2e/tests/api/release-target-eligible-versions.spec.ts	Added Playwright e2e test demonstrating the feature: creates a policy pin, confirms it restricts eligible versions, then excludes the pinned rule and verifies all versions become eligible again.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• ctrlplanedev/ctrlplane#1143: Introduced the initial listEligibleVersionsForReleaseTarget endpoint with filter support; this PR extends it with excludeRuleIds field and filtering logic.

Poem

🐰 I hopped through specs and code so spry,
A tiny field to say goodbye,
Skip rule IDs that block the way,
Let versions dance and find their day,
A rabbit cheers—exclude, then play!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding ability to exclude rule IDs from the eligible versions endpoint across multiple services and OpenAPI specs.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch exclude-rule-uuids

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@apps/workspace-engine/svc/controllers/desiredrelease/policyeval/policyeval.go`:
- Around line 184-187: The doc for FilterEvaluatorsByRuleID is inconsistent: it
claims the returned slice never shares backing storage but currently returns the
input slice directly when excludeIDs is empty; change the implementation of
FilterEvaluatorsByRuleID so that even in the empty-excludeIDs path it returns a
shallow copy of evals (e.g., allocate a new slice of len(evals) and copy
elements) to avoid aliasing, preserving existing element pointers but ensuring
independent backing storage; update any early-return that returns evals directly
to instead return the copied slice while keeping the function signature and
behavior otherwise unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f69949aa-3f58-4b77-9b8f-52b8af257e7a

📥 Commits

Reviewing files that changed from the base of the PR and between 96240c3 and 2fa710d.

📒 Files selected for processing (13)

• apps/api/openapi/openapi.json
• apps/api/openapi/paths/release-targets.jsonnet
• apps/api/src/routes/v1/workspaces/release-targets.ts
• apps/api/src/types/openapi.ts
• apps/workspace-engine/oapi/openapi.json
• apps/workspace-engine/oapi/spec/paths/release_targets.jsonnet
• apps/workspace-engine/pkg/oapi/oapi.gen.go
• apps/workspace-engine/svc/controllers/desiredrelease/policyeval/policyeval.go
• apps/workspace-engine/svc/controllers/desiredrelease/policyeval/policyeval_test.go
• apps/workspace-engine/svc/http/server/openapi/release_targets/eligible_versions.go
• e2e/api/schema.ts
• e2e/tests/api/release-target-eligible-versions.spec.ts
• packages/workspace-engine-sdk/src/schema.ts

[Copilot]

Pull request overview

Adds support for excluding specific policy rule IDs when computing the “eligible versions” set for a release target, enabling callers to “what-if” ignore a particular constraint (e.g., a versionSelector pin) while keeping all other policy evaluation intact.

Changes:

• Extends the eligible-versions request body with excludeRuleIds across OpenAPI specs and generated SDK/types.
• Implements evaluator filtering in workspace-engine before policy evaluation runs.
• Adds e2e coverage for bypassing a versionSelector pin, plus unit tests for the evaluator-filter helper.

Reviewed changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
packages/workspace-engine-sdk/src/schema.ts	Adds excludeRuleIds to the SDK request schema for eligible versions.
e2e/tests/api/release-target-eligible-versions.spec.ts	Adds an e2e test validating that excluding a rule ID bypasses a versionSelector pin.
e2e/api/schema.ts	Updates e2e client schema to include excludeRuleIds.
apps/workspace-engine/svc/http/server/openapi/release_targets/eligible_versions.go	Parses excludeRuleIds and filters evaluators before evaluating deployable versions.
apps/workspace-engine/svc/controllers/desiredrelease/policyeval/policyeval.go	Introduces FilterEvaluatorsByRuleID helper used by the endpoint.
apps/workspace-engine/svc/controllers/desiredrelease/policyeval/policyeval_test.go	Adds unit tests for FilterEvaluatorsByRuleID.
apps/workspace-engine/pkg/oapi/oapi.gen.go	Regenerates OAPI types to include ExcludeRuleIds in the request body struct.
apps/workspace-engine/oapi/spec/paths/release_targets.jsonnet	Updates workspace-engine OpenAPI jsonnet path spec to define excludeRuleIds.
apps/workspace-engine/oapi/openapi.json	Updates rendered workspace-engine OpenAPI JSON with excludeRuleIds.
apps/api/src/types/openapi.ts	Updates API service OpenAPI-derived TS types to include excludeRuleIds.
apps/api/src/routes/v1/workspaces/release-targets.ts	Wires excludeRuleIds through the API layer to workspace-engine.
apps/api/openapi/paths/release-targets.jsonnet	Updates API OpenAPI jsonnet path spec to define excludeRuleIds.
apps/api/openapi/openapi.json	Updates rendered API OpenAPI JSON with excludeRuleIds.

Files not reviewed (1)

• apps/workspace-engine/pkg/oapi/oapi.gen.go: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.