LCORE-632: Regenerated config diagrams

[tisnik]

Description

LCORE-632: Regenerated config diagrams

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement

Related Tickets & Documents

• Related Issue #LCORE-632

Summary by CodeRabbit

• New Features
  • Added ability to export the current configuration to a file.
• Refactor
  • Clarified which configuration sections are optional (e.g., authentication, database, inference, MCP servers).
  • Improved secret handling for sensitive values, including API keys and database passwords.
  • Made service security settings (CORS and TLS) optional for greater flexibility.

[coderabbitai]

Walkthrough

Adds a dump(filename: str) method to Configuration and updates multiple configuration fields to Optional types and SecretStr in docs/config.puml. Adjusts typing for authentication, database, inference, mcp_servers, jwt_configuration, api_key, password, cors, and tls_config within UML definitions.

Changes

Cohort / File(s)

Summary of changes

Configuration UML model docs/config.puml

Added Configuration.dump(filename: str) -> None. Updated field types to Optional: Configuration.authentication, Configuration.database, Configuration.inference, Configuration.mcp_servers, JwkConfiguration.jwt_configuration, ServiceConfiguration.cors, ServiceConfiguration.tls_config. Strengthened secrets: LlamaStackConfiguration.api_key to Optional[SecretStr], PostgreSQLDatabaseConfiguration.password to SecretStr.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Client
  participant C as Configuration
  participant FS as File System

  Client->>C: dump(filename)
  activate C
  C->>FS: open/create file
  FS-->>C: handle
  C->>FS: write serialized configuration
  FS-->>C: success/err
  deactivate C
  C-->>Client: None (return)
  note over C,FS: New method in UML: dump(filename: str) -> None

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• LCORE-336: Updated configuration diagram #405 — Updates around Configuration.database and authentication typings; overlaps with this PR’s Configuration type changes.
• Regenerated config diagram #473 — Modifies Configuration model adding authorization fields; touches same UML class updated here.
• LCORE-380: regenerated schema #275 — Adjusts LlamaStackConfiguration schema/title and Configuration reference; related to this PR’s LlamaStackConfiguration typing changes.

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "LCORE-632: Regenerated config diagrams" succinctly and accurately reflects the PR's stated purpose (regenerating configuration diagrams tied to ticket LCORE-632) and matches the changes in docs/config.puml, so it is clear, specific, and on-topic.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

A rabbit taps the config tree,
Optional leaves fall gracefully.
Secrets burrow safe from sight,
Keys wrapped snug, password tight.
With a gentle thump–thump, I jump:
“Saved to file!” goes my dump.
Hippity hop, the schema’s right.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

docs/config.puml (1)

30-36: Optional-izing core sections: confirm defaults; prefer list over Optional[list] for mcp_servers

• Verify the runtime defaults (None vs omitted) and validators tolerate None for authentication, database, and inference.
• Consider using an empty list instead of Optional[list] to avoid tri-state handling for mcp_servers.

Proposed tweak (only if the codebase defaults to empty lists):

-  mcp_servers : Optional[list[ModelContextProtocolServer]]
+  mcp_servers : list[ModelContextProtocolServer]

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 63996a6 and 4ca884a.

⛔ Files ignored due to path filters (2)

• docs/config.png is excluded by !**/*.png
• docs/config.svg is excluded by !**/*.svg

📒 Files selected for processing (1)

• docs/config.puml (5 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-pr
• GitHub Check: e2e_tests

🔇 Additional comments (6)

docs/config.puml (6)

67-69: jwt_configuration now Optional: define XOR rule with url

If inline JWT config is allowed, clarify whether exactly one of jwt_configuration or url must be provided. If both/none are allowed, document precedence.

---

87-92: api_key as SecretStr: ensure dump/redaction matches

Good change. Please confirm that any serialization (e.g., dump(filename)) redacts SecretStr values and that diagrams reflect redaction behavior.

---

104-109: Postgres password now SecretStr: is it always required?

If GSS/peer auth flows are supported, password may be absent. Either mark as Optional[SecretStr] or explicitly document that password is required in all supported modes.

---

117-121: cors/tls_config Optional: LGTM; document defaults

Looks good. Please document default behavior when these are None and ensure check_service_configuration() handles None safely.

---

40-40: New dump(filename) method: confirm parity with implementation

Verify this method exists in the code and that it:

• Redacts secrets (SecretStr) on output.
• Handles I/O errors predictably.
• Accepts PathLike in addition to str (if applicable).

---

11-13: Duplicate JWK field names — pick one canonical name

File: docs/config.puml (lines 11–13) — Two similarly named fields (jwk_config vs jwk_configuration) appear; keep only one.

-  jwk_configuration
+  jwk_config : Optional[JwkConfiguration]

or

-  jwk_config : Optional[JwkConfiguration]
+  jwk_configuration : Optional[JwkConfiguration]