feat(router): allow split config polling

[dkorittki]

Adds a new config poller implementation satisfying the configpoller.ConfigPoller interface. It fetches from the CDN first a mapper.json file to see what parts of the engine config have changed, fetches changed configs (feature flag graphs or base graph) and updates the engine config. The end result is always a complete nodev1.RouterConfig, just like the other config poller produces as well.

To use the new config poller the routers JWT token needs to have the split-config-loading feature in the features claim. If the token does not have this feature, the router uses the old config poller.

Summary by CodeRabbit

• New Features
  • Introduced feature-flag-aware JWT tokens with optional features claim to enable granular permission control.
  • Enabled split-configuration loading, allowing separate router configurations for different feature flags to be loaded dynamically from CDN.
  • Enhanced router initialization to support automatic configuration assembly based on enabled feature flags.

Checklist

• I have discussed my proposed changes in an issue and have received approval to proceed.
• I have followed the coding standards of the project.
• Tests or benchmarks have been added or updated.
• Documentation has been updated on https://github.com/wundergraph/docs-website.
• I have read the Contributors Guide.

Open Source AI Manifesto

This project follows the principles of the Open Source AI Manifesto. Please ensure your contribution aligns with its principles.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: aa2f5319-61f5-4e78-b945-c7c1d09af87f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

The PR adds split-config loading: a feature flag–aware mechanism where the control plane emits a split-config-loading flag in router JWT tokens, and the router dynamically fetches and composes separate per-feature-flag router configurations from CDN instead of a single monolithic config. The control plane now includes organization features in JWT claims, the router detects the flag and conditionally initializes a split-config poller, and a new CDN fetcher handles authenticated retrieval and composition of per-flag config artifacts.

Changes

Split-Config Loading Feature

Layer / File(s)	Summary
Data Shape proto/wg/cosmo/node/v1/node.proto, controlplane/src/types/index.ts	ActiveGraphs message added to map feature flag names (or empty string for base) to config hashes. FeatureIds and GraphApiKeyJwtPayload types extended to include 'split-config-loading' feature and optional features?: string[] JWT claim.
JWT Claims & Feature Detection router/internal/jwt/claims.go	FederatedGraphTokenClaims now includes Features []string field with a HasFeature(string) bool helper. JWT extraction logic updated to parse and validate the features claim as an array of strings.
Control Plane Feature Emission controlplane/src/core/repositories/OrganizationRepository.ts, controlplane/src/core/bufservices/federated-graph/createFederatedGraphToken.ts	getOrganizationFeatures adds 'split-config-loading': false default. createFederatedGraphToken loads organization features via OrganizationRepository, conditionally includes a features claim in the JWT when split-config-loading is enabled.
CDN Split Artifact Fetcher router/pkg/routerconfig/cdn/split_fetcher.go	NewSplitFetcher constructs an authenticated CDN client with JWT-derived graph/org IDs and optional HMAC signature validation. FetchMapper retrieves the mapper manifest; FetchConfig retrieves base or per-feature-flag router configs, with automatic gzip decompression and signature verification.
Split-Config Poller Core router/pkg/controlplane/configpoller/split_config_poller.go	NewSplitConfigPoller creates a polling loop that fetches the mapper, detects changed/added/removed feature flags, deterministically computes composite version hashes, selectively refetches affected configs, and assembles a composite RouterConfig by merging base and per-feature-flag engine/subgraph/version fields. GetRouterConfig performs initial fetch; Subscribe implements hot-reload with change detection and handler invocation only on config changes.
Router Integration router/core/init_config_poller.go	InitializeConfigPoller detects SplitConfigLoading feature via JWT; when enabled and no custom storage provider is configured, it returns a split-config poller instead of regular execution-config polling.
Whitespace Normalization router/core/graph_server.go	Adjusted whitespace in federated graph token claims handling.
Tests & Validation router/pkg/controlplane/configpoller/split_config_poller_test.go	Comprehensive test suite with mockSplitFetcher covering GetRouterConfig behavior (base-only, with feature flags, error propagation), subscription/polling scenarios (no changes, base/FF updates, add/remove), state consistency, and computeCompositeVersion determinism.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 30.77% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(router): allow split config polling' directly summarizes the main change: introducing a feature to enable split config polling in the router.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

connect-go - uncommitted changes detected

Seems like you forgot to commit some code. Possible causes:

• Generated code not part of the PR, fix with: make generate and commit the changes
• Dependency mismatch for tools (protoc, etc). Ensure your local machine has same versions of tools as CI does
• Formatting drift, fix with make format connect-go / pnpm format connect-go

---

Dirty files

• connect-go/gen/proto/wg/cosmo/node/v1/node.pb.go

[github-actions]

controlplane - uncommitted changes detected

Seems like you forgot to commit some code. Possible causes:

• Generated code not part of the PR, fix with: make generate and commit the changes
• Dependency mismatch for tools (protoc, etc). Ensure your local machine has same versions of tools as CI does
• Formatting drift, fix with make format controlplane / pnpm format controlplane

---

Dirty files

• connect/src/wg/cosmo/node/v1/node_pb.ts

[github-actions]

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-1a5ed56ae35c8237fb8744b3c34f4caf97269c0a

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

controlplane/src/types/index.ts (1)

499-503: ⚡ Quick win

Narrow features to FeatureIds[] for stronger token-claim safety.

Line 502 currently allows arbitrary strings; using FeatureIds[] catches claim typos at compile time.

♻️ Proposed change

 export interface GraphApiKeyJwtPayload extends JWTPayload {
   federated_graph_id: string;
   organization_id: string;
-  features?: string[];
+  features?: FeatureIds[];
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@controlplane/src/types/index.ts` around lines 499 - 503, The JWT payload
interface GraphApiKeyJwtPayload currently types features as string[], which
permits arbitrary values; change its features property's type to FeatureIds[]
(i.e., replace features?: string[] with features?: FeatureIds[]) so TypeScript
will enforce allowed feature identifiers—ensure FeatureIds is imported or
defined in the same module and update any usages or tests that construct
GraphApiKeyJwtPayload claims to use the FeatureIds enum/type.

router/core/init_config_poller.go (1)

136-145: ⚡ Quick win

Make split-mode fallback behavior explicit when fallback storage is configured.

When split mode is enabled, this early return bypasses fallback storage config. Add an explicit log (or validation error) so operators don’t assume fallback is active.

♻️ Proposed change

 	if hasSplitCfgFeature {
+		if r.routerConfigPollerConfig.FallbackStorage.Enabled {
+			r.logger.Info("split-config-loading currently ignores fallback storage configuration")
+		}
 		providerID := r.routerConfigPollerConfig.Storage.ProviderID
 		if providerID != "" {
 			r.logger.Info("split-config-loading feature is enabled but a custom storage provider is configured; falling back to regular config polling",
 				zap.String("provider_id", providerID),
 			)
 		} else {
 			return newSplitConfigPoller(r)
 		}
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@router/core/init_config_poller.go` around lines 136 - 145, The code path in
init_config_poller.go around hasSplitCfgFeature currently returns
newSplitConfigPoller only when r.routerConfigPollerConfig.Storage.ProviderID is
empty but logs an info that fallback will happen when ProviderID is set; make
this explicit and obvious by changing that log to a warning or validation error
and add a clear message stating that split-mode is disabled due to a configured
fallback storage provider (include provider_id), e.g. use r.logger.Warn or
r.logger.Error with zap.String("provider_id", providerID) and keep the existing
control flow so newSplitConfigPoller is only returned when ProviderID == "";
ensure the message clearly states that regular config polling will be used
instead of split-config-loading.

router/pkg/controlplane/configpoller/split_config_poller_test.go (1)

128-136: ⚡ Quick win

Add regression coverage for “mapper missing base key” (non-empty mapper).

Current tests cover empty mapper but not the non-empty-without-"" case. Add this to lock in expected failure/skip behavior and prevent stale base-config regressions.

Also applies to: 371-392

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@router/pkg/controlplane/configpoller/split_config_poller_test.go` around
lines 128 - 136, Add a new unit test mirroring
TestSplitGetRouterConfig_EmptyMapper to cover the case where mapper is non-empty
but missing the base key ""; instantiate mockSplitFetcher with mapperResult set
to a non-empty map (e.g., makeActiveGraphs(map[string]string{"foo":"..."})),
call newTestPoller(mock).GetRouterConfig(context.Background()), and assert it
returns an error and that the error message indicates the missing base key
(consistent with the poller's expected failure/skip behavior). Use the same
helpers (mockSplitFetcher, makeActiveGraphs, newTestPoller, GetRouterConfig) to
locate and implement the test.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@router/pkg/controlplane/configpoller/split_config_poller.go`:
- Around line 145-147: The assignment p.knownHashes = graphConfigs aliases an
external map into the poller's state and risks corruption from external
mutation; instead perform a defensive copy of graphConfigs into a new map and
assign that to p.knownHashes (do the same for the other assignment site around
the code that sets p.currentConfig/p.latestVersion), then compute
p.latestVersion using computeCompositeVersion on the copied map; locate usages
by the symbols p.knownHashes, graphConfigs, p.currentConfig, and
computeCompositeVersion and replace direct map assignment with a shallow clone
loop that copies keys/values before storing in p.knownHashes.
- Around line 136-138: The code currently only rejects an entirely empty mapper
(len(graphConfigs) == 0) but doesn't ensure the mapper contains the base graph
key "" so base config changes can be detected; update both places that validate
graphConfigs/mapper (the blocks using graphConfigs and mapper variables in
split_config_poller.go) to additionally check for the presence of the
empty-string key (""), and return an error (fmt.Errorf) if that base entry is
missing so polling won't proceed with a mapper that can't detect base config
updates.

In `@router/pkg/routerconfig/cdn/split_fetcher.go`:
- Around line 51-53: The constructor currently dereferences opts without
checking for nil, causing a panic; update the constructor (the function that
accepts opts and sets defaults, e.g., NewSplitFetcher or its options
initializer) to first guard if opts == nil and if so allocate a new options
struct (opts = &Options{} or the concrete options type used), then apply
defaults like setting opts.Logger = zap.NewNop() when nil; ensure you reference
and set Logger via the same opts variable so no fields are accessed on a nil
pointer.

---

Nitpick comments:
In `@controlplane/src/types/index.ts`:
- Around line 499-503: The JWT payload interface GraphApiKeyJwtPayload currently
types features as string[], which permits arbitrary values; change its features
property's type to FeatureIds[] (i.e., replace features?: string[] with
features?: FeatureIds[]) so TypeScript will enforce allowed feature
identifiers—ensure FeatureIds is imported or defined in the same module and
update any usages or tests that construct GraphApiKeyJwtPayload claims to use
the FeatureIds enum/type.

In `@router/core/init_config_poller.go`:
- Around line 136-145: The code path in init_config_poller.go around
hasSplitCfgFeature currently returns newSplitConfigPoller only when
r.routerConfigPollerConfig.Storage.ProviderID is empty but logs an info that
fallback will happen when ProviderID is set; make this explicit and obvious by
changing that log to a warning or validation error and add a clear message
stating that split-mode is disabled due to a configured fallback storage
provider (include provider_id), e.g. use r.logger.Warn or r.logger.Error with
zap.String("provider_id", providerID) and keep the existing control flow so
newSplitConfigPoller is only returned when ProviderID == ""; ensure the message
clearly states that regular config polling will be used instead of
split-config-loading.

In `@router/pkg/controlplane/configpoller/split_config_poller_test.go`:
- Around line 128-136: Add a new unit test mirroring
TestSplitGetRouterConfig_EmptyMapper to cover the case where mapper is non-empty
but missing the base key ""; instantiate mockSplitFetcher with mapperResult set
to a non-empty map (e.g., makeActiveGraphs(map[string]string{"foo":"..."})),
call newTestPoller(mock).GetRouterConfig(context.Background()), and assert it
returns an error and that the error message indicates the missing base key
(consistent with the poller's expected failure/skip behavior). Use the same
helpers (mockSplitFetcher, makeActiveGraphs, newTestPoller, GetRouterConfig) to
locate and implement the test.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fca262c8-cb67-466f-a6ce-0af950f1de30

📥 Commits

Reviewing files that changed from the base of the PR and between 0c39bc2 and 519a4f3.

⛔ Files ignored due to path filters (1)

• router/gen/proto/wg/cosmo/node/v1/node.pb.go is excluded by !**/*.pb.go, !**/gen/**

📒 Files selected for processing (10)

• controlplane/src/core/bufservices/federated-graph/createFederatedGraphToken.ts
• controlplane/src/core/repositories/OrganizationRepository.ts
• controlplane/src/types/index.ts
• proto/wg/cosmo/node/v1/node.proto
• router/core/graph_server.go
• router/core/init_config_poller.go
• router/internal/jwt/claims.go
• router/pkg/controlplane/configpoller/split_config_poller.go
• router/pkg/controlplane/configpoller/split_config_poller_test.go
• router/pkg/routerconfig/cdn/split_fetcher.go

[codecov]

Codecov Report

❌ Patch coverage is 62.45955% with 116 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (feat/split-configs@932f4ec). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
router/pkg/routerconfig/cdn/split_fetcher.go	68.33%	9 Missing and 29 partials ⚠️
...g/controlplane/configpoller/split_config_poller.go	74.12%	23 Missing and 14 partials ⚠️
router/core/init_config_poller.go	0.00%	33 Missing ⚠️
router/internal/jwt/claims.go	38.46%	4 Missing and 4 partials ⚠️

Additional details and impacted files

@@                  Coverage Diff                  @@
##             feat/split-configs    #2814   +/-   ##
=====================================================
  Coverage                      ?   65.62%           
=====================================================
  Files                         ?      256           
  Lines                         ?    26806           
  Branches                      ?        0           
=====================================================
  Hits                          ?    17591           
  Misses                        ?     7758           
  Partials                      ?     1457           

Files with missing lines	Coverage Δ
router/internal/jwt/claims.go	54.28% <38.46%> (ø)
router/core/init_config_poller.go	2.29% <0.00%> (ø)
...g/controlplane/configpoller/split_config_poller.go	74.12% <74.12%> (ø)
router/pkg/routerconfig/cdn/split_fetcher.go	68.33% <68.33%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[Noroth]

You can swap the if then you can omit else

Suggested change

	if providerID != "" {
	r.logger.Info("split-config-loading feature is enabled but a custom storage provider is configured; falling back to regular config polling",
	zap.String("provider_id", providerID),
	)
	} else {
	return newSplitConfigPoller(r)
	}
	if providerID = "" {
	return newSplitConfigPoller(r)
	}
	r.logger.Info("split-config-loading feature is enabled but a custom storage provider is configured; falling back to regular config polling",
	zap.String("provider_id", providerID))

[dkorittki]

Fixed

[Noroth]

nit: You could also use a hash set here to not use slices.Contains() but have O(1) lookups but I don't think it really matters in this case. Up to you

[dkorittki]

I don't think we will ever run into the amount of features where we can feel this

[Noroth]

All of this was put in utils.go? A bit hard to see what actually changed here

[dkorittki]

I'll revert this so the diff is easier to understand

[dkorittki]

Fixed

[Noroth]

I vote for using https://pkg.go.dev/net/url#JoinPath. Less error prone than fmt

[dkorittki]

Fixed

[Noroth]

nit: could leave the / logic to JoinPath but fine as it is

Suggested change

	path, err := url.JoinPath("/", f.organizationID, f.federatedGraphID, "manifest/mapper.json")
	path, err := url.JoinPath("/", f.organizationID, f.federatedGraphID, "manifest", "mapper.json")