Skip to content

feat: Use separate superpositions for serving RC and dashboard#311

Open
yuvrajjsingh0 wants to merge 1 commit into
mainfrom
feat-use-separate-superposition-for-rc
Open

feat: Use separate superpositions for serving RC and dashboard#311
yuvrajjsingh0 wants to merge 1 commit into
mainfrom
feat-use-separate-superposition-for-rc

Conversation

@yuvrajjsingh0
Copy link
Copy Markdown
Contributor

@yuvrajjsingh0 yuvrajjsingh0 commented Apr 24, 2026
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • New Features

    • Added support for authenticated Superposition requests via new environment variables for user and organization tokens.
    • Introduced separate RC endpoint configuration for Superposition, allowing different URL and authentication credentials.

  • Documentation

    • Updated environment variable documentation with new Superposition authentication and RC endpoint options.

@semanticdiff-com
Copy link
Copy Markdown

semanticdiff-com Bot commented Apr 24, 2026
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  airborne_server/src/main.rs  65% smaller
  airborne_server/src/release.rs  27% smaller
  airborne_server/src/config.rs  24% smaller
  airborne_server/.env.example Unsupported file format
  airborne_server/README.md Unsupported file format
  airborne_server/scripts/encrypt-envs.sh Unsupported file format
  airborne_server/scripts/init-localstack.sh Unsupported file format
  airborne_server/src/types.rs  0% smaller

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 24, 2026
edited
Loading

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9e5e4526-c682-490a-9bbf-8fca9b1b0d2c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Walkthrough

The changes introduce authenticated Superposition support with separate RC (Release Candidate) endpoint configuration. New environment variables enable cookie-based auth and RC-specific URL/token overrides. Configuration, scripts, and application code are updated to create and use distinct Superposition clients for dashboard and RC operations.

Changes

Cohort / File(s) Summary
Configuration Documentation
airborne_server/.env.example, airborne_server/README.md		 Adds environment variables for authenticated Superposition: ENABLE_AUTHENTICATED_SUPERPOSITION, token placeholders (SUPERPOSITION_TOKEN, SUPERPOSITION_USER_TOKEN, SUPERPOSITION_ORG_TOKEN), and RC-specific URL/token overrides with fallback to non-RC variants.
Environment Setup Scripts
airborne_server/scripts/encrypt-envs.sh, airborne_server/scripts/init-localstack.sh		 Adds preprocessing to derive RC Superposition variables from non-RC counterparts when empty; updates sensitive variable lists to include Superposition tokens for encryption/plaintext output handling.
Core Application Code
airborne_server/src/config.rs, airborne_server/src/main.rs, airborne_server/src/types.rs, airborne_server/src/release.rs		 Introduces separate RC superposition client with dual-endpoint support; refactors client creation with conditional auth cookie interception using user/org tokens; updates release handlers to accept explicit superposition client parameter for RC operations.

Sequence Diagram

sequenceDiagram
    participant App as Application<br/>(main.rs)
    participant Config as Configuration<br/>(config.rs)
    participant Auth as Auth Interceptor<br/>Closure
    participant SDK as Superposition SDK<br/>Clients
    participant Dashboard as Dashboard<br/>Endpoint
    participant RC as RC<br/>Endpoint

    App->>Config: Load environment config
    Config-->>App: AppConfig with RC URLs & tokens
    
    App->>Auth: Create client builder for Dashboard
    Note over Auth: enable_authenticated_superposition?
    Auth->>SDK: Inject auth cookie interceptor<br/>(user/org tokens)
    SDK->>Dashboard: Client created with auth
    Dashboard-->>SDK: Connection established

    App->>Auth: Create client builder for RC
    Auth->>SDK: Inject auth cookie interceptor<br/>(RC tokens or defaults)
    SDK->>RC: RC Client created with auth
    RC-->>SDK: Connection established

    App->>App: Store both clients in AppState
    Note over App: superposition_client<br/>rc_superposition_client
    
    App->>App: Release handler receives rc_superposition_client
    App->>SDK: Call applicable_variants() & get_resolved_config()
    SDK->>RC: Authenticated requests with cookies
    RC-->>SDK: Return config variants
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

  • juspay/airborne#259: Modifies release-related code (serve_release_handler) and Superposition client/config handling with overlapping code context.

Suggested labels

rust

Suggested reviewers

  • JamesGeorg

Poem

🐰 A rabbit hops through config files with glee,
RC endpoints now dance authentically!
Two clients spring forth where once was one small friend,
With tokens and cookies, they both transcend.
Superposition splits, yet works as one—
Dual endpoints together, the work is done! 🎉

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: introducing separate Superposition endpoints for RC and dashboard serving, which is reflected throughout the changeset in config, client initialization, and release handler refactoring.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat-use-separate-superposition-for-rc

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (3)
airborne_server/.env.example (1)

3-10: LGTM — dotenv-linter UnorderedKey warnings are safely ignorable.

The Superposition variables are grouped semantically (URL, org id, auth toggle, tokens, RC tokens), which reads better than strict alphabetical ordering. The static-analysis warnings about key ordering don't reflect a real issue here.

One small thing: SUPERPOSITION_RC_URL in an example file can just stay blank (same as the tokens), since airborne_server/src/config.rs falls back to SUPERPOSITION_URL. Duplicating http://localhost:8080 isn't harmful but also documents the fallback less clearly.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@airborne_server/.env.example` around lines 3 - 10, Change the example env to
leave SUPERPOSITION_RC_URL blank to show the real fallback: update the
.env.example so SUPERPOSITION_RC_URL is empty (like the token vars) and add a
brief comment if desired; this makes the implicit fallback to SUPERPOSITION_URL
(as used in config reading logic) clearer while keeping the semantic grouping of
the Superposition keys intact.
airborne_server/README.md (1)

299-304: Docs align with the implementation.

Descriptions for SUPERPOSITION_RC_URL, ENABLE_AUTHENTICATED_SUPERPOSITION, and the user/org/RC token env vars match the fallback logic in airborne_server/src/config.rs and the cookie format (user=...; org_<SUPERPOSITION_ORG_ID>=...) built in airborne_server/src/main.rs.

Optional nit: SUPERPOSITION_TOKEN (used as the bearer_token in SrsConfig::builder() in main.rs) is added to .env.example and to the encrypted-secrets list in both scripts, but is not called out in this section. Consider adding a short line documenting it for completeness.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@airborne_server/README.md` around lines 299 - 304, README.md is missing
documentation for SUPERPOSITION_TOKEN which is used as the bearer_token passed
to SrsConfig::builder() in main.rs; update the README env vars list to add a
short line describing SUPERPOSITION_TOKEN (its purpose as the bearer token for
Superposition SDK requests, default/usage) and mention it is included in
.env.example and encrypted-secrets scripts so docs match implementation.
airborne_server/src/main.rs (1)

206-264: Solid DRY refactor; fallback + panic semantics are correct.

The closure cleanly factors out the unauthenticated vs. cookie-intercepted construction, and the env-hint strings ("SUPERPOSITION_RC_USER_TOKEN or SUPERPOSITION_USER_TOKEN") correctly document the fallback chain from airborne_server/src/config.rs (get_optional_secret(...).or_else(|| superposition_user_token.clone())). Because of that chain, the panic only fires when both the RC-specific and base tokens are unset while ENABLE_AUTHENTICATED_SUPERPOSITION=true, which is the intended fail-fast behavior.

Minor optional polish: the two inner Client::from_conf(...) calls are almost identical except for .interceptor(...). You can collapse them further if you like:

♻️ Optional simplification 
-            if app_config.enable_authenticated_superposition {
-                let superposition_user_token = user_token.unwrap_or_else(|| {
-                    panic!(
-                        "{} must be set when ENABLE_AUTHENTICATED_SUPERPOSITION=true",
-                        user_token_env_hint
-                    )
-                });
-                let superposition_org_token = org_token.unwrap_or_else(|| {
-                    panic!(
-                        "{} must be set when ENABLE_AUTHENTICATED_SUPERPOSITION=true",
-                        org_token_env_hint
-                    )
-                });
-
-                // Inject Auth cookie for Superposition SDK calls
-                let cookie_interceptor = CookieIntercept::new(format!(
-                    "user={}; org_{}={}",
-                    superposition_user_token, superposition_org_id_env, superposition_org_token,
-                ));
-
-                superposition_sdk::Client::from_conf(
-                    SrsConfig::builder()
-                        .endpoint_url(endpoint_url)
-                        .behavior_version_latest()
-                        .bearer_token(superposition_token.clone().into())
-                        .interceptor(cookie_interceptor)
-                        .build(),
-                )
-            } else {
-                superposition_sdk::Client::from_conf(
-                    SrsConfig::builder()
-                        .endpoint_url(endpoint_url)
-                        .behavior_version_latest()
-                        .bearer_token(superposition_token.clone().into())
-                        .build(),
-                )
-            }
+            let mut builder = SrsConfig::builder()
+                .endpoint_url(endpoint_url)
+                .behavior_version_latest()
+                .bearer_token(superposition_token.clone().into());
+
+            if app_config.enable_authenticated_superposition {
+                let user = user_token.unwrap_or_else(|| {
+                    panic!("{} must be set when ENABLE_AUTHENTICATED_SUPERPOSITION=true", user_token_env_hint)
+                });
+                let org = org_token.unwrap_or_else(|| {
+                    panic!("{} must be set when ENABLE_AUTHENTICATED_SUPERPOSITION=true", org_token_env_hint)
+                });
+                builder = builder.interceptor(CookieIntercept::new(format!(
+                    "user={}; org_{}={}",
+                    user, superposition_org_id_env, org,
+                )));
+            }
+
+            superposition_sdk::Client::from_conf(builder.build())
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@airborne_server/src/main.rs` around lines 206 - 264, The two near-identical
superposition client constructions in the create_superposition_client closure
can be collapsed: build the SrsConfig with
SrsConfig::builder().endpoint_url(endpoint_url).behavior_version_latest().bearer_token(superposition_token.clone().into()),
then if app_config.enable_authenticated_superposition create the CookieIntercept
and call .interceptor(cookie_interceptor) on that builder before .build();
finally call superposition_sdk::Client::from_conf(...) once with the finalized
config. Target symbols: create_superposition_client, SrsConfig::builder,
.interceptor, CookieIntercept, superposition_sdk::Client::from_conf.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@airborne_server/scripts/encrypt-envs.sh`:
- Around line 69-129: read_env_raw currently returns the RHS verbatim (including
surrounding shell quotes), causing nested-quoting when
sync_superposition_rc_env_defaults copies values; update read_env_raw to strip
surrounding shell quotes (i.e., call the existing strip_shell_quotes helper used
by init-localstack.sh or implement equivalent logic) before returning the value,
and ensure strip_shell_quotes is defined or sourced so upsert_env_raw writes the
normalized unquoted value; reference read_env_raw, upsert_env_raw,
strip_shell_quotes, and sync_superposition_rc_env_defaults when making the
change.

In `@airborne_server/scripts/init-localstack.sh`:
- Around line 160-184: sync_superposition_rc_env_defaults copies encrypted token
blobs from SUPERPOSITION_USER_TOKEN / SUPERPOSITION_ORG_TOKEN into their RC
counterparts; change it to detect encrypted-looking values and skip copying so
the main get_value() logic can handle decryption/reset. In
sync_superposition_rc_env_defaults, after reading superposition_user_token and
superposition_org_token via read_env_value, check whether each value appears to
be an encrypted JSON blob (e.g., a string that parses to JSON and contains keys
like "nonce" and "ciphertext" or matches a regex indicating JSON with those
keys) and only call upsert_env_var for the RC variables when the source token is
not encrypted; keep existing behavior for plain-text values. Ensure you use the
same helper functions (read_env_value, upsert_env_var) and leave get_value()
unchanged.

---

Nitpick comments:
In `@airborne_server/.env.example`:
- Around line 3-10: Change the example env to leave SUPERPOSITION_RC_URL blank
to show the real fallback: update the .env.example so SUPERPOSITION_RC_URL is
empty (like the token vars) and add a brief comment if desired; this makes the
implicit fallback to SUPERPOSITION_URL (as used in config reading logic) clearer
while keeping the semantic grouping of the Superposition keys intact.

In `@airborne_server/README.md`:
- Around line 299-304: README.md is missing documentation for
SUPERPOSITION_TOKEN which is used as the bearer_token passed to
SrsConfig::builder() in main.rs; update the README env vars list to add a short
line describing SUPERPOSITION_TOKEN (its purpose as the bearer token for
Superposition SDK requests, default/usage) and mention it is included in
.env.example and encrypted-secrets scripts so docs match implementation.

In `@airborne_server/src/main.rs`:
- Around line 206-264: The two near-identical superposition client constructions
in the create_superposition_client closure can be collapsed: build the SrsConfig
with
SrsConfig::builder().endpoint_url(endpoint_url).behavior_version_latest().bearer_token(superposition_token.clone().into()),
then if app_config.enable_authenticated_superposition create the CookieIntercept
and call .interceptor(cookie_interceptor) on that builder before .build();
finally call superposition_sdk::Client::from_conf(...) once with the finalized
config. Target symbols: create_superposition_client, SrsConfig::builder,
.interceptor, CookieIntercept, superposition_sdk::Client::from_conf.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c5cdf2d3-d908-4ccb-a1c9-fa4f27a0dc26

📥 Commits

Reviewing files that changed from the base of the PR and between 41d1b1c and 7c097d5.

📒 Files selected for processing (8)
  • airborne_server/.env.example
  • airborne_server/README.md
  • airborne_server/scripts/encrypt-envs.sh
  • airborne_server/scripts/init-localstack.sh
  • airborne_server/src/config.rs
  • airborne_server/src/main.rs
  • airborne_server/src/release.rs
  • airborne_server/src/types.rs

Comment thread airborne_server/scripts/encrypt-envs.sh
Comment thread airborne_server/scripts/init-localstack.sh
@yuvrajjsingh0 yuvrajjsingh0 force-pushed the feat-use-separate-superposition-for-rc branch from 29da525 to ab606aa Compare April 24, 2026 12:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yuvrajjsingh0