Merged
Conversation
SkArchon
requested review from
JivusAyrus,
StarpTech,
asoorm and
wilsonrivera
and removed request for
a team
Contributor
WalkthroughAdded documentation sections describing outbound client TLS (mTLS) for router-to-subgraph connections: environment variables, global and per-subgraph client certificate configuration, CA handling, and verification-skip options. The new content is duplicated within the updated files. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
docs/router/security/tls.mdx (1)
140-140: Heading level inconsistency."Per-Subgraph Configuration" is at
###(h3) level, but "Global Configuration" above it is at####(h4). Since both are configuration approaches under "Router mTLS", they should be at the same level for a consistent hierarchy.📝 Suggested fix
-### Per-Subgraph Configuration +#### Per-Subgraph Configuration🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/router/security/tls.mdx` at line 140, The heading "Per-Subgraph Configuration" is marked as ### while the earlier "Global Configuration" is #### under the same "Router mTLS" section, causing inconsistent hierarchy; update the "Per-Subgraph Configuration" heading to match the "Global Configuration" level (i.e., change the "Per-Subgraph Configuration" heading token to the same number of # signs as "Global Configuration") so both configuration approaches under "Router mTLS" are at the same heading level.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/router/configuration.mdx`:
- Line 419: Update the broken anchor in the link so it matches an existing
heading in the TLS doc: replace the fragment "#outbound-mtls-to-subgraphs" in
the link text "Outbound mTLS to Subgraphs" with a valid anchor such as
"#tls-with-subgraphs" (or "#router-mtls") so the URL becomes
"/router/security/tls#tls-with-subgraphs" ensuring the link from the
configuration page resolves correctly to the TLS section.
---
Nitpick comments:
In `@docs/router/security/tls.mdx`:
- Line 140: The heading "Per-Subgraph Configuration" is marked as ### while the
earlier "Global Configuration" is #### under the same "Router mTLS" section,
causing inconsistent hierarchy; update the "Per-Subgraph Configuration" heading
to match the "Global Configuration" level (i.e., change the "Per-Subgraph
Configuration" heading token to the same number of # signs as "Global
Configuration") so both configuration approaches under "Router mTLS" are at the
same heading level.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
docs/router/security/tls.mdx (2)
120-121: Consider cross-linking to related configuration documentation.If the router configuration documentation (e.g.,
configuration.mdx) contains related TLS client configuration details, consider adding a cross-reference link here to help users discover all relevant configuration options.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/router/security/tls.mdx` around lines 120 - 121, Add a cross-reference from the "TLS with Subgraphs" section to the router configuration docs by inserting a short link to the related configuration page (e.g., configuration.mdx) with descriptive anchor text like "Router TLS / client configuration" or "TLS client options" so readers can find all TLS/client settings; if configuration.mdx has a specific subsection or anchor (e.g., "TLS client configuration" or "tls-client-options"), link directly to that anchor to take users straight to the relevant details.
163-177: Heading level should match sibling sections.For consistency with the heading hierarchy fix mentioned above, this should also be H4 if it's a subsection under "Router mTLS".
📝 Suggested fix
-### Custom CA Certificates +#### Custom CA Certificates🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/router/security/tls.mdx` around lines 163 - 177, Change the "Custom CA Certificates" heading from H3 to H4 so it matches sibling subsections under "Router mTLS": update the heading token for "Custom CA Certificates" (the visible text) to use one fewer "#" (i.e., make it an H4) and verify the surrounding subsections use the same heading level and indentation for consistency in the document hierarchy.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/router/security/tls.mdx`:
- Around line 140-161: Change the heading "Per-Subgraph Configuration" to match
the level used by "Global Configuration" (make it H4 to be a peer under "Router
mTLS") and update the explanatory Note to stop saying per-subgraph entries are
"nested under `tls.client.all`" — instead state that per-subgraph entries live
under `tls.client.subgraphs` and use the same field structure as
`tls.client.all` (e.g., `cert_file`, `key_file`), clarifying that a per-subgraph
entry fully overrides the global `all` config for that subgraph.
---
Nitpick comments:
In `@docs/router/security/tls.mdx`:
- Around line 120-121: Add a cross-reference from the "TLS with Subgraphs"
section to the router configuration docs by inserting a short link to the
related configuration page (e.g., configuration.mdx) with descriptive anchor
text like "Router TLS / client configuration" or "TLS client options" so readers
can find all TLS/client settings; if configuration.mdx has a specific subsection
or anchor (e.g., "TLS client configuration" or "tls-client-options"), link
directly to that anchor to take users straight to the relevant details.
- Around line 163-177: Change the "Custom CA Certificates" heading from H3 to H4
so it matches sibling subsections under "Router mTLS": update the heading token
for "Custom CA Certificates" (the visible text) to use one fewer "#" (i.e., make
it an H4) and verify the surrounding subsections use the same heading level and
indentation for consistency in the document hierarchy.
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
docs/router/security/tls.mdx (1)
124-131: Add a cross-link to the configuration reference.
This new section would benefit from a direct link to the configuration reference where all TLS fields are listed, aligning with the docs-linking guideline.✅ Suggested addition
In addition to accepting mTLS connections from clients (inbound), the router can also present client certificates when connecting to subgraphs (outbound). This is useful when your subgraphs require mTLS authentication to accept requests from the router. You can configure a global client certificate that applies to all subgraph connections, and optionally override it on a per-subgraph basis. +For the full option reference, see the [Router Configuration](/router/configuration#tls) section.As per coding guidelines: "Link between related documentation pages".
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/router/security/tls.mdx` around lines 124 - 131, Add a cross-link from the "Global Configuration" section to the configuration reference page that lists all TLS fields (e.g., add a sentence like "See the Configuration Reference for all TLS fields" linking to the TLS/config reference). Place the link near the "Global Configuration" heading or immediately before the example so readers can jump to detailed field docs; reference this change against the "Global Configuration" heading and the TLS fields list in the configuration reference.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@docs/router/security/tls.mdx`:
- Around line 124-131: Add a cross-link from the "Global Configuration" section
to the configuration reference page that lists all TLS fields (e.g., add a
sentence like "See the Configuration Reference for all TLS fields" linking to
the TLS/config reference). Place the link near the "Global Configuration"
heading or immediately before the example so readers can jump to detailed field
docs; reference this change against the "Global Configuration" heading and the
TLS fields list in the configuration reference.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds documentation for mTLS with subgraphs, and overriding CA certificates for subgraphs. Depends on wundergraph/cosmo#2514.
Summary by CodeRabbit
Checklist
mintlify dev