fix: decide the origin of proposal based on the request header

[JivusAyrus]

Summary by CodeRabbit

• New Features
  • Automatic detection of proposal origin based on client headers; no manual selection required.
• Refactor
  • Removed the origin field from CreateProposalRequest. Clients should stop sending this field.
• Bug Fixes
  • Improved consistency of origin handling across proposal creation paths by unifying detection logic.

Checklist

• I have discussed my proposed changes in an issue and have received approval to proceed.
• I have followed the coding standards of the project.
• Tests or benchmarks have been added or updated.
• Documentation has been updated on https://github.com/wundergraph/cosmo-docs.
• I have read the Contributors Guide.

[coderabbitai]

Walkthrough

Removes the origin field from CreateProposalRequest in the proto schema and generated TypeScript. Updates proposal creation logic to infer ProposalOrigin from the User-Agent header instead of reading it from the request payload, applying this in both main and subgraph proposal paths.

Changes

Cohort / File(s)	Summary
Proto schema update proto/wg/cosmo/platform/v1/platform.proto	Deleted ProposalOrigin origin = 6 from CreateProposalRequest; minor whitespace change in UpdateProposalRequest oneof.
Generated code sync connect/src/wg/cosmo/platform/v1/platform_pb.ts	Removed origin field and related enum wiring from CreateProposalRequest generated TypeScript.
Control plane logic adjustment controlplane/src/core/bufservices/proposal/createProposal.ts	Stopped using request-provided origin; derive ProposalOrigin from User-Agent (contains "cosmo-hub" => EXTERNAL, else INTERNAL). Replaced usages of toProposalOriginEnum(req.origin) with inferred proposalOrigin; updated imports and header extraction in both creation paths.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: return the proposal name on the creation of proposal #2003 — Also touches proposal creation, adding namingConvention/proposalName handling alongside this file’s logic.
• feat: disallow reviewing proposals not created by Cosmo #2218 — Introduced the ProposalOrigin field to CreateProposalRequest; this PR removes that field and associated usage.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly and succinctly describes the primary change of using the request header to determine proposal origin, matching the alterations in both schema and service logic without extraneous details.

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Router-nonroot image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-436c0856cb8b4880afb6095c212ad2928cfd7380-nonroot

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

controlplane/src/core/bufservices/proposal/createProposal.ts (1)

348-349: Consider extracting origin detection logic and improving maintainability.

The User-Agent-based origin detection works correctly but could be more maintainable:

1. Hardcoded string: The string 'cosmo-hub' should be extracted to a named constant for maintainability.
2. Missing context: Add a comment explaining why 'cosmo-hub' in the User-Agent indicates an EXTERNAL origin.
3. Code duplication: The AI summary indicates this logic also appears in the "subgraph proposal path." If duplicated, extract this to a helper function like deriveProposalOriginFromHeaders(headers: Headers): ProposalOrigin.
4. Debugging support: Consider logging the derived origin for debugging purposes (e.g., logger.debug(\Derived proposal origin: ${proposalOrigin}`)`).
5. Security note: Document that User-Agent headers can be spoofed and this isn't intended as a security boundary, but rather for categorization/telemetry.

Example refactor:

// At the top of the file or in a separate utils file
const EXTERNAL_CLIENT_USER_AGENT = 'cosmo-hub';

function deriveProposalOriginFromHeaders(userAgent: string | null): ProposalOrigin {
  const normalizedUserAgent = userAgent?.toLowerCase() ?? '';
  // cosmo-hub indicates requests from the external UI/hub, vs internal CLI/API
  return normalizedUserAgent.includes(EXTERNAL_CLIENT_USER_AGENT) ? 'EXTERNAL' : 'INTERNAL';
}

Then use it:

-    const clientHdr = ctx.requestHeader.get('user-agent')?.toLowerCase() ?? '';
-    const proposalOrigin: ProposalOrigin = clientHdr.includes('cosmo-hub') ? 'EXTERNAL' : 'INTERNAL';
+    const userAgent = ctx.requestHeader.get('user-agent');
+    const proposalOrigin = deriveProposalOriginFromHeaders(userAgent);
+    logger.debug(`Derived proposal origin: ${proposalOrigin} from user-agent: ${userAgent}`);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c611abf and 6d0cce4.

⛔ Files ignored due to path filters (1)

• connect-go/gen/proto/wg/cosmo/platform/v1/platform.pb.go is excluded by !**/*.pb.go, !**/gen/**

📒 Files selected for processing (3)

• connect/src/wg/cosmo/platform/v1/platform_pb.ts (0 hunks)
• controlplane/src/core/bufservices/proposal/createProposal.ts (3 hunks)
• proto/wg/cosmo/platform/v1/platform.proto (1 hunks)

💤 Files with no reviewable changes (1)

• connect/src/wg/cosmo/platform/v1/platform_pb.ts

🧰 Additional context used

🧬 Code graph analysis (1)

controlplane/src/core/bufservices/proposal/createProposal.ts (1)

controlplane/src/db/models.ts (1)

• ProposalOrigin (39-39)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (15)

• GitHub Check: build-router
• GitHub Check: build_push_image
• GitHub Check: build_test
• GitHub Check: Analyze (go)
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: build_push_image
• GitHub Check: image_scan (nonroot)
• GitHub Check: integration_test (./telemetry)
• GitHub Check: integration_test (./events)
• GitHub Check: integration_test (./. ./fuzzquery ./lifecycle ./modules)
• GitHub Check: build_test
• GitHub Check: image_scan
• GitHub Check: build_push_image
• GitHub Check: build_push_image (nonroot)
• GitHub Check: build_test

🔇 Additional comments (1)

controlplane/src/core/bufservices/proposal/createProposal.ts (1)

348-356: LGTM! Server-side origin derivation implemented correctly.

The migration from client-provided req.origin to server-derived proposalOrigin based on the User-Agent header correctly implements the PR objective. The origin value is properly typed and used in the proposal creation.