fix: streamline data provider onboarding via role whitelisting

[MicBun]

Automatically create data providers when granting system:network_writer role, eliminating manual setup step and improving user experience.

• Add helper_create_data_providers batch action for efficient creation
• Modify grant_roles to auto-create providers for network_writer grants
• Maintain backward compatibility with existing workflows

This reduces onboarding friction by consolidating the two-step process (create provider + grant role) into a single role grant operation.

resolves: #1136

Note: can't be deployed to production as some file has UNNEST that is not ready. But the test is successfull @outerlook

Summary by CodeRabbit

• New Features

  • Automatically provisions data provider records when granting the network_writer role; wallet addresses are validated, normalized, deduplicated, and creation is idempotent.

• Tests

  • Updated role/permission tests to rely on automatic data provider creation instead of manual preconfiguration.

[coderabbitai]

Walkthrough

Adds a private SQL helper to bulk-create data_providers with address validation and idempotent inserts, extends grant_roles to call that helper when granting network_writer, adds role/owner validation helpers, and updates tests to rely on automatic data_provider creation instead of manual setup.

Changes

Cohort / File(s)	Summary
DB migration: role & data provider provisioning internal/migrations/013-role-actions.sql	Adds PRIVATE action helper_create_data_providers(TEXT[]) that sanitizes and validates Ethereum addresses (via helper_sanitize_wallets and check_ethereum_address), computes IDs, bulk-inserts into data_providers using UNNEST with ON CONFLICT DO NOTHING, and integrates a call from grant_roles when assigning network_writer. Also adds private validation helpers: helper_assert_owner_addr, helper_assert_role_exists, helper_assert_is_role_owner, and helper_assert_can_manage_members.
Tests: streamline preconditions tests/streams/roles/permission_gates_test.go	Removes manual CreateDataProvider calls and documents that data providers are now auto-created when granting network_writer; tests rely on the new provisioning side effect.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Admin as Grantor
  participant DB as grant_roles (SQL)
  participant RM as role_members
  participant HP as helper_create_data_providers
  participant VAL as check_ethereum_address
  participant DP as data_providers

  Admin->>DB: grant_roles(wallets, roles)
  DB->>RM: UPSERT role_members
  RM-->>DB: upsert result
  alt network_writer included
    DB->>HP: helper_create_data_providers(sanitized_wallets)
    loop per address
      HP->>VAL: check_ethereum_address(addr)
      VAL-->>HP: ok / error
    end
    HP->>DP: INSERT ... UNNEST ... ON CONFLICT DO NOTHING (bulk)
    DP-->>HP: inserted / skipped
    HP-->>DB: done
  end
  DB-->>Admin: success

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Auto-create data provider during whitelisting by calling create_data_provider (#1136)	✅

Possibly related PRs

• chore: grant writer roles on test wallet locally #1067 — Touches grant_roles invocations; will exercise the new auto-creation path for data_providers when run.

Suggested reviewers

• outerlook

Poem

I thump my paw — a ledger song,
Wallets whitelisted, rows belong.
No spade required, the rows appear,
Auto-planted, neat and clear.
Hop, hop — the network hums along. 🥕🐇

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 956701b and 5aefb64.

📒 Files selected for processing (1)

• internal/migrations/013-role-actions.sql (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• internal/migrations/013-role-actions.sql

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: acceptance-test

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch combineGrantProvider

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[holdex]

Bug Report Checklist

Status	Commit Link	Bug Author
✅ Submitted	commit link	@williamrusdyputra

[holdex]

Time Submission Status

Member	Status	Time	Action	Last Update
MicBun	✅ Submitted	5h 30min	Update time	Sep 2, 2025, 5:43 PM
@outerlook	❌ Missing	-	⚠️ Submit time	-

[MicBun]

@pr-time-tracker bug commit 81b3227 && bug author @williamrusdyputra

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (6)

tests/streams/roles/permission_gates_test.go (2)

44-46: Add an assertion that the data provider was auto-created.

Right after setupSystemRoles, assert the data_providers row exists for authorizedWriter to prove the new side effect works end-to-end.

Example (add after Line 46):

// Verify DP auto-created for the granted writer
require.NoError(t, setup.RequireDataProviderExists(ctx, platform, authorizedWriter))

If setup.RequireDataProviderExists doesn't exist, I can add a tiny helper that queries data_providers and fails if missing.

---

44-46: Add negative test for invalid wallet on grant.

Granting network_writer to an invalid address should error (helper_create_data_providers validates). Add a test to lock this behavior.

Sketch:

t.Run("grant fails for invalid wallet address", func(t *testing.T) {
  bad := "0xnotanaddress"
  err := procedure.GrantRoles(ctx, procedure.GrantRolesInput{
    Platform: managerPlatform, Owner: "system", RoleName: "network_writer", Wallets: []string{bad},
  })
  require.Error(t, err)
})

internal/migrations/013-role-actions.sql (4)

7-10: Clarify docstring to reflect intended scope.

State explicitly that it’s invoked only for system:network_writer grants (post-fix above).

Apply:

- * Used by grant_roles when auto-creating data providers during network_writer role assignment.
+ * Used by grant_roles when auto-creating data providers during system:network_writer role assignment.

---

19-27: Optional: be explicit about conflict target and add DISTINCT.

Small robustness improvement and fewer no-op attempts when the input has duplicates.

Apply (if your dialect supports it):

-    FROM UNNEST($addresses) AS t(address)
-    ON CONFLICT DO NOTHING;
+    FROM UNNEST($addresses) AS t(address)
+    ON CONFLICT (address) DO NOTHING;

---

149-151: Lifecycle note: keep-or-remove data_providers on revoke?

Revoke doesn’t touch data_providers, which is fine if providers are durable identities. If the intention is tighter coupling, consider documenting this or adding a cleanup action.

Would you like a follow-up migration/action pair to deactivate (not delete) providers when the role is revoked?

---

11-27: Add a guard for empty/NULL addresses arrays.

Grant already no-ops on empty arrays; mirror that here to avoid a pointless INSERT SELECT.

Apply:

 CREATE OR REPLACE ACTION helper_create_data_providers($addresses TEXT[]) PRIVATE {
+    IF array_length($addresses) = 0 {
+        RETURN;
+    }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 63f3405 and 0e012ec.

📒 Files selected for processing (2)

• internal/migrations/013-role-actions.sql (2 hunks)
• tests/streams/roles/permission_gates_test.go (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: acceptance-test

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

internal/migrations/013-role-actions.sql (1)

152-154: Scope auto-creation to system:network_writer only.

Current code provisions providers for any role grant, exceeding the PR intent and surprising other workflows.

Apply:

-    -- Auto-create data providers when granting network_writer role
-    helper_create_data_providers($wallets);
+    -- Auto-create data providers only for system:network_writer grants
+    IF $owner = 'system' AND $role_name = 'network_writer' {
+        helper_create_data_providers($wallets);
+    }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 0e012ec and 956701b.

📒 Files selected for processing (1)

• internal/migrations/013-role-actions.sql (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: acceptance-test

🔇 Additional comments (1)

internal/migrations/013-role-actions.sql (1)

12-20: Good: sanitize + validate upfront.

Normalizing addresses then validating each keeps the helper safe for direct calls.