fix(billing): onboarding provider filter

[baktun14]

Summary by CodeRabbit

• New Features

  • Enforces auditor authorization for managed-wallet leases; deployments for managed wallets auto-include required auditor constraints and a configurable list of allowed auditors.

• Tests

  • Added tests covering auditor validation across normal, trial, and anonymous flows.
  • Updated test networks and defaults to use sandbox-2; removed one network from a parameterized matrix.

• Stability

  • Trimmed testnet/network runtime entries and updated a functional RPC endpoint.

[coderabbitai]

Walkthrough

Adds managed-wallet lease auditor configuration and enforcement: new env var, SDL augmentation for managed deployments, provider-auditor validation invoked early from ManagedSigner, repository method for provider attributes, test/seed updates, and related network/config and type adjustments.

Changes

Cohort / File(s)	Summary
Env / Billing Config apps/api/src/billing/config/env.config.ts	New MANAGED_WALLET_LEASE_ALLOWED_AUDITORS env var (comma-separated → trimmed string[]) with default AUDITOR.
Trial Validation apps/api/src/billing/services/trial-validation/trial-validation.service.ts	Injects BillingConfigService and ProviderRepository; adds validateLeaseProvidersAuditors(messages, _userWallet) to authorize lease MsgCreateLease providers against allowed auditors and throw 403 when unauthorized.
Managed Signer apps/api/src/billing/services/managed-signer/managed-signer.service.ts, apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts	Calls anonymousValidateService.validateLeaseProvidersAuditors(...) early in executeDecodedTxByUserWallet; tests updated to mock/expose and assert this invocation across lease paths.
Deploy-web SDL utilities apps/deploy-web/src/utils/deploymentData/v1beta3.ts	Exported AUDITOR, added MANAGED_WALLET_ALLOWED_AUDITORS, and appendAuditorRequirement(yamlStr) to inject managed auditors into SDL placementSignedBy.anyOf.
Deploy-web UI apps/deploy-web/src/components/new-deployment/ManifestEdit.tsx	When isManaged is true, calls appendAuditorRequirement(sdl) before creating/validating deployment data.
Seeders / Test data apps/api/test/seeders/provider.seeder.ts	Seeder now creates a ProviderAttributeSignature entry using AUDITOR for created providers.
Tests / Fixtures apps/api/test/functional/nodes-v1.spec.ts, apps/deploy-web/tests/ui/fixture/test-env.config.ts, packages/net/src/NetConfig/NetConfig.spec.ts, apps/provider-proxy/test/functional/*, apps/provider-proxy/src/services/*/*.spec.ts	Reduced/changed networks exercised (removed one testnet), updated NETWORK_ID/PROVIDERS_WHITELIST fixture, and switched sandbox → sandbox-2 in multiple tests.
Network / Chain config packages/network-store/src/network.config.ts, packages/database/chainDefinitions.ts, apps/api/env/.env.functional.test, packages/net/src/NetConfig/NetConfig.ts	Cleared/changed some testnet RPC/version/faucet mappings, updated sandbox RPC/faucet endpoint, and relaxed getFaucetUrl signature to accept string.
Provider repo apps/api/src/provider/repositories/provider/provider.repository.ts	Added getProvidersByAddressesWithAttributes(addresses: string[]) to fetch providers with attributes and attribute signatures.
Misc / Types / Constants apps/stats-web/src/config/denom.config.ts, apps/api/src/utils/constants.ts	Adjusted network id types/imports and removed an env.NETWORK cast in API URL construction.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant ManagedSigner as Managed Signer
    participant TrialValidation as Trial Validation
    participant BillingCfg as Billing Config
    participant ProviderRepo as Provider Repository

    User->>ManagedSigner: executeDecodedTxByUserWallet(decodedMsgs, userWallet)
    ManagedSigner->>TrialValidation: validateLeaseProvidersAuditors(decodedMsgs, userWallet)

    rect rgb(245,250,245)
    Note over TrialValidation: lease-auditor authorization
    TrialValidation->>BillingCfg: read MANAGED_WALLET_LEASE_ALLOWED_AUDITORS
    BillingCfg-->>TrialValidation: allowed auditors list
    TrialValidation->>ProviderRepo: getProvidersByAddressesWithAttributes([providerAddrs])
    ProviderRepo-->>TrialValidation: providers + attributes + signatures
    TrialValidation->>TrialValidation: verify provider auditors ∩ allowed auditors
    end

    alt authorized
        TrialValidation-->>ManagedSigner: ok
        ManagedSigner->>User: proceed
    else unauthorized
        TrialValidation-->>ManagedSigner: throws 403
        ManagedSigner-->>User: 403 Forbidden
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

• Pay special attention to:
  • Provider address extraction and non-lease message handling in validateLeaseProvidersAuditors.
  • DB query shape and eager loads in getProvidersByAddressesWithAttributes.
  • Integration point in ManagedSigner.executeDecodedTxByUserWallet to ensure earlier validation doesn't alter other flows.
  • Tests in managed-signer.service.spec.ts for correct mocking/wiring of the new method.
  • YAML parsing and reserialization in appendAuditorRequirement.

Possibly related PRs

• feat(network): maps sandbox to sandbox-2 #2022 — overlaps sandbox → sandbox-2 endpoint and test updates.
• feat(auth): implements managed wallet API JWT auth #1766 — related to provider repository and auditor/attribute handling.
• fix(billing): prevent empty accounts to sign #1784 — related ManagedSigner validation flow changes.

Suggested reviewers

• stalniy
• ygrishajev

Poem

🐰
I hop the code and plant a check,
auditors gathered on the deck,
SDLs gain a careful seam,
leases vetted, neat and clean,
a tiny hop — deployment’s deck!

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'fix(billing): onboarding provider filter' is partially related to the changeset but does not capture the main changes, which involve adding managed wallet lease auditor validation, updating network configuration to remove testnet support, and adjusting provider filtering logic.	Consider a more descriptive title that reflects the primary change (e.g., 'fix(billing): add managed wallet lease auditor validation' or similar) or clarify how 'onboarding provider filter' specifically relates to the broader scope of changes across billing, deployment, network, and provider configurations.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/onboarding-provider-filter

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6de1942 and 8238148.

📒 Files selected for processing (2)

• apps/provider-proxy/src/services/CertificateValidator/CertificateValidator.spec.ts (1 hunks)
• apps/provider-proxy/src/services/ProviderService/ProviderService.spec.ts (5 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.spec.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/no-jest-mock.mdc)

Don't use jest.mock() to mock dependencies in test files. Instead, use jest-mock-extended to create mocks and pass mocks as dependencies to the service under test.

**/*.spec.{ts,tsx}: Use setup function instead of beforeEach in test files
setup function must be at the bottom of the root describe block in test files
setup function creates an object under test and returns it
setup function should accept a single parameter with inline type definition
Don't use shared state in setup function
Don't specify return type of setup function

Files:

• apps/provider-proxy/src/services/CertificateValidator/CertificateValidator.spec.ts
• apps/provider-proxy/src/services/ProviderService/ProviderService.spec.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

Never use type any or cast to type any. Always define the proper TypeScript types.

Files:

• apps/provider-proxy/src/services/CertificateValidator/CertificateValidator.spec.ts
• apps/provider-proxy/src/services/ProviderService/ProviderService.spec.ts

**/*.{js,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

**/*.{js,ts,tsx}: Never use deprecated methods from libraries.
Don't add unnecessary comments to the code

Files:

• apps/provider-proxy/src/services/CertificateValidator/CertificateValidator.spec.ts
• apps/provider-proxy/src/services/ProviderService/ProviderService.spec.ts

🧠 Learnings (3)

📚 Learning: 2025-06-08T03:07:13.871Z

Learnt from: stalniy
Repo: akash-network/console PR: 1436
File: apps/api/src/provider/repositories/provider/provider.repository.ts:79-90
Timestamp: 2025-06-08T03:07:13.871Z
Learning: The getProvidersHostUriByAttributes method in apps/api/src/provider/repositories/provider/provider.repository.ts already has comprehensive test coverage in provider.repository.spec.ts, including tests for complex HAVING clause logic with COUNT(*) FILTER (WHERE ...) syntax, signature conditions (anyOf/allOf), and glob pattern matching.

Applied to files:

• apps/provider-proxy/src/services/ProviderService/ProviderService.spec.ts

📚 Learning: 2025-07-21T08:24:27.953Z

Learnt from: CR
Repo: akash-network/console PR: 0
File: .cursor/rules/query-by-in-tests.mdc:0-0
Timestamp: 2025-07-21T08:24:27.953Z
Learning: Applies to apps/{deploy-web,provider-console}/**/*.spec.tsx : Use `queryBy` methods instead of `getBy` methods in test expectations in `.spec.tsx` files

Applied to files:

• apps/provider-proxy/src/services/ProviderService/ProviderService.spec.ts

📚 Learning: 2025-07-21T08:25:07.474Z

Learnt from: CR
Repo: akash-network/console PR: 0
File: .cursor/rules/setup-instead-of-before-each.mdc:0-0
Timestamp: 2025-07-21T08:25:07.474Z
Learning: Applies to **/*.spec.{ts,tsx} : `setup` function creates an object under test and returns it

Applied to files:

• apps/provider-proxy/src/services/ProviderService/ProviderService.spec.ts

🧬 Code graph analysis (1)

apps/provider-proxy/src/services/CertificateValidator/CertificateValidator.spec.ts (1)

apps/provider-proxy/src/services/ProviderService/ProviderService.ts (1)

• getCertificate (16-37)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: Validate local packages

🔇 Additional comments (2)

apps/provider-proxy/src/services/ProviderService/ProviderService.spec.ts (1)

12-60: LGTM! Network identifier updated consistently.

All test cases correctly use the new "sandbox-2" network identifier. The changes are consistent across different test scenarios and align with the broader network identifier update in this PR.

apps/provider-proxy/src/services/CertificateValidator/CertificateValidator.spec.ts (1)

79-83: LGTM! Network identifier updated consistently in cache test.

The test correctly uses "sandbox-2" to validate cache isolation between different networks. The changes maintain the test's intent to verify that certificates are cached per network, provider, and serial number combination.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 66.00000% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 46.47%. Comparing base (24d06d3) to head (8238148).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...pps/deploy-web/src/utils/deploymentData/v1beta3.ts	13.33%	13 Missing ⚠️
...web/src/components/new-deployment/ManifestEdit.tsx	0.00%	3 Missing ⚠️
...vices/trial-validation/trial-validation.service.ts	96.00%	1 Missing ⚠️

❌ Your patch status has failed because the patch coverage (11.11%) is below the target coverage (50.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2160      +/-   ##
==========================================
- Coverage   46.79%   46.47%   -0.33%     
==========================================
  Files        1015     1005      -10     
  Lines       28751    28451     -300     
  Branches     7471     7432      -39     
==========================================
- Hits        13454    13222     -232     
- Misses      14110    14835     +725     
+ Partials     1187      394     -793     

Flag	Coverage Δ		*Carryforward flag
api	82.11% <96.87%> (+0.07%)	⬆️
deploy-web	25.20% <11.11%> (-0.03%)	⬇️
log-collector	?
notifications	88.11% <ø> (ø)
provider-console	81.48% <ø> (ø)		Carriedforward from 6de1942
provider-proxy	85.28% <ø> (ø)

*This pull request uses carry forward flags. Click here to find out more.

Files with missing lines	Coverage Δ
apps/api/src/billing/config/env.config.ts	100.00% <100.00%> (ø)
.../services/managed-signer/managed-signer.service.ts	98.73% <100.00%> (+0.01%)	⬆️
...vider/repositories/provider/provider.repository.ts	95.52% <100.00%> (+0.13%)	⬆️
apps/api/src/utils/constants.ts	100.00% <100.00%> (ø)
...vices/trial-validation/trial-validation.service.ts	72.22% <96.00%> (+18.88%)	⬆️
...web/src/components/new-deployment/ManifestEdit.tsx	0.00% <0.00%> (ø)
...pps/deploy-web/src/utils/deploymentData/v1beta3.ts	16.21% <13.33%> (-2.12%)	⬇️

... and 201 files with indirect coverage changes

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

apps/deploy-web/src/utils/deploymentData/v1beta3.ts (1)

13-14: Consider centralizing the AUDITOR constant.

The AUDITOR constant value "akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63" is duplicated in apps/api/src/deployment/config/provider.config.ts. While frontend/backend separation may require duplication, consider documenting this relationship or using a shared constant package to prevent drift.

apps/api/src/billing/config/env.config.ts (1)

27-30: Consider referencing the AUDITOR constant for the default value.

The hardcoded default "akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63" matches the AUDITOR constant defined in apps/api/src/deployment/config/provider.config.ts and apps/deploy-web/src/utils/deploymentData/v1beta3.ts. To prevent drift, consider importing and referencing the constant from provider.config.ts instead of hardcoding the value.

Example:

+import { AUDITOR } from "@src/deployment/config/provider.config";
+
 export const envSchema = z.object({
   // ... other fields
-  MANAGED_WALLET_LEASE_ALLOWED_AUDITORS: z
-    .string()
-    .default("akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63")
-    .transform(val => (val ? val.split(",").map(addr => addr.trim()) : []))
+  MANAGED_WALLET_LEASE_ALLOWED_AUDITORS: z
+    .string()
+    .default(AUDITOR)
+    .transform(val => (val ? val.split(",").map(addr => addr.trim()) : []))
 });

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4882ae9 and 2a37d1f.

⛔ Files ignored due to path filters (1)

• packages/net/src/generated/netConfigData.ts is excluded by !**/generated/**

📒 Files selected for processing (6)

• apps/api/src/billing/config/env.config.ts (1 hunks)
• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts (3 hunks)
• apps/api/src/billing/services/managed-signer/managed-signer.service.ts (1 hunks)
• apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2 hunks)
• apps/deploy-web/src/components/new-deployment/ManifestEdit.tsx (2 hunks)
• apps/deploy-web/src/utils/deploymentData/v1beta3.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

Never use type any or cast to type any. Always define the proper TypeScript types.

Files:

• apps/api/src/billing/config/env.config.ts
• apps/api/src/billing/services/trial-validation/trial-validation.service.ts
• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts
• apps/deploy-web/src/utils/deploymentData/v1beta3.ts
• apps/api/src/billing/services/managed-signer/managed-signer.service.ts
• apps/deploy-web/src/components/new-deployment/ManifestEdit.tsx

**/*.{js,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

**/*.{js,ts,tsx}: Never use deprecated methods from libraries.
Don't add unnecessary comments to the code

Files:

• apps/api/src/billing/config/env.config.ts
• apps/api/src/billing/services/trial-validation/trial-validation.service.ts
• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts
• apps/deploy-web/src/utils/deploymentData/v1beta3.ts
• apps/api/src/billing/services/managed-signer/managed-signer.service.ts
• apps/deploy-web/src/components/new-deployment/ManifestEdit.tsx

**/*.spec.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/no-jest-mock.mdc)

Don't use jest.mock() to mock dependencies in test files. Instead, use jest-mock-extended to create mocks and pass mocks as dependencies to the service under test.

**/*.spec.{ts,tsx}: Use setup function instead of beforeEach in test files
setup function must be at the bottom of the root describe block in test files
setup function creates an object under test and returns it
setup function should accept a single parameter with inline type definition
Don't use shared state in setup function
Don't specify return type of setup function

Files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts

🧠 Learnings (4)

📚 Learning: 2025-08-12T13:52:38.708Z

Learnt from: stalniy
Repo: akash-network/console PR: 1800
File: apps/deploy-web/next.config.js:163-165
Timestamp: 2025-08-12T13:52:38.708Z
Learning: In the Akash Console project, akashnetwork/env-loader is used at the top of next.config.js files to automatically load environment variables from env/.env files into process.env. SENTRY_ORG and SENTRY_PROJECT are stored as public configuration values in apps/deploy-web/env/.env and are loaded this way, while only SENTRY_AUTH_TOKEN is handled as a GitHub secret in workflows.

Applied to files:

• apps/api/src/billing/config/env.config.ts

📚 Learning: 2025-06-08T03:07:13.871Z

Learnt from: stalniy
Repo: akash-network/console PR: 1436
File: apps/api/src/provider/repositories/provider/provider.repository.ts:79-90
Timestamp: 2025-06-08T03:07:13.871Z
Learning: The getProvidersHostUriByAttributes method in apps/api/src/provider/repositories/provider/provider.repository.ts already has comprehensive test coverage in provider.repository.spec.ts, including tests for complex HAVING clause logic with COUNT(*) FILTER (WHERE ...) syntax, signature conditions (anyOf/allOf), and glob pattern matching.

Applied to files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts

📚 Learning: 2025-10-15T16:39:55.348Z

Learnt from: jzsfkzm
Repo: akash-network/console PR: 2039
File: apps/deploy-web/tests/ui/change-wallets.spec.ts:4-10
Timestamp: 2025-10-15T16:39:55.348Z
Learning: In the Akash Console E2E tests using the context-with-extension fixture, the first wallet is automatically created during fixture setup via `importWalletToLeap` in `apps/deploy-web/tests/ui/fixture/wallet-setup.ts`, so tests that call `frontPage.createWallet()` are creating a second wallet to test wallet switching functionality.

Applied to files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts

📚 Learning: 2025-07-21T08:24:24.269Z

Learnt from: CR
Repo: akash-network/console PR: 0
File: .cursor/rules/no-jest-mock.mdc:0-0
Timestamp: 2025-07-21T08:24:24.269Z
Learning: Applies to **/*.spec.{ts,tsx} : Don't use `jest.mock()` to mock dependencies in test files. Instead, use `jest-mock-extended` to create mocks and pass mocks as dependencies to the service under test.

Applied to files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts

🧬 Code graph analysis (4)

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2)

apps/api/src/billing/services/managed-signer/managed-signer.service.ts (1)

• singleton (28-161)

apps/api/src/provider/services/provider/provider.service.ts (1)

• singleton (22-190)

apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts (4)

apps/api/test/seeders/user-wallet.seeder.ts (1)

• UserWalletSeeder (6-29)

apps/api/test/seeders/user.seeder.ts (1)

• UserSeeder (5-45)

apps/stats-web/src/components/transactions/akash/MsgCreateLease.tsx (1)

• MsgCreateLease (10-22)

apps/api/src/core/services/feature-flags/feature-flags.ts (1)

• FeatureFlags (1-5)

apps/deploy-web/src/utils/deploymentData/v1beta3.ts (3)

apps/api/src/deployment/config/provider.config.ts (1)

• AUDITOR (3-3)

apps/deploy-web/src/utils/deploymentData/helpers.ts (1)

• getSdl (55-57)

apps/stats-web/src/store/network.store.ts (1)

• networkStore (6-10)

apps/deploy-web/src/components/new-deployment/ManifestEdit.tsx (1)

apps/deploy-web/src/utils/deploymentData/v1beta3.ts (1)

• appendAuditorRequirement (80-109)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: Validate local packages

🔇 Additional comments (7)

apps/deploy-web/src/components/new-deployment/ManifestEdit.tsx (1)

242-244: LGTM! Clean integration of auditor requirement.

The conditional augmentation of the SDL for managed wallets follows the established pattern and integrates well with the existing flow.

apps/api/src/billing/services/managed-signer/managed-signer.service.ts (1)

100-100: LGTM! Parallel lease provider validation integrated correctly.

The validation executes before the feature-flagged ANONYMOUS_FREE_TRIAL flow, ensuring lease provider authorization is enforced universally for managed wallets. The parallel execution pattern is appropriate.

apps/deploy-web/src/utils/deploymentData/v1beta3.ts (1)

80-109: LGTM! Function correctly augments SDL with auditor requirements.

The implementation properly:

• Preserves existing signedBy structure
• Adds auditors to anyOf (allowing any of the configured auditors)
• Uses consistent YAML dumping pattern
• Handles missing placement data gracefully

apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts (2)

379-493: LGTM! Comprehensive test coverage for lease provider validation.

The three new tests properly verify that validateLeaseProvider is invoked across all lease-processing flows (non-trial, trial, and anonymous trial). The test setup correctly wires the new validation hook, and assertions confirm both invocation and parameter passing. The tests align well with the implementation changes in managed-signer.service.ts.

---

503-503: LGTM! Setup function properly extended.

The validateLeaseProvider parameter is correctly added to the setup input type and wired through the anonymousValidateService mock, enabling proper test assertions.

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2)

18-22: LGTM! Constructor properly extended with required dependencies.

The new dependencies (BillingConfigService and ProviderRepository) are correctly injected to support lease provider validation functionality.

---

54-76: LGTM! Lease provider validation logic verified as sound.

The implementation correctly:

• Fetches provider with providerAttributeSignatures included via getProviderByAddressWithAttributes() (provider.repository.ts:180-195)
• Returns early for non-lease messages and unconfigured auditors
• Validates provider existence before checking authorization
• Verifies provider is audited by at least one allowed auditor
• Provides clear error messages

The _userWallet parameter is currently unused but appears intentionally prefixed, suggesting reserved for future use or interface consistency.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

apps/deploy-web/src/utils/deploymentData/v1beta3.ts (2)

13-14: Consider centralizing the AUDITOR constant.

The AUDITOR constant is duplicated in apps/api/src/deployment/config/provider.config.ts (line 2). If this value needs to change, it must be updated in multiple locations.

Consider moving shared constants to a common package or configuration file that both the API and deploy-web can import.

---

80-109: Consider refactoring to reduce duplication with appendTrialAttribute.

The appendAuditorRequirement function shares significant structural similarity with appendTrialAttribute (lines 33-78):

• Both parse SDL and iterate over placement data
• Both ensure the signedBy structure exists
• Both dump the result to YAML with a --- header

Consider extracting the common logic into a shared helper function that accepts a callback to apply the specific modifications (attributes + allOf for trials, anyOf for auditors).

Example refactor:

function modifyPlacementSignedBy(
  yamlStr: string, 
  modifier: (value: any) => void,
  dumpOptions?: yaml.DumpOptions
) {
  const sdl = getSdl(yamlStr, "beta3", networkStore.selectedNetworkId);
  const placementData = sdl.data?.profiles?.placement || {};

  for (const [, value] of Object.entries(placementData)) {
    if (!value.signedBy?.anyOf || !value.signedBy?.allOf) {
      value.signedBy = {
        anyOf: value.signedBy?.anyOf || [],
        allOf: value.signedBy?.allOf || []
      };
    }
    modifier(value);
  }

  const result = yaml.dump(sdl.data, {
    indent: 2,
    quotingType: '"',
    styles: {
      "!!null": "empty"
    },
    ...dumpOptions
  });

  return `---\n${result}`;
}

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (1)

54-76: Consider the purpose of the unused _userWallet parameter.

The _userWallet parameter is prefixed with _ indicating it's intentionally unused. If it's not needed for current or planned functionality, consider removing it to simplify the method signature.

If it's kept for future use or consistency with other validation methods, this is acceptable but worth confirming.

Do you plan to use userWallet in this method? If not, consider removing it:

-async validateLeaseProvider(decoded: EncodeObject, _userWallet: UserWalletOutput) {
+async validateLeaseProvider(decoded: EncodeObject) {

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2a37d1f and f4fdda3.

📒 Files selected for processing (6)

• apps/api/src/billing/config/env.config.ts (1 hunks)
• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts (3 hunks)
• apps/api/src/billing/services/managed-signer/managed-signer.service.ts (1 hunks)
• apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2 hunks)
• apps/deploy-web/src/components/new-deployment/ManifestEdit.tsx (2 hunks)
• apps/deploy-web/src/utils/deploymentData/v1beta3.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• apps/deploy-web/src/components/new-deployment/ManifestEdit.tsx
• apps/api/src/billing/config/env.config.ts

🧰 Additional context used

📓 Path-based instructions (3)

**/*.spec.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/no-jest-mock.mdc)

Don't use jest.mock() to mock dependencies in test files. Instead, use jest-mock-extended to create mocks and pass mocks as dependencies to the service under test.

**/*.spec.{ts,tsx}: Use setup function instead of beforeEach in test files
setup function must be at the bottom of the root describe block in test files
setup function creates an object under test and returns it
setup function should accept a single parameter with inline type definition
Don't use shared state in setup function
Don't specify return type of setup function

Files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

Never use type any or cast to type any. Always define the proper TypeScript types.

Files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts
• apps/deploy-web/src/utils/deploymentData/v1beta3.ts
• apps/api/src/billing/services/trial-validation/trial-validation.service.ts
• apps/api/src/billing/services/managed-signer/managed-signer.service.ts

**/*.{js,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

**/*.{js,ts,tsx}: Never use deprecated methods from libraries.
Don't add unnecessary comments to the code

Files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts
• apps/deploy-web/src/utils/deploymentData/v1beta3.ts
• apps/api/src/billing/services/trial-validation/trial-validation.service.ts
• apps/api/src/billing/services/managed-signer/managed-signer.service.ts

🧠 Learnings (3)

📚 Learning: 2025-06-08T03:07:13.871Z

Learnt from: stalniy
Repo: akash-network/console PR: 1436
File: apps/api/src/provider/repositories/provider/provider.repository.ts:79-90
Timestamp: 2025-06-08T03:07:13.871Z
Learning: The getProvidersHostUriByAttributes method in apps/api/src/provider/repositories/provider/provider.repository.ts already has comprehensive test coverage in provider.repository.spec.ts, including tests for complex HAVING clause logic with COUNT(*) FILTER (WHERE ...) syntax, signature conditions (anyOf/allOf), and glob pattern matching.

Applied to files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts

📚 Learning: 2025-10-15T16:39:55.348Z

Learnt from: jzsfkzm
Repo: akash-network/console PR: 2039
File: apps/deploy-web/tests/ui/change-wallets.spec.ts:4-10
Timestamp: 2025-10-15T16:39:55.348Z
Learning: In the Akash Console E2E tests using the context-with-extension fixture, the first wallet is automatically created during fixture setup via `importWalletToLeap` in `apps/deploy-web/tests/ui/fixture/wallet-setup.ts`, so tests that call `frontPage.createWallet()` are creating a second wallet to test wallet switching functionality.

Applied to files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts

📚 Learning: 2025-07-21T08:24:24.269Z

Learnt from: CR
Repo: akash-network/console PR: 0
File: .cursor/rules/no-jest-mock.mdc:0-0
Timestamp: 2025-07-21T08:24:24.269Z
Learning: Applies to **/*.spec.{ts,tsx} : Don't use `jest.mock()` to mock dependencies in test files. Instead, use `jest-mock-extended` to create mocks and pass mocks as dependencies to the service under test.

Applied to files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts

🧬 Code graph analysis (3)

apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts (3)

apps/api/test/seeders/user-wallet.seeder.ts (1)

• UserWalletSeeder (6-29)

apps/api/test/seeders/user.seeder.ts (1)

• UserSeeder (5-45)

apps/api/src/core/services/feature-flags/feature-flags.ts (1)

• FeatureFlags (1-5)

apps/deploy-web/src/utils/deploymentData/v1beta3.ts (3)

apps/api/src/deployment/config/provider.config.ts (1)

• AUDITOR (3-3)

apps/deploy-web/src/utils/deploymentData/helpers.ts (1)

• getSdl (55-57)

apps/stats-web/src/store/network.store.ts (1)

• networkStore (6-10)

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2)

apps/api/src/billing/services/managed-signer/managed-signer.service.ts (1)

• singleton (28-161)

apps/api/src/provider/services/provider/provider.service.ts (1)

• singleton (22-190)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: test-build

🔇 Additional comments (7)

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2)

2-2: LGTM!

The new imports support the validateLeaseProvider method and are used appropriately.

Also applies to: 8-8, 11-11

---

18-22: LGTM!

The constructor properly injects the new dependencies required for lease provider validation.

apps/api/src/billing/services/managed-signer/managed-signer.service.ts (1)

100-100: LGTM!

The lease provider validation is correctly positioned:

• Runs after allowance checks (lines 92-98)
• Runs before trial-specific validations (lines 102-113)
• Uses Promise.all for efficient parallel validation
• Applies to all wallets consistently

The implementation correctly enforces auditor-based authorization for lease messages.

apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts (4)

379-414: LGTM!

The test correctly verifies that validateLeaseProvider is called for non-trial wallets, ensuring the validation applies universally.

---

416-451: LGTM!

The test correctly verifies that validateLeaseProvider is called for trial wallets.

---

453-493: LGTM!

The test comprehensively covers the anonymous trial mode scenario, verifying that:

• validateLeaseProvider runs first (line 490)
• Additional trial validations follow (lines 491-492)

This ensures proper validation layering.

---

503-503: LGTM!

The setup function correctly extends the mock configuration to include validateLeaseProvider, following all coding guidelines:

• Uses jest-mock-extended for mocking
• No shared state
• Single parameter with inline type definition
• No return type annotation

Based on learnings.

Also applies to: 539-539

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/network-store/src/network.config.ts (1)

32-32: Consider using null instead of empty string for consistency.

The rpcEndpoint is set to an empty string "", while version on line 39 is set to null. For consistency and to avoid potential issues where code might treat an empty string as truthy, consider using null for the rpcEndpoint as well.

Apply this diff:

-    rpcEndpoint: "",
+    rpcEndpoint: null,

Note: This may require updating the Network type definition to allow null for rpcEndpoint if it doesn't already.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f4fdda3 and 18fa5a7.

📒 Files selected for processing (4)

• apps/api/test/functional/nodes-v1.spec.ts (1 hunks)
• apps/deploy-web/tests/ui/fixture/test-env.config.ts (2 hunks)
• packages/database/chainDefinitions.ts (1 hunks)
• packages/network-store/src/network.config.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

Never use type any or cast to type any. Always define the proper TypeScript types.

Files:

• packages/database/chainDefinitions.ts
• packages/network-store/src/network.config.ts
• apps/api/test/functional/nodes-v1.spec.ts
• apps/deploy-web/tests/ui/fixture/test-env.config.ts

**/*.{js,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

**/*.{js,ts,tsx}: Never use deprecated methods from libraries.
Don't add unnecessary comments to the code

Files:

• packages/database/chainDefinitions.ts
• packages/network-store/src/network.config.ts
• apps/api/test/functional/nodes-v1.spec.ts
• apps/deploy-web/tests/ui/fixture/test-env.config.ts

**/*.spec.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/no-jest-mock.mdc)

Don't use jest.mock() to mock dependencies in test files. Instead, use jest-mock-extended to create mocks and pass mocks as dependencies to the service under test.

**/*.spec.{ts,tsx}: Use setup function instead of beforeEach in test files
setup function must be at the bottom of the root describe block in test files
setup function creates an object under test and returns it
setup function should accept a single parameter with inline type definition
Don't use shared state in setup function
Don't specify return type of setup function

Files:

• apps/api/test/functional/nodes-v1.spec.ts

🧠 Learnings (3)

📚 Learning: 2025-08-12T13:52:38.708Z

Learnt from: stalniy
Repo: akash-network/console PR: 1800
File: apps/deploy-web/next.config.js:163-165
Timestamp: 2025-08-12T13:52:38.708Z
Learning: In the Akash Console project, akashnetwork/env-loader is used at the top of next.config.js files to automatically load environment variables from env/.env files into process.env. SENTRY_ORG and SENTRY_PROJECT are stored as public configuration values in apps/deploy-web/env/.env and are loaded this way, while only SENTRY_AUTH_TOKEN is handled as a GitHub secret in workflows.

Applied to files:

• packages/database/chainDefinitions.ts

📚 Learning: 2025-07-21T08:24:27.953Z

Learnt from: CR
Repo: akash-network/console PR: 0
File: .cursor/rules/query-by-in-tests.mdc:0-0
Timestamp: 2025-07-21T08:24:27.953Z
Learning: Applies to apps/{deploy-web,provider-console}/**/*.spec.tsx : Use `queryBy` methods instead of `getBy` methods in test expectations in `.spec.tsx` files

Applied to files:

• apps/deploy-web/tests/ui/fixture/test-env.config.ts

📚 Learning: 2025-06-10T01:25:37.604Z

Learnt from: jzsfkzm
Repo: akash-network/console PR: 1458
File: apps/api/src/network/services/network/network.service.ts:0-0
Timestamp: 2025-06-10T01:25:37.604Z
Learning: In the Akash Network Console codebase, network parameters are validated at the schema level using Zod schemas before reaching service methods, making default cases in switch statements unnecessary for validated enum-like parameters.

Applied to files:

• apps/deploy-web/tests/ui/fixture/test-env.config.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: Validate local packages

🔇 Additional comments (3)

apps/api/test/functional/nodes-v1.spec.ts (1)

28-28: Test coverage reduced to mainnet and sandbox only.

The removal of "testnet" from the test matrix is consistent with the broader testnet disabling across this PR. The test structure remains sound, and the invalid network test case (line 44) continues to validate error handling.

apps/deploy-web/tests/ui/fixture/test-env.config.ts (2)

7-7: Type safety improvement with hardcoded network enum.

Replacing the dynamic netConfig.getSupportedNetworks() with a static ["mainnet", "sandbox"] enum removes flexibility but improves clarity and aligns with the testnet removal across this PR. The hardcoded approach makes the allowed values explicit and easier to understand in test contexts.

---

18-19: Good use of satisfies for type-safe provider whitelist.

The narrowed type from Record<SupportedChainNetworks, string[]> to Record<"mainnet" | "sandbox", string[]> using the satisfies operator provides better type safety while maintaining the correct structure. This ensures the whitelist only contains the now-supported networks.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

apps/api/env/.env.functional.test (1)

1-42: Consider alphabetically sorting environment variables.

The dotenv-linter flagged that RPC_NODE_ENDPOINT should precede UAKT_TOP_UP_MASTER_WALLET_MNEMONIC in alphabetical order. While this is a minor formatting concern, consider organizing all environment variables alphabetically for consistency and easier maintenance in the future.

apps/api/test/seeders/provider.seeder.ts (1)

41-50: Good implementation with room for flexibility.

The logic correctly creates a provider attribute signature after the provider. The approach aligns with the PR's auditor-based authorization objectives.

Consider making the signature attributes configurable to improve test flexibility:

-export const createProvider = async (overrides: Partial<CreationAttributes<Provider>> = {}): Promise<Provider> => {
+export const createProvider = async (
+  overrides: Partial<CreationAttributes<Provider>> = {},
+  signatureOverrides?: { auditor?: string; key?: string; value?: string }
+): Promise<Provider> => {
   const provider = await Provider.create(createProviderSeed(overrides));
 
   await ProviderAttributeSignature.create({
     provider: provider.owner,
-    auditor: AUDITOR,
-    key: "region",
-    value: "us-west"
+    auditor: signatureOverrides?.auditor ?? AUDITOR,
+    key: signatureOverrides?.key ?? "region",
+    value: signatureOverrides?.value ?? "us-west"
   });
 
   return provider;
 };

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 18fa5a7 and c912980.

📒 Files selected for processing (7)

• apps/api/env/.env.functional.test (1 hunks)
• apps/api/src/billing/config/env.config.ts (2 hunks)
• apps/api/src/utils/constants.ts (2 hunks)
• apps/api/test/seeders/provider.seeder.ts (2 hunks)
• apps/stats-web/src/config/denom.config.ts (1 hunks)
• packages/net/src/NetConfig/NetConfig.spec.ts (1 hunks)
• packages/net/src/NetConfig/NetConfig.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/api/src/billing/config/env.config.ts

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

Never use type any or cast to type any. Always define the proper TypeScript types.

Files:

• packages/net/src/NetConfig/NetConfig.ts
• packages/net/src/NetConfig/NetConfig.spec.ts
• apps/api/test/seeders/provider.seeder.ts
• apps/api/src/utils/constants.ts
• apps/stats-web/src/config/denom.config.ts

**/*.{js,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

**/*.{js,ts,tsx}: Never use deprecated methods from libraries.
Don't add unnecessary comments to the code

Files:

• packages/net/src/NetConfig/NetConfig.ts
• packages/net/src/NetConfig/NetConfig.spec.ts
• apps/api/test/seeders/provider.seeder.ts
• apps/api/src/utils/constants.ts
• apps/stats-web/src/config/denom.config.ts

**/*.spec.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/no-jest-mock.mdc)

Don't use jest.mock() to mock dependencies in test files. Instead, use jest-mock-extended to create mocks and pass mocks as dependencies to the service under test.

**/*.spec.{ts,tsx}: Use setup function instead of beforeEach in test files
setup function must be at the bottom of the root describe block in test files
setup function creates an object under test and returns it
setup function should accept a single parameter with inline type definition
Don't use shared state in setup function
Don't specify return type of setup function

Files:

• packages/net/src/NetConfig/NetConfig.spec.ts

🧠 Learnings (5)

📚 Learning: 2025-06-08T03:07:13.871Z

Learnt from: stalniy
Repo: akash-network/console PR: 1436
File: apps/api/src/provider/repositories/provider/provider.repository.ts:79-90
Timestamp: 2025-06-08T03:07:13.871Z
Learning: The getProvidersHostUriByAttributes method in apps/api/src/provider/repositories/provider/provider.repository.ts already has comprehensive test coverage in provider.repository.spec.ts, including tests for complex HAVING clause logic with COUNT(*) FILTER (WHERE ...) syntax, signature conditions (anyOf/allOf), and glob pattern matching.

Applied to files:

• apps/api/test/seeders/provider.seeder.ts

📚 Learning: 2025-08-12T13:52:38.708Z

Learnt from: stalniy
Repo: akash-network/console PR: 1800
File: apps/deploy-web/next.config.js:163-165
Timestamp: 2025-08-12T13:52:38.708Z
Learning: In the Akash Console project, akashnetwork/env-loader is used at the top of next.config.js files to automatically load environment variables from env/.env files into process.env. SENTRY_ORG and SENTRY_PROJECT are stored as public configuration values in apps/deploy-web/env/.env and are loaded this way, while only SENTRY_AUTH_TOKEN is handled as a GitHub secret in workflows.

Applied to files:

• apps/api/src/utils/constants.ts

📚 Learning: 2025-09-04T04:27:50.638Z

Learnt from: stalniy
Repo: akash-network/console PR: 1868
File: apps/api/src/billing/services/managed-signer/managed-signer.service.ts:1-1
Timestamp: 2025-09-04T04:27:50.638Z
Learning: In the akash-network/console project, importing MsgCreateLease from "akashnetwork/akash-api/v1beta3" instead of v1beta4 is considered non-critical by the maintainers, likely due to backward compatibility or project-specific requirements.

Applied to files:

• apps/api/src/utils/constants.ts

📚 Learning: 2025-05-22T14:25:01.336Z

Learnt from: stalniy
Repo: akash-network/console PR: 1353
File: apps/deploy-web/src/config/browser-env.config.ts:0-0
Timestamp: 2025-05-22T14:25:01.336Z
Learning: For the `__AK_INJECTED_CONFIG__` global window property in the Akash Network Console, security is handled through cryptographic signature verification using a public key rather than property protection mechanisms like Object.defineProperty.

Applied to files:

• apps/api/src/utils/constants.ts

📚 Learning: 2025-09-25T20:34:55.117Z

Learnt from: jigar-arc10
Repo: akash-network/console PR: 1970
File: apps/provider-console/src/config/network.config.ts:17-28
Timestamp: 2025-09-25T20:34:55.117Z
Learning: In cosmos-kit integration, nodesUrl and versionUrl should point to Cosmos API endpoints (not console backend API endpoints) as cosmos-kit expects these to be Cosmos REST endpoints for proper functionality.

Applied to files:

• apps/api/src/utils/constants.ts

🧬 Code graph analysis (3)

apps/api/test/seeders/provider.seeder.ts (2)

apps/indexer/drizzle/schema.ts (1)

• provider (210-242)

packages/database/dbSchemas/akash/index.ts (1)

• ProviderAttributeSignature (10-10)

apps/api/src/utils/constants.ts (2)

apps/api/src/utils/env.ts (1)

• env (3-26)

packages/net/src/index.ts (1)

• netConfig (3-3)

apps/stats-web/src/config/denom.config.ts (1)

apps/deploy-web/src/config/denom.config.ts (2)

• UAKT_DENOM (3-3)
• USDC_IBC_DENOMS (4-8)

🪛 dotenv-linter (4.0.0)

apps/api/env/.env.functional.test

[warning] 5-5: [UnorderedKey] The RPC_NODE_ENDPOINT key should go before the UAKT_TOP_UP_MASTER_WALLET_MNEMONIC key

(UnorderedKey)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: Validate local packages

🔇 Additional comments (9)

apps/api/env/.env.functional.test (1)

5-5: Verify the new RPC endpoint is correct and operational.

The RPC endpoint has been updated to point to a new sandbox network. Please confirm that https://rpc.sandbox-2.aksh.pw:443 is the correct and operational endpoint for the intended sandbox-2 network, especially since this affects all functional tests that rely on blockchain RPC calls.

apps/stats-web/src/config/denom.config.ts (2)

1-1: Import migration verified and complete.

✅ No remaining references to SupportedChainNetworks found in stats-web.

✅ Type annotation correctly updated to NetworkId with proper usage: Partial<Record<NetworkId, string>>.

✅ Package dependency @akashnetwork/chain-sdk (v1.0.0-alpha.12) is declared.

✅ NetworkId type is consistently used throughout the codebase in related files (api-url.service.ts, useDenom.ts, etc.).

The import migration from @akashnetwork/net to @akashnetwork/chain-sdk/web is correct and complete.

---

4-7: Type update is correct; no changes required.

The configuration is intentionally incomplete. The Partial<Record<NetworkId, string>> type explicitly indicates that only some networks have USDC IBC denom entries. stats-web only requires MAINNET_ID and SANDBOX_ID entries for USDC, which is reflected in the current configuration. TESTNET_ID is used elsewhere in stats-web (e.g., API URL routing) but is not needed for USDC denomination mapping.

apps/api/test/seeders/provider.seeder.ts (2)

1-1: LGTM! Clean imports.

The new imports for ProviderAttributeSignature and AUDITOR are necessary for the auditor signature functionality being added.

Also applies to: 5-5

---

5-5: AUDITOR constant is properly configured.

The AUDITOR constant is defined with a valid Akash auditor address (akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63) and is properly imported and used as the default value for MANAGED_WALLET_LEASE_ALLOWED_AUDITORS configuration. No issues found.

packages/net/src/NetConfig/NetConfig.spec.ts (1)

18-23: LGTM! Test correctly validates the updated API.

The test properly verifies that getFaucetUrl accepts a plain string and returns the expected URL for "sandbox-2" while returning null for networks without faucets.

apps/api/src/utils/constants.ts (2)

1-1: LGTM! Unused import correctly removed.

The SupportedChainNetworks type is no longer needed since getBaseAPIUrl now accepts a plain string parameter.

---

19-19: LGTM! Type assertion correctly removed.

The removal of the type assertion is safe because getBaseAPIUrl now accepts a string parameter, and the internal mapped() method will throw a clear error if an invalid network is provided.

packages/net/src/NetConfig/NetConfig.ts (1)

35-35: LGTM! Signature change improves API consistency.

Changing the parameter type from SupportedChainNetworks to string makes this method consistent with other methods in the class (getVersion, getBaseAPIUrl, getBaseRpcUrl). The change is backward compatible and maintains runtime safety through the mapped() method's validation.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (1)

61-96: Batching pattern successfully addresses past performance concerns.

The implementation efficiently handles multiple lease messages by:

1. Collecting unique provider addresses (lines 61-78)
2. Fetching all providers in a single batch query (line 84)
3. Building a Map for O(1) lookups (line 86)
4. Validating each provider from the cached map (lines 88-96)

This directly addresses the past review comment about adding provider caching for batched lease message validation.

🧹 Nitpick comments (2)

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2)

54-54: Consider removing the unused _userWallet parameter.

The _userWallet parameter is prefixed with an underscore indicating it's intentionally unused. If it's not needed for the validation logic and isn't required for interface compatibility with other validation methods, consider removing it to simplify the signature.

---

95-95: Consider more informative error message.

The generic "Provider not authorized." message could help developers/operators by indicating which auditors are allowed.

Apply this diff:

-      assert(isAuditedByAllowedAuditor, 403, `Provider not authorized.`);
+      assert(isAuditedByAllowedAuditor, 403, `Provider ${providerAddress} is not audited by any allowed auditor (${allowedAuditors.join(', ')})`);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c912980 and 9c70ad9.

📒 Files selected for processing (4)

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts (3 hunks)
• apps/api/src/billing/services/managed-signer/managed-signer.service.ts (1 hunks)
• apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2 hunks)
• apps/api/src/provider/repositories/provider/provider.repository.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.spec.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/no-jest-mock.mdc)

Don't use jest.mock() to mock dependencies in test files. Instead, use jest-mock-extended to create mocks and pass mocks as dependencies to the service under test.

**/*.spec.{ts,tsx}: Use setup function instead of beforeEach in test files
setup function must be at the bottom of the root describe block in test files
setup function creates an object under test and returns it
setup function should accept a single parameter with inline type definition
Don't use shared state in setup function
Don't specify return type of setup function

Files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

Never use type any or cast to type any. Always define the proper TypeScript types.

Files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts
• apps/api/src/billing/services/managed-signer/managed-signer.service.ts
• apps/api/src/provider/repositories/provider/provider.repository.ts
• apps/api/src/billing/services/trial-validation/trial-validation.service.ts

**/*.{js,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

**/*.{js,ts,tsx}: Never use deprecated methods from libraries.
Don't add unnecessary comments to the code

Files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts
• apps/api/src/billing/services/managed-signer/managed-signer.service.ts
• apps/api/src/provider/repositories/provider/provider.repository.ts
• apps/api/src/billing/services/trial-validation/trial-validation.service.ts

🧠 Learnings (4)

📚 Learning: 2025-10-15T16:39:55.348Z

Learnt from: jzsfkzm
Repo: akash-network/console PR: 2039
File: apps/deploy-web/tests/ui/change-wallets.spec.ts:4-10
Timestamp: 2025-10-15T16:39:55.348Z
Learning: In the Akash Console E2E tests using the context-with-extension fixture, the first wallet is automatically created during fixture setup via `importWalletToLeap` in `apps/deploy-web/tests/ui/fixture/wallet-setup.ts`, so tests that call `frontPage.createWallet()` are creating a second wallet to test wallet switching functionality.

Applied to files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts

📚 Learning: 2025-06-08T03:07:13.871Z

Learnt from: stalniy
Repo: akash-network/console PR: 1436
File: apps/api/src/provider/repositories/provider/provider.repository.ts:79-90
Timestamp: 2025-06-08T03:07:13.871Z
Learning: The getProvidersHostUriByAttributes method in apps/api/src/provider/repositories/provider/provider.repository.ts already has comprehensive test coverage in provider.repository.spec.ts, including tests for complex HAVING clause logic with COUNT(*) FILTER (WHERE ...) syntax, signature conditions (anyOf/allOf), and glob pattern matching.

Applied to files:

• apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts
• apps/api/src/provider/repositories/provider/provider.repository.ts

📚 Learning: 2025-10-31T11:26:42.138Z

Learnt from: stalniy
Repo: akash-network/console PR: 2138
File: apps/api/src/billing/lib/batch-signing-client/batch-signing-client.service.ts:379-382
Timestamp: 2025-10-31T11:26:42.138Z
Learning: In TypeScript/JavaScript, the pattern of checking a cached value and then performing an async operation to fetch it without proper synchronization is race condition unsafe:
```typescript
private async getAddress() {
  if (!this.address) {
    this.address = await this.wallet.getFirstAddress();
  }
  return this.address;
}
```
Multiple concurrent calls can all pass the `if (!this.address)` check before any of them sets the value, leading to duplicate async operations. This should be flagged as a race condition. Proper synchronization (mutex, atomic promise caching, or guaranteed single-threaded execution) is required.

Applied to files:

• apps/api/src/billing/services/trial-validation/trial-validation.service.ts

📚 Learning: 2025-09-04T04:27:40.858Z

Learnt from: stalniy
Repo: akash-network/console PR: 1868
File: apps/api/src/billing/services/managed-signer/managed-signer.service.ts:98-107
Timestamp: 2025-09-04T04:27:40.858Z
Learning: In the Akash protocol, when processing MsgCreateLease messages, the bidId.dseq field is always required and guaranteed to be present at runtime, even though TypeScript types may suggest it could be undefined. The non-null assertion operator (!) is appropriate to use in this context.

Applied to files:

• apps/api/src/billing/services/trial-validation/trial-validation.service.ts

🧬 Code graph analysis (3)

apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts (3)

apps/api/test/seeders/user-wallet.seeder.ts (1)

• UserWalletSeeder (6-29)

apps/api/test/seeders/user.seeder.ts (1)

• UserSeeder (5-45)

apps/api/src/core/services/feature-flags/feature-flags.ts (1)

• FeatureFlags (1-5)

apps/api/src/provider/repositories/provider/provider.repository.ts (1)

packages/database/dbSchemas/akash/index.ts (1)

• ProviderAttributeSignature (10-10)

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2)

apps/api/src/billing/services/managed-signer/managed-signer.service.ts (1)

• singleton (28-161)

apps/api/src/provider/repositories/provider/provider.repository.ts (1)

• singleton (17-222)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: Validate local packages

🔇 Additional comments (5)

apps/api/src/provider/repositories/provider/provider.repository.ts (1)

197-212: LGTM! Well-structured batch provider lookup.

The implementation follows the existing getProviderByAddressWithAttributes pattern while efficiently handling multiple addresses via Op.in. The associations are correctly included for auditor validation.

apps/api/src/billing/services/managed-signer/managed-signer.service.ts (1)

100-101: LGTM! Appropriate early validation placement.

The lease auditor validation is correctly placed before feature-flag-gated validations, ensuring all managed wallets are subject to auditor authorization checks.

apps/api/src/billing/services/managed-signer/managed-signer.service.spec.ts (2)

379-493: LGTM! Comprehensive test coverage across lease validation paths.

The three new test cases thoroughly validate the validateLeaseProvidersAuditors invocation across normal wallets, trial wallets, and anonymous trial mode, ensuring the auditor validation is consistently enforced.

---

503-503: LGTM! Proper mock extension.

The setup function correctly extends the mock configuration to include validateLeaseProvidersAuditors, maintaining consistency with the existing mock patterns.

Also applies to: 538-539

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (1)

18-22: LGTM! Constructor properly extended for new dependencies.

The BillingConfigService and ProviderRepository injections support the auditor validation logic introduced in validateLeaseProvidersAuditors.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (1)

81-81: Consider including provider address in error message for easier debugging.

The error message "Provider not authorized." is generic and doesn't identify which provider failed the check.

Apply this diff:

-      assert(isAuditedByAllowedAuditor, 403, `Provider not authorized.`);
+      assert(isAuditedByAllowedAuditor, 403, `Provider ${providerAddress} not authorized.`);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9c70ad9 and 5cbac39.

📒 Files selected for processing (1)

• apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

Never use type any or cast to type any. Always define the proper TypeScript types.

Files:

• apps/api/src/billing/services/trial-validation/trial-validation.service.ts

**/*.{js,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

**/*.{js,ts,tsx}: Never use deprecated methods from libraries.
Don't add unnecessary comments to the code

Files:

• apps/api/src/billing/services/trial-validation/trial-validation.service.ts

🧠 Learnings (2)

📚 Learning: 2025-10-31T11:26:42.138Z

Learnt from: stalniy
Repo: akash-network/console PR: 2138
File: apps/api/src/billing/lib/batch-signing-client/batch-signing-client.service.ts:379-382
Timestamp: 2025-10-31T11:26:42.138Z
Learning: In TypeScript/JavaScript, the pattern of checking a cached value and then performing an async operation to fetch it without proper synchronization is race condition unsafe:
```typescript
private async getAddress() {
  if (!this.address) {
    this.address = await this.wallet.getFirstAddress();
  }
  return this.address;
}
```
Multiple concurrent calls can all pass the `if (!this.address)` check before any of them sets the value, leading to duplicate async operations. This should be flagged as a race condition. Proper synchronization (mutex, atomic promise caching, or guaranteed single-threaded execution) is required.

Applied to files:

• apps/api/src/billing/services/trial-validation/trial-validation.service.ts

📚 Learning: 2025-09-04T04:27:40.858Z

Learnt from: stalniy
Repo: akash-network/console PR: 1868
File: apps/api/src/billing/services/managed-signer/managed-signer.service.ts:98-107
Timestamp: 2025-09-04T04:27:40.858Z
Learning: In the Akash protocol, when processing MsgCreateLease messages, the bidId.dseq field is always required and guaranteed to be present at runtime, even though TypeScript types may suggest it could be undefined. The non-null assertion operator (!) is appropriate to use in this context.

Applied to files:

• apps/api/src/billing/services/trial-validation/trial-validation.service.ts

🧬 Code graph analysis (1)

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (2)

apps/api/src/provider/repositories/provider/provider.repository.ts (1)

• singleton (17-222)

apps/api/src/billing/services/managed-signer/managed-signer.service.ts (1)

• singleton (28-161)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: test-build
• GitHub Check: validate / validate-app
• GitHub Check: test-build
• GitHub Check: Validate local packages

🔇 Additional comments (4)

apps/api/src/billing/services/trial-validation/trial-validation.service.ts (4)

2-2: LGTM! Necessary imports for the new auditor validation feature.

The imports support the new validateLeaseProvidersAuditors method correctly.

Also applies to: 8-8, 11-11

---

18-22: LGTM! Constructor properly updated to inject new dependencies.

The new dependencies (BillingConfigService and ProviderRepository) are correctly injected to support the auditor validation feature.

---

54-68: LGTM! Clean early validation with proper TypeScript patterns.

The method signature, config checks, and message filtering use proper TypeScript types with appropriate type guards and early returns.

---

70-72: Excellent batching implementation that addresses previous performance concerns!

The code efficiently deduplicates provider addresses, fetches all required providers in a single batch query, and creates a Map for O(1) lookups. This successfully resolves the duplicate database query concern raised in previous reviews.

[stalniy]

question(non-blocking): could you please explain this?

[baktun14]

Not sure why, but it didn't work prior, maybe it was something else breaking