refactor: replaces allOf+if with clean oneOf structures

[stalniy]

📝 Description

Using oneOf instead of allOf + if makes it easier to see discriminated union in payload shape. Additionally, it improves tooling support, for example json-schema-to-typescript can generate correct types from oneOf schema and we don't need to write it manually.

In terms of validation, it supports the same rules as the previous one. However error messages will be different.

🔧 Purpose of the Change

• New feature implementation
• Bug fix
• Documentation update
• Code refactoring
• Dependency upgrade
• Other: [specify]

📌 Related Issues

• Closes #ISSUE_NUMBER
• References #ISSUE_NUMBER

✅ Checklist

• I've updated relevant documentation
• Code follows Akash Network's style guide
• I've added/updated relevant unit tests
• Dependencies have been properly updated
• I agree and adhered to the Contribution Guidelines

📎 Notes for Reviewers

[Include any additional context, architectural decisions, or specific areas to focus on]

[coderabbitai]

Walkthrough

The JWT JSON schema (specs/jwt-schema.json) was refactored into modular definitions. iss now references akash-address. New definitions introduce hierarchical lease access (leases-full, leases-scoped, leases-granular), provider-level lease-permission* variants, and deployment-level permission structures.

Changes

Cohort / File(s)

Summary

JWT Schema Refactoring specs/jwt-schema.json

Replaced inline iss pattern with $ref to akash-address. Added modular definitions: akash-address, action-scope, leases (oneOf: leases-full, leases-scoped, leases-granular), lease-permission (oneOf: full/scoped/granular), lease-permission-deployment, and related arrays/constraints. Moved inline validations to referenced definitions and introduced deployment/service-level constraints and dependencies.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• fix: syncs json-schema with go jwt implementation #108: Modifies specs/jwt-schema.json around leases/access and scoped access semantics.
• refactor: compiles json-schema validator and optimized cjs build #92: Adjusts JWT schema constraints related to leases/deployments/services (e.g., uniqueness constraints).

Suggested reviewers

• baktun14

Poem

🐰 A little rabbit hops through lines of spec,
I swap patterns for refs with a tiny pep.
Leases split, permissions bloom like spring,
Scoped, full, granular—each a tidy thing.
Hop, skip, schema sings; the tokens now can sing 🎶

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: refactoring from allOf+if patterns to oneOf structures in the JSON schema.
Description check	✅ Passed	The description covers the purpose, rationale, validation equivalence, and follows the template with refactoring purpose selected and checklist mostly completed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor/provide-jwt-json-schema

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @specs/jwt-schema.json:
- Around line 134-141: The "permissions" array in the JWT schema documents "The
provider address must be unique across all permissions entries," but JSON Schema
(draft-07) cannot enforce uniqueness of a specific property across array items;
update the "permissions" description to state this is a semantic/runtime
constraint (e.g., "Uniqueness of provider address across entries is validated at
runtime") or, if runtime validation already exists, retain the note that
uniqueness is enforced outside the schema; reference the "permissions" property
and the "lease-permission" definition when making the clarification.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fcdaf54 and 4e52bff.

📒 Files selected for processing (1)

• specs/jwt-schema.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: test
• GitHub Check: coverage
• GitHub Check: go
• GitHub Check: proto

🔇 Additional comments (7)

specs/jwt-schema.json (7)

17-51: Clean refactoring to reference-based definitions.

The extraction of akash-address and leases into reusable definitions improves maintainability and ensures consistency. The description is correctly preserved alongside the $ref.

---

53-56: Address pattern is correct.

The pattern correctly validates bech32 Akash addresses: akash1 prefix (6 chars) followed by 38 lowercase alphanumeric characters, totaling 44 characters as documented.

---

57-75: Well-structured action-scope definition.

The combination of minItems: 1, uniqueItems: true, and enum-constrained items correctly enforces a non-empty set of valid, unique actions.

---

76-90: Clean discriminated union using oneOf.

The oneOf structure with const discriminators on the access field is the idiomatic JSON Schema pattern for discriminated unions. This aligns well with the PR objective and improves tooling support for type generation.

---

144-158: Consistent discriminated union pattern.

The lease-permission definition mirrors the leases structure appropriately, providing a hierarchical permission model with the same full/scoped/granular access levels at the provider scope.

---

159-225: Provider permission variants are well-structured.

Good reuse of the akash-address and action-scope definitions. The additionalProperties: false constraint on all variants ensures strict validation.

---

226-270: Deployment permission structure with proper dependency constraint.

The dependencies keyword correctly enforces that oseq requires gseq to be present. The structure is comprehensive with proper constraints.

Minor verification: dseq has minimum: 1 while gseq and oseq have minimum: 0. If sequence numbers in Akash consistently start from 1 (as deployment sequences appear to), consider aligning gseq and oseq to also have minimum: 1. If 0-based indexing is intentional for group/order sequences, the current schema is correct.

[stalniy]

PR failure will be fixed in #184