[improvement][Pt.01] Reduce circular dependencies between features

[JayaShakthi97]

Purpose

This pull request refactors how service resource endpoints are managed and injected throughout the authentication and app initialization flows. Instead of relying on the core config to include all resource endpoints (including actions and connections), these are now dynamically merged and passed where needed. This decouples certain admin modules from the core, simplifies dependency management, and makes the system more modular.

The most important changes are:

Endpoint Management Refactor:

• Removed @wso2is/admin.actions.v1 and @wso2is/admin.connections.v1 as hard dependencies from the core package, and instead import their endpoint configs only in the app layers where needed. (features/admin.core.v1/package.json, pnpm-lock.yaml, features/admin.core.v1/configs/app.ts, apps/console/src/app.tsx, apps/console/src/protected-app.tsx) [1] [2] [3] [4] [5] [6] [7] [8]

• The core Config.getServiceResourceEndpoints() no longer includes actions and connections endpoints. These are now merged at the app level and passed explicitly where needed. (features/admin.core.v1/configs/app.ts, apps/console/src/app.tsx, apps/console/src/protected-app.tsx) [1] [2] [3] [4]

Authentication Flow Update:

• Updated the sign-in flow to accept and propagate a resourceEndpoints parameter, ensuring the correct set of endpoints is used after login, organization switch, or tenant change. (features/admin.authentication.v1/hooks/use-sign-in.ts, apps/console/src/protected-app.tsx) [1] [2] [3] [4] [5] [6] [7]

Type and Interface Adjustments:

• Modified ServiceResourceEndpointsInterface to remove direct dependencies on actions and connections endpoint interfaces, and instead add the relevant endpoint keys as plain strings. (features/admin.core.v1/models/config.ts) [1] [2] [3] [4] [5]

Default/Placeholder Endpoints:

• Added placeholder string properties for various endpoints (actions, authenticators, etc.) in the core config to maintain type compatibility and avoid runtime errors when certain modules are not present. (features/admin.core.v1/configs/app.ts, features/admin.core.v1/models/config.ts) [1] [2]

These changes make the codebase more modular and maintainable by reducing tight coupling between the core and feature modules, and by ensuring that endpoint configuration is managed in a flexible, context-aware manner.

Before

Now

Related Issues

• N/A

Related PRs

• N/A

Checklist

• e2e cypress tests locally verified. (for internal contributers)
• Manual test round performed and verified.
• UX/UI review done on the final implementation.
• Documentation provided. (Add links if there are any)
• Relevant backend changes deployed and verified
• Unit tests provided. (Add links if there are any)
• Integration tests provided. (Add links if there are any)

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines
• Ran FindSecurityBugs plugin and verified report
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets

Developer Checklist (Mandatory)

• Complete the Developer Checklist in the related product-is issue to track any behavioral change or migration impact.

Summary by CodeRabbit

• Refactor

  • Consolidated and merged service/resource endpoints from multiple sources for more flexible endpoint configuration during sign-in and app initialization.
  • Updated the service endpoints structure to expose additional endpoint keys and simplify endpoint composition.

• Chores

  • Removed now-unused package dependencies to reduce bundle surface and potential circular dependency issues.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

App-level initialization now fetches and merges action and connection resource endpoints and passes the combined endpoints into the sign-in flow via a new optional parameter; core package no longer imports action/connection endpoint modules and service endpoint typing was adjusted.

Changes

Cohort / File(s)	Summary
App entry & protected wrapper apps/console/src/app.tsx, apps/console/src/protected-app.tsx	Added fetching of action and connection resource endpoints, merged them with service endpoints, and pass the merged serviceResourceEndpoints into the sign-in callback.
Sign-in hook features/admin.authentication.v1/hooks/use-sign-in.ts	onSignIn signature extended with optional resourceEndpoints?: Record<string, any>; internal sign-in flow now consumes the supplied endpoints instead of reading from global config.
Core config composition features/admin.core.v1/configs/app.ts	Removed direct imports of action/connection endpoint getters; replaced action endpoint inclusion with application template endpoints and added placeholder top-level endpoint keys.
Service endpoints typings features/admin.core.v1/models/config.ts	Removed ActionsResourceEndpointsInterface and ConnectionResourceEndpointsInterface from ServiceResourceEndpointsInterface and added several new string properties (e.g., actions, authenticators, authenticatorTags, customAuthenticators, extensions, fidoConfigs, identityProviders, localAuthenticators, multiFactorAuthenticators).
Dependency cleanup features/admin.core.v1/package.json	Removed dependencies: @wso2is/admin.actions.v1, @wso2is/admin.connections.v1.
Meta / release .changeset/neat-lobsters-sneeze.md	Adds changeset documenting package bumps and intent to reduce circular dependencies among core/actions/connections packages.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant App as App (initialization)
participant Protected as ProtectedApp
participant SignInHook as useSignIn
participant Store as Redux Store / Config

App->>App: fetch service endpoints (core)
App->>App: fetch actions endpoints
App->>App: fetch connections endpoints
App->>Protected: provide merged serviceResourceEndpoints
Protected->>SignInHook: call onSignIn(..., serviceResourceEndpoints)
SignInHook->>Store: dispatch setServiceResourceEndpoints(using provided endpoints)
SignInHook->>Store: continue sign-in flow (tokens, user, features)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I fetched the endpoints, hopped them through,

Merged the paths, and shared them too.
Sign-in now carries the load with ease,
No circular tangles, just gentle breeze.
Hooray — endpoints safe in one warm burrow! 🥕

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (9 files): ⚔️ apps/console/src/app.tsx (content) ⚔️ apps/console/src/protected-app.tsx (content) ⚔️ features/admin.authentication.v1/hooks/use-sign-in.ts (content) ⚔️ features/admin.core.v1/configs/app.ts (content) ⚔️ features/admin.core.v1/models/config.ts (content) ⚔️ features/admin.core.v1/package.json (content) ⚔️ modules/i18n/src/models/namespaces/governance-connectors-ns.ts (content) ⚔️ modules/i18n/src/translations/en-US/portals/governance-connectors.ts (content) ⚔️ pnpm-lock.yaml (content) These conflicts must be resolved before merging into master.	Resolve conflicts locally and push changes to this branch.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: reducing circular dependencies between features, which aligns perfectly with the refactoring efforts documented throughout the PR.
Description check	✅ Passed	The description is comprehensive and well-structured, covering purpose, technical details, before/after diagrams, and all template sections, though most checklist items remain unchecked.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

features/admin.authentication.v1/hooks/use-sign-in.ts (1)

89-95: Consider using a stronger type for resourceEndpoints.

Record<string, any> is very permissive. Since ServiceResourceEndpointsInterface is already used elsewhere in the codebase (and imported in both app.tsx and protected-app.tsx), using it here would provide compile-time safety and eliminate the as any casts at Lines 366/369/385/388.

Proposed type improvement

     onSignIn: (
         response: BasicUserInfo,
         onTenantResolve: (tenantDomain: string) => void,
         onSignInSuccessRedirect: (idToken: DecodedIDTokenPayload) => void,
         onAppReady: () => void,
-        resourceEndpoints?: Record<string, any>
+        resourceEndpoints?: ServiceResourceEndpointsInterface
     ) => Promise<void>;

And similarly for the internal functions at Lines 219-220 and 246-247.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@features/admin.authentication.v1/hooks/use-sign-in.ts` around lines 89 - 95,
The onSignIn callback currently types resourceEndpoints as Record<string, any>;
change it to use the existing ServiceResourceEndpointsInterface (replace
Record<string, any> with ServiceResourceEndpointsInterface on the onSignIn
signature) and update the internal helper function signatures that accept
resourceEndpoints (the internal functions referenced around the onSignIn
implementation) to the same ServiceResourceEndpointsInterface so you can remove
the unsafe "as any" casts at the call sites (the casts near where onSignIn is
invoked/forwarded).

features/admin.core.v1/configs/app.ts (1)

368-379: Empty-string endpoint placeholders are a silent failure risk.

These placeholders (actions: "", authenticatorTags: "", etc.) satisfy the type contract but will produce broken API calls if any code path uses them before the app layer merges the real endpoints. This is acceptable for the decoupling goal, but consider whether a more defensive approach (e.g., logging a warning or throwing on access) would help catch misconfiguration earlier.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@features/admin.core.v1/configs/app.ts` around lines 368 - 379, The config
currently sets endpoint properties like actions, authenticatorTags,
authenticators, customAuthenticators, extensions, fidoConfigs,
identityProviders, localAuthenticators, multiFactorAuthenticators to empty
strings which silently breaks callers; replace these silent placeholders with a
defensive mechanism: add a helper on the same config class (e.g.,
getEndpoint(name: string) or resolveEndpoint(name: string)) that either logs a
clear warning (including the endpoint name and deployment info from
getDeploymentConfig()) or throws when accessed, update each property (actions,
authenticatorTags, authenticators, customAuthenticators, extensions,
fidoConfigs, identityProviders, localAuthenticators, multiFactorAuthenticators)
to call that helper instead of using "" so misconfiguration is detected
immediately, and optionally add an initialization validation method (e.g.,
validateEndpoints or a call in the constructor) that checks required endpoints
and surfaces errors early; keep the existing me value and resolveServerHost
usage as-is.

apps/console/src/app.tsx (1)

206-214: Endpoint merge logic is duplicated across app.tsx and protected-app.tsx.

Both files construct the same merged endpoint object:

const serviceResourceEndpoints: ServiceResourceEndpointsInterface = {
    ...Config.getServiceResourceEndpoints(),
    ...getActionsResourceEndpoints(Config.resolveServerHost()),
    ...getConnectionResourceEndpoints(Config.resolveServerHost())
};

Extract a shared helper function (e.g., getServiceResourceEndpoints() in a config module) to keep this logic in one place and avoid divergence if the set of merged endpoints changes.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/console/src/app.tsx` around lines 206 - 214, Extract the duplicated
endpoint-merge logic into a single helper function named
getServiceResourceEndpoints (or similar) in the shared config module; implement
it to return the merged ServiceResourceEndpointsInterface by combining
Config.getServiceResourceEndpoints(),
getActionsResourceEndpoints(Config.resolveServerHost()), and
getConnectionResourceEndpoints(Config.resolveServerHost()), then replace the
inline merge in both app.tsx and protected-app.tsx with a call to this new
helper and pass its result to dispatch(setServiceResourceEndpoints(...)) and
setResourceEndpoints(...).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@features/admin.authentication.v1/hooks/use-sign-in.ts`:
- Around line 219-220: The default resourceEndpoints from
Config.getServiceResourceEndpoints() returns empty strings for
actions/authenticatorTags/authenticators and some organization pages
(organization-edit.tsx, organization-list.tsx,
organization-switch-breadcrumb.tsx) call onSignIn() with only 4 args relying on
that default; either confirm those pages work without these endpoints or update
their calls to pass the merged endpoints like the console app does: compute
mergedEndpoints = { ...getActionsResourceEndpoints(),
...getConnectionResourceEndpoints(), ...Config.getServiceResourceEndpoints() }
and pass mergedEndpoints into onSignIn(resourceEndpoints) (or adjust
use-sign-in.ts onSignIn() to accept and consume the merged shape), ensuring the
same dispatch/context behavior used at lines where resourceEndpoints is read
(lines ~366,369,385,388) receives the non-empty values.

In `@features/admin.core.v1/configs/app.ts`:
- Around line 347-348: Remove the duplicated spread of
getApplicationTemplatesResourcesEndpoints(this.resolveServerHost()) in the
configuration object: locate the two consecutive spreads of
getApplicationTemplatesResourcesEndpoints(...) and keep only one, so the
resources are not redundantly merged; ensure any intended calls to
getActionsResourceEndpoints or getConnectionResourceEndpoints are restored if
they were meant to be different, and run tests to verify no keys were
accidentally omitted.

In `@features/admin.core.v1/models/config.ts`:
- Around line 745-746: The extends list currently contains a duplicated
SMSTemplateResourceEndpointsInterface entry; locate the type or interface
declaration whose extends/intersection includes
SMSTemplateResourceEndpointsInterface twice and remove the duplicate OR replace
the second occurrence with the correct intended interface name (if another
interface was meant there). Update the extends/intersection to contain unique
members only (e.g., keep a single SMSTemplateResourceEndpointsInterface and add
the correct replacement if needed) and run TypeScript checks to confirm the fix.

---

Nitpick comments:
In `@apps/console/src/app.tsx`:
- Around line 206-214: Extract the duplicated endpoint-merge logic into a single
helper function named getServiceResourceEndpoints (or similar) in the shared
config module; implement it to return the merged
ServiceResourceEndpointsInterface by combining
Config.getServiceResourceEndpoints(),
getActionsResourceEndpoints(Config.resolveServerHost()), and
getConnectionResourceEndpoints(Config.resolveServerHost()), then replace the
inline merge in both app.tsx and protected-app.tsx with a call to this new
helper and pass its result to dispatch(setServiceResourceEndpoints(...)) and
setResourceEndpoints(...).

In `@features/admin.authentication.v1/hooks/use-sign-in.ts`:
- Around line 89-95: The onSignIn callback currently types resourceEndpoints as
Record<string, any>; change it to use the existing
ServiceResourceEndpointsInterface (replace Record<string, any> with
ServiceResourceEndpointsInterface on the onSignIn signature) and update the
internal helper function signatures that accept resourceEndpoints (the internal
functions referenced around the onSignIn implementation) to the same
ServiceResourceEndpointsInterface so you can remove the unsafe "as any" casts at
the call sites (the casts near where onSignIn is invoked/forwarded).

In `@features/admin.core.v1/configs/app.ts`:
- Around line 368-379: The config currently sets endpoint properties like
actions, authenticatorTags, authenticators, customAuthenticators, extensions,
fidoConfigs, identityProviders, localAuthenticators, multiFactorAuthenticators
to empty strings which silently breaks callers; replace these silent
placeholders with a defensive mechanism: add a helper on the same config class
(e.g., getEndpoint(name: string) or resolveEndpoint(name: string)) that either
logs a clear warning (including the endpoint name and deployment info from
getDeploymentConfig()) or throws when accessed, update each property (actions,
authenticatorTags, authenticators, customAuthenticators, extensions,
fidoConfigs, identityProviders, localAuthenticators, multiFactorAuthenticators)
to call that helper instead of using "" so misconfiguration is detected
immediately, and optionally add an initialization validation method (e.g.,
validateEndpoints or a call in the constructor) that checks required endpoints
and surfaces errors early; keep the existing me value and resolveServerHost
usage as-is.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.88%. Comparing base (91f8260) to head (5716901).
⚠️ Report is 4 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #9613   +/-   ##
=======================================
  Coverage   55.88%   55.88%           
=======================================
  Files          42       42           
  Lines        1020     1020           
  Branches      231      254   +23     
=======================================
  Hits          570      570           
  Misses        450      450           

Flag	Coverage Δ
@wso2is/core	55.88% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.