quelch 0.9.2

Ingest data from Jira, Confluence, and more directly into Azure AI Search
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212

/// Config validation rules for Quelch v2.
///
/// Three invariants are checked:
/// 1. Every source referenced in a deployment exists in `sources`.
/// 2. Every `(source, subsource)` pair appears in at most one ingest deployment.
/// 3. Every name in any `expose:` list is defined in `mcp.data_sources` (explicit
///    or auto-derived via [`super::data_sources::resolve`]).
use super::{Config, ConfigError, DeploymentRole, SourceConfig, data_sources};
use std::collections::{HashMap, HashSet};

/// Run all validation rules against `config`.
pub fn run(config: &Config) -> Result<(), ConfigError> {
    validate_sources_referenced(config)?;
    validate_disjoint_subsources(config)?;
    validate_expose_resolves(config)?;
    Ok(())
}

/// Every source name referenced in a deployment must be defined in `sources`.
fn validate_sources_referenced(config: &Config) -> Result<(), ConfigError> {
    let defined: HashSet<&str> = config.sources.iter().map(|s| s.name()).collect();

    for deployment in &config.deployments {
        let Some(ref sources) = deployment.sources else {
            continue;
        };
        for ds in sources {
            if !defined.contains(ds.source.as_str()) {
                return Err(ConfigError::Validation(format!(
                    "deployment '{}' references source '{}' which is not defined in sources",
                    deployment.name, ds.source
                )));
            }
        }
    }
    Ok(())
}

/// Each `(source, subsource)` pair must appear in at most one ingest deployment.
///
/// A `DeploymentSource` without an explicit `projects`/`spaces` list means "all
/// subsources" of that source.  For the disjoint check we treat "all subsources"
/// as a special sentinel: if one deployment claims all subsources of a source and
/// another deployment also references that source (with or without a subset), that
/// is an overlap.
fn validate_disjoint_subsources(config: &Config) -> Result<(), ConfigError> {
    // Map from source name → list of (deployment_name, subsource_key)
    // where subsource_key is either a specific project/space or "ALL".
    let mut claimed: HashMap<&str, Vec<(&str, String)>> = HashMap::new();

    for deployment in &config.deployments {
        if !matches!(deployment.role, DeploymentRole::Ingest) {
            continue;
        }
        let Some(ref sources) = deployment.sources else {
            continue;
        };
        for ds in sources {
            let source_name = ds.source.as_str();
            let source_def = config.sources.iter().find(|s| s.name() == source_name);

            // Collect explicit subsource keys, or "ALL" if none specified.
            let subsources: Vec<String> = match (ds.projects.as_ref(), ds.spaces.as_ref()) {
                (Some(projects), _) if !projects.is_empty() => projects.clone(),
                (_, Some(spaces)) if !spaces.is_empty() => spaces.clone(),
                _ => {
                    // No explicit subset — derive from source definition or use sentinel.
                    match source_def {
                        Some(SourceConfig::Jira(j)) if !j.projects.is_empty() => j.projects.clone(),
                        Some(SourceConfig::Confluence(c)) if !c.spaces.is_empty() => {
                            c.spaces.clone()
                        }
                        _ => vec!["ALL".to_string()],
                    }
                }
            };

            let entry = claimed.entry(source_name).or_default();
            for sub in subsources {
                // Check if this subsource is already claimed.
                for (prev_dep, prev_sub) in entry.iter() {
                    let overlap = prev_sub == "ALL" || sub == "ALL" || prev_sub == &sub;
                    if overlap {
                        return Err(ConfigError::Validation(format!(
                            "subsource '{}' of source '{}' appears in both deployment '{}' \
                             and deployment '{}' — each (source, subsource) pair must appear \
                             in at most one ingest deployment",
                            sub, source_name, prev_dep, deployment.name
                        )));
                    }
                }
                entry.push((deployment.name.as_str(), sub));
            }
        }
    }
    Ok(())
}

/// Every name in any `expose:` list must be resolvable — either explicitly
/// defined in `mcp.data_sources` or auto-derivable from the configured sources.
fn validate_expose_resolves(config: &Config) -> Result<(), ConfigError> {
    // Compute the full resolved set once (explicit overrides OR auto-derived).
    let resolved = data_sources::resolve(config);

    for deployment in &config.deployments {
        let Some(ref expose) = deployment.expose else {
            continue;
        };
        for name in expose {
            if !resolved.contains_key(name) {
                return Err(ConfigError::Validation(format!(
                    "deployment '{}' exposes '{}' which is not defined in mcp.data_sources \
                     and cannot be auto-derived from the configured sources",
                    deployment.name, name
                )));
            }
        }
    }
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::config::Config;

    #[test]
    fn rejects_overlapping_subsources() {
        let yaml = include_str!("../../tests/fixtures/config_overlapping.yaml");
        let cfg: Config = serde_yaml::from_str(yaml).unwrap();
        let err = run(&cfg).unwrap_err();
        let msg = err.to_string();
        assert!(msg.contains("DO"), "expected 'DO' in error: {msg}");
        assert!(
            msg.contains("appears in"),
            "expected 'appears in' in error: {msg}"
        );
    }

    #[test]
    fn rejects_undefined_expose() {
        let yaml = include_str!("../../tests/fixtures/config_undefined_expose.yaml");
        let cfg: Config = serde_yaml::from_str(yaml).unwrap();
        let err = run(&cfg).unwrap_err();
        let msg = err.to_string();
        assert!(
            msg.contains("no_such_source"),
            "expected 'no_such_source' in error: {msg}"
        );
    }

    #[test]
    fn rejects_undefined_source_in_deployment() {
        let yaml = include_str!("../../tests/fixtures/config_undefined_source.yaml");
        let cfg: Config = serde_yaml::from_str(yaml).unwrap();
        let err = run(&cfg).unwrap_err();
        let msg = err.to_string();
        assert!(
            msg.contains("ghost-source"),
            "expected 'ghost-source' in error: {msg}"
        );
    }

    #[test]
    fn accepts_valid_config() {
        let yaml = include_str!("../../tests/fixtures/quelch.minimal.yaml");
        let cfg: Config = serde_yaml::from_str(yaml).unwrap();
        run(&cfg).expect("valid config should pass validation");
    }

    /// Regression test: a config with `expose: [jira_issues]` and no explicit
    /// `mcp.data_sources` must pass validation (relies on auto-derivation).
    #[test]
    fn accepts_expose_with_auto_derived_data_sources() {
        let yaml = r#"
azure:
  subscription_id: "sub-test"
  resource_group: "rg-test"
  region: "swedencentral"
cosmos:
  database: "quelch"
openai:
  endpoint: "https://test.openai.azure.com"
  embedding_deployment: "text-embedding-3-large"
  embedding_dimensions: 3072
sources:
  - type: jira
    name: jira-cloud
    url: "https://cloud.atlassian.net"
    auth:
      email: "u@example.com"
      api_token: "tok"
    projects: ["DO"]
deployments:
  - name: ingest
    role: ingest
    target: azure
    sources:
      - source: jira-cloud
  - name: mcp
    role: mcp
    target: azure
    expose:
      - jira_issues
    auth:
      mode: "api_key"
# No mcp.data_sources — relies on auto-derivation.
"#;
        let cfg: Config = serde_yaml::from_str(yaml).unwrap();
        run(&cfg).expect("expose with auto-derived data sources should pass validation");
    }
}