feat: prevent error when passed invalid uuid

[wilsonrivera]

Summary by CodeRabbit

• Bug Fixes
  • Search now uses exact ID matching when a UUID is entered and substring name matching otherwise, improving accuracy.
  • Consistent behavior applied across list and available-item searches.
  • Label-based filtering improved for group and label matching, reducing false positives from special characters and mismatched groups.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Checklist

• I have discussed my proposed changes in an issue and have received approval to proceed.
• I have followed the coding standards of the project.
• Tests or benchmarks have been added or updated.
• Documentation has been updated on https://github.com/wundergraph/cosmo-docs.
• I have read the Contributors Guide.

[coderabbitai]

Walkthrough

Query and label-matching logic in repository code was refactored: UUID validation (isValidUuid) now selects exact id equality vs. LIKE name searches, and raw SQL array containment checks were replaced with drizzle-orm arrayContains / arrayOverlaps operators. Some drizzle imports were adjusted.

Changes

Cohort / File(s)	Summary
Subgraph & Feature UUID-aware filtering controlplane/src/core/repositories/SubgraphRepository.ts, controlplane/src/core/repositories/FeatureFlagRepository.ts	Replaced OR-style search that mixed id/name checks with conditional logic: when query is a valid UUID use eq(subgraphs.id, query) (or equivalent), otherwise use like(...) against name/targets. Added isValidUuid import and removed unused drizzle utility import.
Label matching → arrayContains / arrayOverlaps controlplane/src/core/repositories/SubgraphRepository.ts, controlplane/src/core/repositories/FeatureFlagRepository.ts, controlplane/src/core/repositories/FederatedGraphRepository.ts	Replaced raw SQL label containment fragments with drizzle-orm arrayContains(...) and arrayOverlaps(...) calls (used per-group where appropriate) for label and labelMatcher matching; adjusted how grouped/joined labels are applied in queries.
Import adjustments controlplane/src/core/repositories/SubgraphRepository.ts, controlplane/src/core/repositories/FederatedGraphRepository.ts, controlplane/src/core/repositories/FeatureFlagRepository.ts	Added arrayContains / arrayOverlaps and isValidUuid imports from their respective libs and removed unused imports from drizzle-orm where applicable.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Verify the three separate query sites in SubgraphRepository.ts apply the UUID-vs-LIKE branching consistently.
• Confirm arrayContains / arrayOverlaps semantics match the previous raw SQL behavior (ordering, duplicates, NULL handling).
• Check LIKE pattern construction/escaping to avoid unintended matches or injection.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly aligns with the main change: adding UUID validation to prevent errors when invalid UUIDs are passed, which is demonstrated across all three modified repository files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c0d742e and 5836ce9.

📒 Files selected for processing (3)

• controlplane/src/core/repositories/FeatureFlagRepository.ts (3 hunks)
• controlplane/src/core/repositories/FederatedGraphRepository.ts (2 hunks)
• controlplane/src/core/repositories/SubgraphRepository.ts (4 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• controlplane/src/core/repositories/SubgraphRepository.ts
• controlplane/src/core/repositories/FederatedGraphRepository.ts
• controlplane/src/core/repositories/FeatureFlagRepository.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Analyze (go)
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: build_test
• GitHub Check: build_push_image

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[StarpTech]

LGTM

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b78d0d6 and 4f38d2a.

📒 Files selected for processing (2)

• controlplane/src/core/repositories/FeatureFlagRepository.ts (2 hunks)
• controlplane/src/core/repositories/SubgraphRepository.ts (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• controlplane/src/core/repositories/FeatureFlagRepository.ts

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-08-29T10:28:04.846Z

Learnt from: JivusAyrus
Repo: wundergraph/cosmo PR: 2156
File: controlplane/src/core/repositories/SubgraphRepository.ts:1749-1751
Timestamp: 2025-08-29T10:28:04.846Z
Learning: In the controlplane codebase, authentication and authorization checks (including organization scoping) are handled at the service layer in files like unlinkSubgraph.ts before calling repository methods. Repository methods like unlinkSubgraph() in SubgraphRepository.ts can focus purely on data operations without redundant security checks.

Applied to files:

• controlplane/src/core/repositories/SubgraphRepository.ts

📚 Learning: 2025-09-08T20:57:07.946Z

Learnt from: JivusAyrus
Repo: wundergraph/cosmo PR: 2156
File: controlplane/src/core/repositories/SubgraphRepository.ts:1746-1763
Timestamp: 2025-09-08T20:57:07.946Z
Learning: The checkSubgraphSchema.ts file already correctly implements linked subgraph functionality, using byName(linkedSubgraph.name, linkedSubgraph.namespace) to fetch target subgraphs and properly handles parse(newSchemaSDL) for schema building. The implementation doesn't need fixes for byId usage or schema parsing as it's already correct.

Applied to files:

• controlplane/src/core/repositories/SubgraphRepository.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: build_test
• GitHub Check: build_push_image
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Analyze (go)

🔇 Additional comments (1)

controlplane/src/core/repositories/SubgraphRepository.ts (1)

12-14: UUID validation import looks appropriate

Importing validate as isValidUuid from uuid and extending the drizzle-orm import list is consistent with how it’s used later; no issues from a repository-layer perspective.