fix: validate filename and improve PQL docs

[StarpTech]

Summary by CodeRabbit

• Documentation

  • Updated manifest configuration guide. The manifest filename is now configurable (defaults to manifest.json). Clarified revision field requirements.

• Improvements

  • Strengthened configuration validation to prevent empty manifest filenames, ensuring proper setup.

Checklist

• I have discussed my proposed changes in an issue and have received approval to proceed.
• I have followed the coding standards of the project.
• Tests or benchmarks have been added or updated.
• Documentation has been updated on https://github.com/wundergraph/docs-website.
• I have read the Contributors Guide.

Open Source AI Manifesto

This project follows the principles of the Open Source AI Manifesto. Please ensure your contribution aligns with its principles.

[coderabbitai]

Walkthrough

The changes introduce configurability for the persisted operations manifest filename through a new manifest.file_name configuration option (defaulting to manifest.json). A schema constraint enforces non-empty filenames. Documentation and tests are updated to reflect this new configuration field and its default value.

Changes

Cohort / File(s)	Summary
Documentation router/internal/persistedoperation/PO_MANIFEST_S3_GUIDE.md	Updated to document that manifest filename is now configurable via manifest.file_name with a default value of manifest.json. Refined revision field description to clarify it "can be" any non-empty string.
Configuration Schema router/pkg/config/config.schema.json	Added minLength: 1 constraint to persisted_operations.manifest.file_name schema to prevent empty string values.
Tests router/pkg/config/config_test.go	Updated TestConfigMerging to include FileName: "manifest.json" in the expected default PersistedOperationsConfig.Manifest assertion.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• feat(pqlmanifest): implement S3 polling support for PQL manifest #2726: Related persisted-operations manifest configuration changes, including similar manifest filename configurability and PO_MANIFEST_S3_GUIDE.md documentation updates.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: validate filename and improve PQL docs' accurately describes the main changes: validation of filename (manifest.file_name minLength constraint in schema) and documentation improvements (PO_MANIFEST_S3_GUIDE.md updates).

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[SkArchon]

lgtm

[github-actions]

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-11aa71fdea29d07d551f484585ad2f22c0242f97

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 63.24%. Comparing base (91e7f46) to head (975f855).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2733      +/-   ##
==========================================
- Coverage   63.35%   63.24%   -0.12%     
==========================================
  Files         249      251       +2     
  Lines       26671    26763      +92     
==========================================
+ Hits        16898    16925      +27     
- Misses       8408     8460      +52     
- Partials     1365     1378      +13     

see 13 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@router/pkg/config/config.schema.json`:
- Around line 206-210: The manifest.file_name schema entry currently allows path
traversal (e.g., "../manifest.json")—update the "file_name" validation in
router/pkg/config/config.schema.json to enforce a basename-only pattern that
forbids segments like "../" or "./", leading slashes, and empty segments while
still allowing normal filenames and optional compression extensions (.gz, .zst);
ensure the pattern is strict enough to block absolute paths and directory
separators but permits names like "manifest.json", "manifest.json.gz", and
"manifest.json.zst" so that router/pkg/config/config.go (and the FILE_NAME env
var) cannot be used to escape the configured prefix.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 30a99244-9a84-4693-a5fc-b2f4484d9b4f

📥 Commits

Reviewing files that changed from the base of the PR and between b5cfa92 and 975f855.

📒 Files selected for processing (3)

• router/internal/persistedoperation/PO_MANIFEST_S3_GUIDE.md
• router/pkg/config/config.schema.json
• router/pkg/config/config_test.go