refactor: replaces allOf+if with clean oneOf structures

[stalniy]

📝 Description

Using oneOf instead of allOf + if makes it easier to see discriminated union in payload shape. Additionally, it improves tooling support, for example json-schema-to-typescript can generate correct types from oneOf schema and we don't need to write it manually.

In terms of validation, it supports the same rules as the previous one. However error messages will be different.

🔧 Purpose of the Change

• New feature implementation
• Bug fix
• Documentation update
• Code refactoring
• Dependency upgrade
• Other: [specify]

📌 Related Issues

• Closes #ISSUE_NUMBER
• References #ISSUE_NUMBER

✅ Checklist

• I've updated relevant documentation
• Code follows Akash Network's style guide
• I've added/updated relevant unit tests
• Dependencies have been properly updated
• I agree and adhered to the Contribution Guidelines

📎 Notes for Reviewers

[Include any additional context, architectural decisions, or specific areas to focus on]

[coderabbitai]

Walkthrough

The JWT JSON schema (specs/jwt-schema.json) was refactored into modular definitions. iss now references akash-address. New definitions introduce hierarchical lease access (leases-full, leases-scoped, leases-granular), provider-level lease-permission* variants, and deployment-level permission structures.

Changes

Cohort / File(s)

Summary

JWT Schema Refactoring specs/jwt-schema.json

Replaced inline iss pattern with $ref to akash-address. Added modular definitions: akash-address, action-scope, leases (oneOf: leases-full, leases-scoped, leases-granular), lease-permission (oneOf: full/scoped/granular), lease-permission-deployment, and related arrays/constraints. Moved inline validations to referenced definitions and introduced deployment/service-level constraints and dependencies.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• fix: syncs json-schema with go jwt implementation #108: Modifies specs/jwt-schema.json around leases/access and scoped access semantics.
• refactor: compiles json-schema validator and optimized cjs build #92: Adjusts JWT schema constraints related to leases/deployments/services (e.g., uniqueness constraints).

Suggested reviewers

• baktun14

Poem

🐰 I nibble patterns, plant a ref instead,
I stitch up leases where the lines were spread.
Full, scoped, granular—each petal in a row,
Provider, deployment—permissions grow.
Hop! The schema hums; the tokens softly glow.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main refactoring: replacing allOf+if patterns with oneOf structures in the JWT schema, which is the core change reflected in the raw summary.
Description check	✅ Passed	The description covers the key aspects: explains the rationale for the change (improved readability and tooling support), indicates it's a refactoring, marks the appropriate checklist items, though specific issue numbers and reviewer notes are incomplete.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor/provide-jwt-json-schema

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @specs/jwt-schema.json:
- Around line 134-141: The "permissions" array in the JWT schema documents "The
provider address must be unique across all permissions entries," but JSON Schema
(draft-07) cannot enforce uniqueness of a specific property across array items;
update the "permissions" description to state this is a semantic/runtime
constraint (e.g., "Uniqueness of provider address across entries is validated at
runtime") or, if runtime validation already exists, retain the note that
uniqueness is enforced outside the schema; reference the "permissions" property
and the "lease-permission" definition when making the clarification.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fcdaf54 and 4e52bff.

📒 Files selected for processing (1)

• specs/jwt-schema.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: test
• GitHub Check: coverage
• GitHub Check: go
• GitHub Check: proto

🔇 Additional comments (7)

specs/jwt-schema.json (7)

17-51: Clean refactoring to reference-based definitions.

The extraction of akash-address and leases into reusable definitions improves maintainability and ensures consistency. The description is correctly preserved alongside the $ref.

---

53-56: Address pattern is correct.

The pattern correctly validates bech32 Akash addresses: akash1 prefix (6 chars) followed by 38 lowercase alphanumeric characters, totaling 44 characters as documented.

---

57-75: Well-structured action-scope definition.

The combination of minItems: 1, uniqueItems: true, and enum-constrained items correctly enforces a non-empty set of valid, unique actions.

---

76-90: Clean discriminated union using oneOf.

The oneOf structure with const discriminators on the access field is the idiomatic JSON Schema pattern for discriminated unions. This aligns well with the PR objective and improves tooling support for type generation.

---

144-158: Consistent discriminated union pattern.

The lease-permission definition mirrors the leases structure appropriately, providing a hierarchical permission model with the same full/scoped/granular access levels at the provider scope.

---

159-225: Provider permission variants are well-structured.

Good reuse of the akash-address and action-scope definitions. The additionalProperties: false constraint on all variants ensures strict validation.

---

226-270: Deployment permission structure with proper dependency constraint.

The dependencies keyword correctly enforces that oseq requires gseq to be present. The structure is comprehensive with proper constraints.

Minor verification: dseq has minimum: 1 while gseq and oseq have minimum: 0. If sequence numbers in Akash consistently start from 1 (as deployment sequences appear to), consider aligning gseq and oseq to also have minimum: 1. If 0-based indexing is intentional for group/order sequences, the current schema is correct.

[stalniy]

PR failure will be fixed in #184

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@specs/jwt-schema.json`:
- Around line 17-19: The schema uses "$ref" with sibling "description" (e.g.,
the "iss" property and other occurrences) which draft-07 ignores; fix each by
replacing the direct "$ref" sibling pattern with an allOf array containing the
$ref and moving the description (and any other metadata like title/examples) as
siblings on the parent object—for example, change the "iss" property to an
object with "allOf": [ { "$ref": "#/definitions/akash-address" } ] and keep
"description" alongside "allOf"; apply this same transformation for all listed
properties so validators process both the referenced schema and the descriptive
metadata.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

JSON Schema draft-07 $ref sibling keywords behavior specification

💡 Result:

In JSON Schema draft-07, if a schema object contains $ref, it is treated purely as a reference, and all sibling keywords are ignored during evaluation/validation:

• “An object schema with a $ref property MUST be interpreted as a $ref reference… All other properties in a $ref object MUST be ignored.” [1][2]

Implication: this draft-07 schema ignores type, properties, required, etc. because they are siblings of $ref:

{
  "$ref": "#/definitions/Foo",
  "type": "object",
  "required": ["a"]
}

Workaround (draft-07): combine constraints by moving $ref into an applicator such as allOf:

{
  "allOf": [
    { "$ref": "#/definitions/Foo" },
    { "type": "object", "required": ["a"] }
  ]
}

Spec references: JSON Schema Core draft-07, “Schema References With $ref” (section 8.3). [1][2]

Sources: [1] JSON Schema draft-07 core spec (json-schema.org) (json-schema.org), [2] IETF draft-handrews-json-schema-01 (datatracker) (datatracker.ietf.org)

Citations:

• 1: https://json-schema.org/draft-07/json-schema-core?utm_source=openai
• 2: https://datatracker.ietf.org/doc/html/draft-handrews-json-schema-01?utm_source=openai

---

Fix JSON Schema draft-07 $ref sibling keywords that will be ignored.

In JSON Schema draft-07, the specification explicitly requires that when a schema object contains $ref, all sibling keywords are completely ignored during validation. The description fields on lines 19, 116-119, 167-169, 186-189, 194-197, 209-212, and 240-243 will not be processed by spec-compliant validators.

To preserve both the reference and the description, wrap the $ref in an allOf:

Wrap $ref with description in allOf

         "iss": {
-            "$ref": "#/definitions/akash-address",
-            "description": "Akash address of the lease(s) owner, e.g., akash1abcd... (44 characters)"
+            "allOf": [{ "$ref": "#/definitions/akash-address" }],
+            "description": "Akash address of the lease(s) owner, e.g., akash1abcd... (44 characters)"
         },

Apply the same pattern to all other occurrences listed above.

🤖 Prompt for AI Agents

In `@specs/jwt-schema.json` around lines 17 - 19, The schema uses "$ref" with
sibling "description" (e.g., the "iss" property and other occurrences) which
draft-07 ignores; fix each by replacing the direct "$ref" sibling pattern with
an allOf array containing the $ref and moving the description (and any other
metadata like title/examples) as siblings on the parent object—for example,
change the "iss" property to an object with "allOf": [ { "$ref":
"#/definitions/akash-address" } ] and keep "description" alongside "allOf";
apply this same transformation for all listed properties so validators process
both the referenced schema and the descriptive metadata.