feat: add prometheus verification support

[adityachoudhari26]

Summary by CodeRabbit

• New Features

  • Added Prometheus as a selectable metric provider: configure server address, instant or range PromQL queries (step/start/end), timeout, optional TLS verification, custom headers, and authentication (bearer token templates or OAuth2). UI shows Prometheus-specific metric displays and icon in verification views.

• Tests

  • Added comprehensive tests for provider validation, query URL building, auth/header handling, parsing, and end-to-end measurement scenarios.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds Prometheus as a new MetricProvider across API schemas, generated Go models, provider factory, a full Prometheus provider implementation with tests, and web UI components + runtime validation for Prometheus metrics.

Changes

Cohort / File(s)	Summary
OpenAPI & Schema Definitions apps/api/openapi/openapi.json, apps/api/openapi/schemas/verifications.jsonnet, apps/workspace-engine/oapi/openapi.json, apps/workspace-engine/oapi/spec/schemas/verification.jsonnet	Add PrometheusMetricProvider schema, include it in MetricProvider.oneOf, and add discriminator mapping "prometheus".
TypeScript server types apps/api/src/types/openapi.ts	Declare PrometheusMetricProvider in components.schemas and include it in the MetricProvider union.
Generated Go OAPI models apps/workspace-engine/pkg/oapi/oapi.gen.go	Generate PrometheusMetricProvider types and constant; add helpers AsPrometheusMetricProvider, FromPrometheusMetricProvider, MergePrometheusMetricProvider, and update discriminator routing.
Provider factory wiring apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/metric.go	Add "prometheus" case to create and return a Prometheus provider from OAPI config.
Prometheus provider implementation (Go) apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/provider/prometheus/prometheus.go	New PrometheusProvider type with constructors and Measure method: templating, instant/range query URL building, auth (bearer/oauth2), headers, TLS/insecure option, timeout handling, HTTP execution, response parsing (vector/matrix/scalar), normalization, and helpers.
Prometheus provider tests (Go) apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/provider/prometheus/prometheus_test.go	Comprehensive unit and E2E tests covering construction, URL building, duration parsing, headers/auth, HTTP client, parsing, templating, and httptest scenarios.
Web UI components & runtime types apps/web/app/routes/ws/deployments/_components/release-targets/Verifications.tsx, .../prometheus/Prometheus.tsx, .../prometheus/PrometheusIcon.tsx, .../prometheus/prometheus-metric.ts	Add Prometheus UI: PrometheusVerificationDisplay component and icon, runtime zod schemas and parsers for Prometheus provider and measurement, and conditional rendering in Verifications.

Sequence Diagram

sequenceDiagram
    participant Client as Client
    participant Factory as ProviderFactory
    participant Prov as PrometheusProvider
    participant Server as PrometheusServer
    participant Ctx as ProviderContext

    Client->>Factory: CreateProvider(config)
    Factory->>Prov: NewFromOAPI(config.prometheus)
    Client->>Prov: Measure(ctx, providerCtx)
    Prov->>Ctx: Resolve templates (query, headers, auth)
    Ctx-->>Prov: Resolved values
    Prov->>Server: HTTP GET (instant or range) with params & headers
    Server-->>Prov: JSON response (vector/matrix/scalar)
    Prov->>Prov: Parse & normalize response
    Prov-->>Client: (timestamp, metrics map, error)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• jsbroks

Poem

🐇 I hop through queries, headers, and time,
I shape PromQL lines into each request,
I carry tokens, parse results, and rhyme,
From start to step, I fetch and do my best,
A tiny rabbit cheers: metrics now blessed.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add prometheus verification support' directly and clearly summarizes the main change: adding Prometheus as a new verification provider across the codebase.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch prometheus-verifications

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

apps/web/app/routes/ws/deployments/_components/release-targets/prometheus/prometheus-metric.ts (1)

51-57: Consider using TypeScript type predicates for better type narrowing.

Returning data is PrometheusMeasurementData (and similarly for the provider guard) lets callers benefit from automatic type narrowing after the check, avoiding a separate parse call.

Suggested change

-export function isPrometheusMeasurement(data: unknown): boolean {
+export function isPrometheusMeasurement(data: unknown): data is PrometheusMeasurementData {
   return prometheusMeasurementData.safeParse(data).success;
 }
 
-export function isPrometheusProvider(provider: unknown): boolean {
+export function isPrometheusProvider(provider: unknown): provider is PrometheusProviderConfig {
   return prometheusProviderConfig.safeParse(provider).success;
 }

apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/provider/prometheus/prometheus.go (2)

300-315: Consider setting MinVersion on the TLS config even when InsecureSkipVerify is true.

InsecureSkipVerify disables certificate validation, but MinVersion protects against protocol downgrade attacks — they're orthogonal concerns. Even in "insecure" mode, enforcing a minimum TLS version is cheap defense-in-depth.

♻️ Suggested fix

 	if config.Insecure != nil && *config.Insecure {
 		client.Transport = &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, //nolint:gosec
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true, //nolint:gosec
+				MinVersion:         tls.VersionTLS12,
+			},
 		}
 	}

---

176-219: Range query URL construction looks correct now — one edge case to consider.

The previous issues (empty end block, silent error swallowing) are properly addressed. Both Start and End overrides now parse and return errors correctly.

One subtlety: if a user provides Start: "1m" and End: "5m", start resolves to now - 1m and end to now - 5m, yielding start > end. Prometheus would reject this, but the error from Prometheus may be opaque. A local start.After(end) guard would give a clearer error message. This is a nice-to-have since Prometheus itself will enforce it.

apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/provider/prometheus/prometheus_test.go (1)

671-704: TestBuildResultData_DataContract — good contract test, but consider adding "error" / "errorType" key presence checks for error responses.

This test validates the data contract for success responses. You might also want a similar contract test for error responses to ensure error and errorType keys are always present when status != "success". Low priority since TestBuildResultData_ErrorResponse already checks these values.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jsbroks]

@cursoragent review

[cursor]

Here’s a concise review of “feat: add prometheus verification support”:

• Strong implementation: clean provider wiring, templating for address/query/token, robust parsing for vector/matrix/scalar, and consistent result shape for CEL evaluation. OpenAPI includes PrometheusMetricProvider and UI surfaces appear compatible.

• High‑impact asks:

  • Add unit tests for the Prometheus provider (URL building for instant vs range, invalid step; duration parsing; auth/insecure TLS path; scalar/vector/matrix and error responses; data contract fields and types).
  • Make range window configurable for query_range (e.g., rangeWindow: "5m"), falling back to 10×step if unset.

• Follow‑ups:

  • Expand duration parsing to support at least ‘w’ (and optionally composite durations like “1h30m”); if out of scope, validate clearly.
  • Add light debug logging like the HTTP provider (url/status/duration).
  • In matrix parsing, don’t silently drop timestamp parse errors—propagate/log or set a sentinel.

Code notes:

func buildQueryURL(config *oapi.PrometheusMetricProvider, now time.Time) (string, error) {
  ...
  if config.Step != nil && *config.Step != "" {
    ...
    start := end.Add(-step * 10) // look back 10 steps by default
    ...
    return address + "/api/v1/query_range?" + params.Encode(), nil
  }
  return address + "/api/v1/query?" + params.Encode(), nil
}

func parsePrometheusDuration(s string) (time.Duration, error) {
  ...
  switch unit {
  case 's','m','h','d':
  default:
    return 0, fmt.Errorf("unknown duration unit: %c", unit)
  }
}

for _, pair := range m.Values {
  ts, _ := parseScalarValue(pair[0])
  v, err := parseScalarValue(pair[1])
  if err != nil { continue }
  values = append(values, map[string]any{"timestamp": ts, "value": v})
}

Docs:

• Add docs/integrations/verification-providers/prometheus.mdx with config fields, instant/range examples, and successCondition examples (e.g., result.value < 0.01, checks on result.results).
• Link it from the providers overview and “Next Steps” cards.

If you want, I can add a first pass of the unit tests and the Prometheus docs page in this branch.

 

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In
`@apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/provider/prometheus/prometheus.go`:
- Around line 325-350: The current parsePrometheusDuration function restricts
units to only s/m/h/d and rejects valid Prometheus durations (e.g., ms, us, w);
replace its implementation to delegate parsing to
github.com/prometheus/common/model's model.ParseDuration: update imports to
include that package, call model.ParseDuration on the input string inside
parsePrometheusDuration, convert the returned model.Duration to time.Duration
and return it (handle and wrap parse errors), and remove the manual unit switch
in parsePrometheusDuration so it fully supports Prometheus duration formats.

🧹 Nitpick comments (1)

apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/provider/prometheus/prometheus.go (1)

151-168: Consider explicitly setting MinVersion for clarity and defense-in-depth.

The custom tls.Config at line 161 does not set MinVersion. Go 1.18+ defaults to TLS 1.2+ for clients when MinVersion is unset, so this is not a security vulnerability. However, explicitly pinning MinVersion to tls.VersionTLS12 (or higher) documents the security requirement and reduces reliance on version-dependent defaults.

Suggested change

 	if config.InsecureSkipVerify != nil && *config.InsecureSkipVerify {
 		client.Transport = &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, //nolint:gosec
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true, //nolint:gosec
+				MinVersion:         tls.VersionTLS12,
+			},
 		}
 	}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@apps/workspace-engine/oapi/spec/schemas/verification.jsonnet`:
- Around line 244-329: The Prometheus rangeQuery start/end handling is wrong:
parsePrometheusDuration only accepts simple durations and the code silently
falls back to defaults, and the provided end value is parsed/checked but never
used (always replaced with the now variable). Fix by either implementing proper
expression parsing for "now()" and "now() - duration(X)" in
parsePrometheusDuration (or add a new parsePrometheusTimeExpr helper) so start
and end accept those expressions, or else update the schema/examples to only
show simple durations; additionally ensure the parsed end value is actually
applied instead of always using now (replace the code that assigns end = now
with using the parsed end variable where rangeQuery is built). Reference
parsePrometheusDuration and the rangeQuery start/end handling in the
PrometheusMetricProvider processing logic.

In
`@apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/provider/prometheus/prometheus.go`:
- Around line 171-207: In buildQueryURL, the RangeQuery start/end overrides are
effectively ignored because an invalid start is silently skipped and the
RangeQuery.End branch is empty so the local end variable is never updated; fix
by validating and applying both config.RangeQuery.Start and
config.RangeQuery.End using parsePrometheusDuration (returning an error on
invalid formats instead of swallowing it), set start and end accordingly (e.g.,
override the computed start/end when parsed durations present), and then use
formatTimestamp to set the "start" and "end" params before returning; reference
buildQueryURL, config.RangeQuery.Start, config.RangeQuery.End,
parsePrometheusDuration, start, end, and params.Set to locate the changes.
- Around line 151-169: resolveAuthentication currently templates oauth2 fields
but the codebase never uses oauth2 tokens (only bearer tokens), so oauth2
configs are ignored and cause failures; either implement OAuth2 token retrieval
or fail fast: add a validation in the Prometheus provider constructor (e.g.,
NewPrometheusProvider / NewPrometheusMetricsProvider) to detect
prometheusAuth.Oauth2 != nil and return an error explaining oauth2 is not
supported, or alternatively implement OAuth2 token acquisition and injection
where bearer tokens are used (update resolveAuthentication usage and the
request-auth path to use the retrieved access token). Ensure you reference
prometheusAuth, resolveAuthentication and the provider constructor to locate
where to add the check or integrate token retrieval.

🧹 Nitpick comments (2)

apps/api/src/types/openapi.ts (1)

1262-1268: Align headers shape across metric providers for API consistency.

PrometheusMetricProvider.headers uses an array format { key: string; value: string }[], while HTTPMetricProvider.headers (line ~175 in the source schema) uses an object map { [key: string]: string }. This inconsistency surfaces in all generated SDKs and client libraries, creating confusion for users configuring both provider types.

The array format for Prometheus may support duplicate headers, but this rationale isn't documented. Consider standardizing both providers to the same representation (either both as maps or both as arrays) in apps/api/openapi/schemas/verifications.jsonnet unless duplicate keys are an intentional, documented requirement specific to Prometheus.

apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/provider/prometheus/prometheus.go (1)

57-79: Add Go doc comments for exported symbols.

Line 57 onward includes exported PrometheusProvider and its constructors/methods without doc comments. Please add Go doc comments for the exported type/functions.

✍️ Example doc comment pattern

- type PrometheusProvider struct {
+ // PrometheusProvider implements provider.Provider by querying Prometheus.
+ type PrometheusProvider struct {

As per coding guidelines: Write comments that explain why, document complex logic/algorithms, provide non-obvious context, include TODO/FIXME, and document exported functions/types/methods.

[coderabbitai]

Actionable comments posted: 6

🤖 Fix all issues with AI agents

In
`@apps/web/app/routes/ws/deployments/_components/release-targets/prometheus/prometheus-metric.ts`:
- Around line 12-25: The schema drops range-query time-series; update
prometheusResultEntry to include an optional "values" field that matches
Prometheus range output (an array of [timestamp, value] tuples). Specifically,
in the prometheusResultEntry z.object add values: z.array(z.tuple([z.number(),
z.string()])).optional() (keep existing metric and value fields unchanged) so
prometheusMeasurementData can accept both instant "value" and range "values".
- Around line 3-8: The schema prometheusProviderConfig currently omits backend
fields auth, headers, rangeQuery, and insecure so the UI strips them; update
prometheusProviderConfig to include these fields with appropriate optional types
that mirror the backend model (e.g., an optional auth object/schema, optional
headers as a record/dictionary of strings, optional rangeQuery (string or
structured type per backend), and optional insecure as boolean) so the UI parser
can surface and preserve those values; ensure names match exactly (auth,
headers, rangeQuery, insecure) and types align with the backend provider model
used elsewhere.

In
`@apps/web/app/routes/ws/deployments/_components/release-targets/prometheus/Prometheus.tsx`:
- Around line 14-119: PrometheusVerificationDisplay, ProviderInfo,
MeasurementTrend, and MeasurementRow are plain functions instead of typed React
components; extract each component's props into a named interface (e.g.,
PrometheusVerificationDisplayProps, ProviderInfoProps, MeasurementTrendProps,
MeasurementRowProps) and convert each to the project pattern using React.FC/FC
(e.g., const PrometheusVerificationDisplay:
FC<PrometheusVerificationDisplayProps> = ({ metric }) => { ... }) so all four
components use the FC<Props> typing; keep the same prop names (metric, query,
address, successCondition, measurements, measurement) and return values
unchanged.

In
`@apps/web/app/routes/ws/deployments/_components/release-targets/prometheus/PrometheusIcon.tsx`:
- Around line 1-12: The PrometheusIcon component should use an explicit props
interface and React.FC typing: create an interface (e.g., PrometheusIconProps)
with className?: string, change the declaration of PrometheusIcon to a typed
React functional component (e.g., export const PrometheusIcon:
React.FC<PrometheusIconProps> = ({ className }) => { ... }), and ensure React is
imported if not already; keep the SVG return unchanged.

In
`@apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/provider/prometheus/prometheus.go`:
- Around line 407-422: The code in extractMatrixResults (and similarly in
extractVectorResults) only assigns primary when i == 0, so if the first series
is skipped primary stays nil even though later series have valid values; change
the logic to set primary when the first successfully parsed value is encountered
(e.g., after parseScalarValue succeeds) rather than relying on the loop index,
by checking if primary == nil and then assigning primary = &val; update both
extractMatrixResults and extractVectorResults accordingly so data["value"] is
populated from the first valid parsed value.
- Around line 256-298: fetchOAuth2Token currently uses http.DefaultClient (no
timeout/TLS config); change it to accept a *http.Client (or build one from the
existing Prometheus client config with the configured timeout and TLS
InsecureSkipVerify) so token requests respect timeout and TLS settings, update
the caller setAuthHeader to accept/pass that client through to fetchOAuth2Token,
and ensure the new client is used for the token HTTP request and error handling.

🧹 Nitpick comments (4)

apps/web/app/routes/ws/deployments/_components/release-targets/prometheus/Prometheus.tsx (1)

83-85: Prefer a stable key instead of the array index.

Using measuredAt avoids UI glitches when the list reorders.

Suggested update

-        {measurements.map((m, i) => (
-          <MeasurementRow key={i} measurement={m} />
-        ))}
+        {measurements.map((m) => (
+          <MeasurementRow key={m.measuredAt} measurement={m} />
+        ))}

apps/web/app/routes/ws/deployments/_components/release-targets/prometheus/prometheus-metric.ts (1)

10-10: Prefer exported interfaces for public types.

♻️ Suggested refactor

-export type PrometheusProviderConfig = z.infer<typeof prometheusProviderConfig>;
+export interface PrometheusProviderConfig
+  extends z.infer<typeof prometheusProviderConfig> {}

-export type PrometheusMeasurementData = z.infer<
-  typeof prometheusMeasurementData
->;
+export interface PrometheusMeasurementData
+  extends z.infer<typeof prometheusMeasurementData> {}

As per coding guidelines, "Prefer interfaces for public APIs in TypeScript".

Also applies to: 27-29

apps/workspace-engine/pkg/workspace/releasemanager/verification/metrics/provider/prometheus/prometheus.go (2)

308-312: Static analysis: missing MinVersion on TLS config.

When insecure is enabled, the custom transport lacks MinVersion, defaulting to TLS 1.0 for server connections. Since this path is already opted-in as insecure, the risk is limited, but setting a floor is still good practice.

♻️ Suggested fix

 	if config.Insecure != nil && *config.Insecure {
 		client.Transport = &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, //nolint:gosec
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true,  //nolint:gosec
+				MinVersion:         tls.VersionTLS12,
+			},
 		}
 	}

---

221-234: Custom headers can silently override the Authorization header set by auth config.

setHeaders applies auth first (Line 222), then iterates user-provided headers (Line 230-232). If a user provides an Authorization header, it will overwrite the bearer/OAuth2 token. This might be intentional for flexibility, but it could also be a confusing footgun. Consider at minimum logging a warning if a custom header overwrites Authorization.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Prometheus provider schema drops auth/headers/rangeQuery/insecure fields.

These fields exist in the backend provider model, but are currently stripped by the schema, which means the UI parser can’t surface or preserve them.

🧩 Suggested schema expansion

+const prometheusHeader = z.object({
+  key: z.string(),
+  value: z.string(),
+});
+
+const prometheusOauth2 = z.object({
+  clientId: z.string(),
+  clientSecret: z.string(),
+  tokenUrl: z.string(),
+  scopes: z.array(z.string()).optional(),
+});
+
+const prometheusAuth = z.object({
+  bearerToken: z.string().optional(),
+  oauth2: prometheusOauth2.optional(),
+});
+
+const prometheusRangeQuery = z.object({
+  start: z.string().optional(),
+  end: z.string().optional(),
+  step: z.string(),
+});
+
 export const prometheusProviderConfig = z.object({
   type: z.literal("prometheus"),
   address: z.string(),
   query: z.string(),
   timeout: z.number().optional(),
+  insecure: z.boolean().optional(),
+  headers: z.array(prometheusHeader).optional(),
+  authentication: prometheusAuth.optional(),
+  rangeQuery: prometheusRangeQuery.optional(),
 });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export const prometheusProviderConfig = z.object({
	type: z.literal("prometheus"),
	address: z.string(),
	query: z.string(),
	timeout: z.number().optional(),
	});
	const prometheusHeader = z.object({
	key: z.string(),
	value: z.string(),
	});
	const prometheusOauth2 = z.object({
	clientId: z.string(),
	clientSecret: z.string(),
	tokenUrl: z.string(),
	scopes: z.array(z.string()).optional(),
	});
	const prometheusAuth = z.object({
	bearerToken: z.string().optional(),
	oauth2: prometheusOauth2.optional(),
	});
	const prometheusRangeQuery = z.object({
	start: z.string().optional(),
	end: z.string().optional(),
	step: z.string(),
	});
	export const prometheusProviderConfig = z.object({
	type: z.literal("prometheus"),
	address: z.string(),
	query: z.string(),
	timeout: z.number().optional(),
	insecure: z.boolean().optional(),
	headers: z.array(prometheusHeader).optional(),
	authentication: prometheusAuth.optional(),
	rangeQuery: prometheusRangeQuery.optional(),
	});

🤖 Prompt for AI Agents

In
`@apps/web/app/routes/ws/deployments/_components/release-targets/prometheus/prometheus-metric.ts`
around lines 3 - 8, The schema prometheusProviderConfig currently omits backend
fields auth, headers, rangeQuery, and insecure so the UI strips them; update
prometheusProviderConfig to include these fields with appropriate optional types
that mirror the backend model (e.g., an optional auth object/schema, optional
headers as a record/dictionary of strings, optional rangeQuery (string or
structured type per backend), and optional insecure as boolean) so the UI parser
can surface and preserve those values; ensure names match exactly (auth,
headers, rangeQuery, insecure) and types align with the backend provider model
used elsewhere.

[adityachoudhari26]

we donot want to surface

[coderabbitai]

@adityachoudhari26, understood! I'll note that the UI schema intentionally exposes only a minimal subset of the Prometheus provider configuration.

---

✏️ Learnings added

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 795
File: apps/web/app/routes/ws/deployments/_components/release-targets/prometheus/prometheus-metric.ts:3-8
Timestamp: 2026-02-09T19:53:01.662Z
Learning: In the Prometheus provider UI schema at `apps/web/app/routes/ws/deployments/_components/release-targets/prometheus/prometheus-metric.ts`, the `prometheusProviderConfig` intentionally only includes `type`, `address`, `query`, and `timeout` fields. Backend-only fields like `authentication`, `headers`, `rangeQuery`, and `insecure` are deliberately excluded from the UI surface.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 637
File: packages/events/src/kafka/client.ts:10-16
Timestamp: 2025-08-01T04:41:41.345Z
Learning: User adityachoudhari26 prefers not to add null safety checks for required environment variables when they are guaranteed to be present in their deployment configuration, similar to their preference for simplicity over defensive programming in test code.

---

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 601
File: e2e/tests/api/policies/retry-policy.spec.ts:23-24
Timestamp: 2025-06-24T23:52:50.732Z
Learning: The user adityachoudhari26 prefers not to add null safety checks or defensive programming in test code, particularly in e2e tests, as they prioritize simplicity and focus on the main functionality being tested rather than comprehensive error handling within the test itself.