feat: add SHOW ACCESS ON NANOFLOW and DESCRIBE MERMAID for nanoflows#9
feat: add SHOW ACCESS ON NANOFLOW and DESCRIBE MERMAID for nanoflows#9retran wants to merge 3 commits intopr5-nanoflows-call-grantfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR expands the CLI’s nanoflow feature set to match existing microflow/page capabilities by adding nanoflow security inspection and Mermaid visualization, and refactors Mermaid rendering to share flowchart generation logic.
Changes:
- Added grammar + AST + visitor + executor support for
SHOW ACCESS ON NANOFLOW Module.Name. - Added
DESCRIBE MERMAID NANOFLOW Module.Namewith a newnanoflowToMermaidexecutor path. - Refactored microflow Mermaid rendering into a shared
renderFlowMermaidthat operates on an object collection.
Reviewed changes
Copilot reviewed 7 out of 9 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| mdl/grammar/MDLParser.g4 | Adds SHOW/LIST ACCESS ON NANOFLOW qualifiedName grammar rule. |
| mdl/visitor/visitor_query.go | Adds NANOFLOW dispatch for SHOW ACCESS statement building. |
| mdl/ast/ast_query.go | Adds ShowAccessOnNanoflow enum + string name. |
| mdl/executor/executor_query.go | Routes new show object type to listAccessOnNanoflow. |
| mdl/executor/cmd_security.go | Implements listAccessOnNanoflow (mirrors microflow/page access listing). |
| mdl/executor/cmd_mermaid.go | Adds nanoflow Mermaid support and refactors to shared flow renderer. |
| mdl/executor/cmd_mermaid_mock_test.go | Updates unsupported-type test now that nanoflow Mermaid is supported. |
Comments suppressed due to low confidence (1)
mdl/executor/cmd_mermaid.go:289
- renderFlowMermaid builds an activityMap but then immediately assigns it to '_' and never reads it. This is dead code and adds unnecessary work; either remove the map entirely or use it where intended (e.g., for lookups in label/detail generation).
activityMap := make(map[model.ID]microflows.MicroflowObject)
var startID model.ID
for _, obj := range allObjects {
activityMap[obj.GetID()] = obj
if _, ok := obj.(*microflows.StartEvent); ok {
startID = obj.GetID()
}
}
_ = activityMap // used for reference
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // listAccessOnNanoflow handles SHOW ACCESS ON NANOFLOW Module.NF. | ||
| func listAccessOnNanoflow(ctx *ExecContext, name *ast.QualifiedName) error { | ||
| if name == nil { | ||
| return mdlerrors.NewValidation("nanoflow name required") | ||
| } |
There was a problem hiding this comment.
listAccessOnNanoflow introduces a new SHOW ACCESS code path but there is no corresponding mock test (cmd_security_mock_test.go covers microflow/page/workflow). Please add tests for JSON + text output and the not-found case to prevent regressions.
| } else if ctx.NANOFLOW() != nil { | ||
| b.statements = append(b.statements, &ast.ShowStmt{ | ||
| ObjectType: ast.ShowAccessOnNanoflow, | ||
| Name: &name, | ||
| }) |
There was a problem hiding this comment.
In this new NANOFLOW branch, the inline comment above the ACCESS handler still says it only supports MICROFLOW|PAGE. Please update that comment to include NANOFLOW (and any other supported types) so it matches the actual dispatch logic.
| // Build entity name lookup | ||
| entityNames := make(map[model.ID]string) | ||
| domainModels, _ := ctx.Backend.ListDomainModels() | ||
| for _, dm := range domainModels { | ||
| modName := h.GetModuleName(dm.ContainerID) | ||
| for _, entity := range dm.Entities { | ||
| entityNames[entity.ID] = modName + "." + entity.Name | ||
| } | ||
| } |
There was a problem hiding this comment.
nanoflowToMermaid duplicates the entity name lookup logic used in microflowToMermaid. Consider extracting a shared helper (e.g., buildEntityNames(ctx,h)) to avoid divergence and keep behavior consistent across flow types.
| case "nanoflow": | ||
| return nanoflowToMermaid(ctx, qn) |
There was a problem hiding this comment.
This new nanoflow Mermaid support is not covered by tests in cmd_mermaid_mock_test.go (there are already mock tests for domainmodel/microflow). Please add a mock test for describeMermaid("nanoflow", "Module.Name") similar to the microflow test to validate the new code path.
retran
force-pushed
the
pr5-nanoflows-call-grant
branch
from
2dee3d2 to
54a9353
Compare
retran
force-pushed
the
pr6-nanoflows-show-mermaid
branch
from
9b468e7 to
5c414e7
Compare
retran
force-pushed
the
pr5-nanoflows-call-grant
branch
from
82247b4 to
2183899
Compare
retran
force-pushed
the
pr6-nanoflows-show-mermaid
branch
from
5c414e7 to
f048afd
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 11 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // Build entity name lookup | ||
| entityNames := make(map[model.ID]string) | ||
| domainModels, _ := ctx.Backend.ListDomainModels() | ||
| for _, dm := range domainModels { | ||
| modName := h.GetModuleName(dm.ContainerID) |
There was a problem hiding this comment.
ctx.Backend.ListDomainModels() errors are being ignored here, which can hide backend failures and lead to incomplete entity name resolution in the rendered diagram. Handle the error and return a backend error (consistent with other backend calls in this function).
retran
force-pushed
the
pr5-nanoflows-call-grant
branch
from
2183899 to
bcb19c0
Compare
retran
force-pushed
the
pr6-nanoflows-show-mermaid
branch
from
f048afd to
48101b5
Compare
retran
force-pushed
the
pr5-nanoflows-call-grant
branch
from
bcb19c0 to
dd4df09
Compare
retran
force-pushed
the
pr6-nanoflows-show-mermaid
branch
2 times, most recently
from
3fbc371 to
3eff26d
Compare
retran
force-pushed
the
pr5-nanoflows-call-grant
branch
2 times, most recently
from
8193fb6 to
eafe7cb
Compare
retran
force-pushed
the
pr6-nanoflows-show-mermaid
branch
from
3eff26d to
9472857
Compare
retran
force-pushed
the
pr5-nanoflows-call-grant
branch
from
eafe7cb to
802ca63
Compare
retran
force-pushed
the
pr6-nanoflows-show-mermaid
branch
from
9472857 to
613df56
Compare
retran
force-pushed
the
pr5-nanoflows-call-grant
branch
from
802ca63 to
6c052e2
Compare
retran
force-pushed
the
pr6-nanoflows-show-mermaid
branch
2 times, most recently
from
c35f9e7 to
987d208
Compare
retran
force-pushed
the
pr5-nanoflows-call-grant
branch
from
6c052e2 to
638be11
Compare
retran
force-pushed
the
pr5-nanoflows-call-grant
branch
from
638be11 to
ca2a5b6
Compare
retran
force-pushed
the
pr6-nanoflows-show-mermaid
branch
from
987d208 to
43f3066
Compare
|
Superseded by #10 (consolidated nanoflow PR) |
Summary
SHOW ACCESS ON NANOFLOW Module.Name— displays allowed module roles table (mirrors microflow pattern)DESCRIBE MERMAID NANOFLOW Module.Name— renders nanoflow as Mermaid flowchartrenderMicroflowMermaid→renderFlowMermaidaccepting*MicroflowObjectCollectionto share rendering between microflows and nanoflowsWhy
Completes the nanoflow feature surface for the CLI. Without SHOW ACCESS, users cannot inspect nanoflow security grants. Without DESCRIBE MERMAID, nanoflow visualization is unavailable — both are already supported for microflows and pages.
Changes
SHOW ACCESS ON NANOFLOW qualifiedNameruleShowAccessOnNanoflowenum constantlistAccessOnNanoflow(cmd_security.go),nanoflowToMermaid+ sharedrenderFlowMermaid(cmd_mermaid.go)9 files changed.
make build && make test && make lint-gopass.