Implement HttpRequestAccessor for nested CEL field access

[YakirOren]

Summary by CodeRabbit

• New Features
  • Extended CEL expression support with HTTP request field access, enabling rules to evaluate headers, host, method, URL, path, and body.
  • HTTP events are now accessible via a new "http" variable in the CEL environment for enhanced request evaluation.

[coderabbitai]

Warning

Rate limit exceeded

@YakirOren has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 54 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

The changes introduce HTTP request accessor support to the CEL environment by defining a new HttpRequestAccessor type and registering it with field mappings that expose HTTP request details (headers, host, method, URL, path, body) for use in CEL expressions.

Changes

Cohort / File(s)	Summary
HTTP Request Accessor Type Definition pkg/utils/cel.go	Added HttpRequestAccessor struct wrapping HTTP event data, extended CelEvent interface, introduced requestIsSet field tester, and defined HttpRequestFields map with nested field accessors for headers, host, method, URL, path, and body.
CEL Environment Registration pkg/rulemanager/cel/cel.go	Registered the new HttpRequestAccessor type with xcel, updated CEL fields to reference the request type, and exposed HTTP events under a "http" variable mirroring event type access.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 CEL hops through HTTP with glee,
Request accessors wild and free,
Headers and methods in nested delight,
The rabbit refactors through the night! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately describes the main change: implementing HttpRequestAccessor for nested CEL field access, which aligns with the additions of HttpRequestAccessor type and HttpRequestFields in both files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor/extended-http-event

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@pkg/utils/cel.go`:
- Around line 47-53: The has(http.request.*) predicate (requestIsSet) only
checks x.Raw.HttpEvent != nil which is unreliable because CelEvent is always
wrapped; change the predicate to call the accessor (use x.GetRequest()) and
verify the returned request is non-nil and for URL/path checks also ensure
request.URL (or its string) is non-empty; update the same pattern in the other
predicates referenced (the similar blocks around the Request/URL checks) so
event.request presence gating uses GetRequest() and request.URL rather than just
HttpEvent != nil.
- Around line 513-534: The GetFrom closure for the "body" field in
pkg/utils/cel.go currently reads req.Body directly which consumes it; change the
read to a safe, limited-read and then restore req.Body so downstream readers
aren’t broken: in the ref.FieldGetter closure (inside the
xcel.Object[HttpRequestAccessor] handling and after req :=
x.Raw.HttpEvent.GetRequest()), read up to a reasonable size limit (e.g., via
io.LimitedReader) into a buffer, build a new io.ReadCloser from the buffer
(e.g., bytes.NewBuffer + io.NopCloser) and assign it back to req.Body, handle
errors from io.ReadAll appropriately, and return the string from the buffered
data; ensure you still prefer GetBuf() when present.

[matthyx]

cool, does it improve the pprof?