feat(model/test): add --max-types-per-authorization-model flag

[nverbos-godaddy]

Description

What problem is being solved?

The embedded server used by fga model test creates an in-memory datastore via memory.New() without overriding MaxTypesPerAuthorizationModel, which defaults to 100. This causes local model tests to fail with Code(2053): The number of type definitions in an authorization model exceeds the allowed limit of 100 for any authorization model with more than 100 type definitions — even though production OpenFGA servers support configuring this limit via --max-types-per-authorization-model or OPENFGA_MAX_TYPES_PER_AUTHORIZATION_MODEL.

How is it being solved?

Add a --max-types-per-authorization-model flag to fga model test that defaults to 100 (preserving current behavior). When set, the value is passed through to the embedded server's memory datastore via memory.WithMaxTypesPerAuthorizationModel().

Thanks to the existing Viper integration in the CLI, this flag can be set in three ways without any additional code:

# CLI flag
fga model test --tests model.fga.yaml --max-types-per-authorization-model 200

# .fga.yaml config file
max-types-per-authorization-model: 200

# Environment variable
FGA_MAX_TYPES_PER_AUTHORIZATION_MODEL=200 fga model test --tests model.fga.yaml

This introduces a LocalServerConfig struct in internal/storetest as an extensibility point for threading additional server options through to the embedded test server in the future. Additional flags added to the struct will automatically get config file and env var support via Viper, following the same pattern as all other CLI flags. For the broader question of exposing all server configuration to the embedded test server, we defer to the maintainers' preferred approach — see #564.

What changes are made to solve it?

• cmd/model/test.go: Register the --max-types-per-authorization-model flag, read it, and pass it to RunTests via LocalServerConfig
• internal/storetest/tests.go: Add LocalServerConfig struct; extend RunTests signature to accept it
• internal/storetest/localstore.go: Apply MaxTypesPerAuthorizationModel from config to memory.New()
• internal/storetest/localstore_test.go (new): Unit tests for the config-to-memory-option plumbing
• README.md: Document the new flag in the model test parameters section
• tests/: Add a 6-type model fixture and integration tests verifying the flag controls the limit

References

• Closes fga model test: allow configuring MaxTypesPerAuthorizationModel for embedded server #640
• Related: Allow setting server flag during test runs #564

Review Checklist

• I have clicked on "allow edits by maintainers"
• I have added documentation for new/changed functionality
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

• New Features

  • Added a new command-line flag to the model test command to configure the maximum number of type definitions per authorization model during testing, with a default limit of 100.

• Tests

  • Added comprehensive test cases to verify behavior when type definition limits are exceeded and when they are properly respected.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: nverbos-godaddy / name: nverbos-godaddy (51b05b7)

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1333d5cd-21d4-4730-853d-a1fea84afe9e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

This PR adds a new --max-types-per-authorization-model CLI flag to the fga model test command that allows configuring the maximum number of type definitions per authorization model in the embedded test server. The flag is threaded through the command handler, a new config struct, and the local server initialization to apply limits to the in-memory datastore.

Changes

Cohort / File(s)	Summary
CLI Command cmd/model/test.go, README.md	Introduces --max-types-per-authorization-model flag with default value 100 on the model test command. Reads the flag and passes it to RunTests via a LocalServerConfig parameter. Updates documentation to describe the new flag.
Core Testing Infrastructure internal/storetest/tests.go, internal/storetest/localstore.go	Adds LocalServerConfig struct with MaxTypesPerAuthorizationModel field. Updates RunTests and getLocalServerModelAndTuples signatures to accept serverConfig and conditionally applies memory.WithMaxTypesPerAuthorizationModel option during datastore initialization.
Test Coverage internal/storetest/localstore_test.go	New test file containing buildModelWithNTypes helper and TestGetLocalServerModelAndTuples_MaxTypesLimit test that verifies server behavior with various type limits via parallel subtests.
Test Fixtures tests/fixtures/many-types-model.fga, tests/fixtures/many-types.fga.yaml, tests/model-test-cases.yaml	Adds test fixtures: a model with 6 types (user + resource1–5), a YAML test scenario with owner check assertion, and two new test cases validating flag behavior with type limits of 5 and 10.

Sequence Diagram

sequenceDiagram
    participant User
    participant CLI as fga model test
    participant Config as LocalServerConfig
    participant LocalStore as getLocalServerModelAndTuples
    participant Memory as memory.New()
    
    User->>CLI: Run with --max-types-per-authorization-model 10
    CLI->>CLI: Parse flag value (10)
    CLI->>Config: Create LocalServerConfig{MaxTypesPerAuthorizationModel: 10}
    CLI->>LocalStore: Call with serverConfig parameter
    LocalStore->>LocalStore: Check if MaxTypesPerAuthorizationModel > 0
    alt Limit configured
        LocalStore->>Memory: New(WithMaxTypesPerAuthorizationModel(10))
    else No limit
        LocalStore->>Memory: New()
    end
    Memory->>LocalStore: Return configured datastore
    LocalStore->>CLI: Return server and authz model
    CLI->>CLI: Run tests with configured server

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

codex

Suggested reviewers

• rhamzeh
• Siddhant-K-code

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 16.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding a new CLI flag for configuring max types per authorization model in the model test command.
Linked Issues check	✅ Passed	The PR fully implements the requirements from issue #640: exposes --max-types-per-authorization-model flag, passes it through LocalServerConfig to the memory datastore, and supports Viper (CLI flag, config, env var).
Out of Scope Changes check	✅ Passed	All changes are directly related to the objective of configuring MaxTypesPerAuthorizationModel for the embedded server; no unrelated modifications are present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dosubot]

Related Documentation

Checked 8 published document(s) in 1 knowledge base(s). No updates required.

^{How did I do? Any feedback?}  

[Copilot]

Pull request overview

Adds configurability for the embedded OpenFGA server used by fga model test so local model tests can run against authorization models with more than 100 type definitions.

Changes:

• Add --max-types-per-authorization-model to fga model test and thread it through to the embedded server configuration.
• Apply the configured max-types limit to the embedded memory datastore used during local tests.
• Add unit + integration fixtures/tests and update README documentation for the new flag.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
cmd/model/test.go	Registers and reads the new CLI flag; passes config into storetest.RunTests.
internal/storetest/tests.go	Introduces LocalServerConfig and extends RunTests to accept it.
internal/storetest/localstore.go	Plumbs the config into memory.New() via memory.WithMaxTypesPerAuthorizationModel(...).
internal/storetest/localstore_test.go	New unit test covering config-to-memory option behavior.
tests/model-test-cases.yaml	Adds integration cases verifying failure/success when adjusting the limit.
tests/fixtures/many-types.fga.yaml	New store fixture referencing a model with multiple types.
tests/fixtures/many-types-model.fga	New FGA model fixture with 6 type definitions.
README.md	Documents the new flag in the command table and model test parameters.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@cmd/model/test.go`:
- Around line 55-62: The flag value retrieved via cmd.Flags().GetInt into
maxTypes must be validated as a positive integer before constructing
storetest.LocalServerConfig; update the code after retrieving maxTypes (from
cmd.Flags().GetInt) to check if maxTypes <= 0 and return a clear fmt.Errorf
describing the invalid --max-types-per-authorization-model value, otherwise
proceed to set MaxTypesPerAuthorizationModel on storetest.LocalServerConfig;
this ensures invalid non-positive inputs fail fast instead of propagating
downstream.

---

ℹ️ Review info

Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5553b6ce-d0ef-4f50-8b94-9eda9e6ca462

📥 Commits

Reviewing files that changed from the base of the PR and between faca58e and 63f3a0e.

📒 Files selected for processing (8)

• README.md
• cmd/model/test.go
• internal/storetest/localstore.go
• internal/storetest/localstore_test.go
• internal/storetest/tests.go
• tests/fixtures/many-types-model.fga
• tests/fixtures/many-types.fga.yaml
• tests/model-test-cases.yaml

[nverbos-godaddy]

Addressed the review feedback from @copilot and @coderabbitai — non-positive values for --max-types-per-authorization-model now fail fast with clierrors.ValidationError, consistent with the project's existing error handling pattern. Also removed the > 0 guard in localstore.go since the flag is now always validated as positive at the command level.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@nverbos-godaddy: Thanks for the update! Validating at the command boundary with clierrors.ValidationError is the right approach — it gives users a clear, immediate error message and keeps the downstream logic (like localstore.go) clean and unconditional. Removing the > 0 guard in localstore.go is a natural consequence and keeps the code consistent. Well done! 🎉

---

If you found this review helpful, would you consider giving us a shout-out on X?

Thank you for using CodeRabbit!

[rhamzeh]

Thanks @nverbos-godaddy!