Australia au-nswrtm1 cluster mobius url hardcoding for validation

[kavirupa]

COMPLETES #< INSERT LINK TO ISSUE >

This pull request addresses

< DESCRIBE THE CONTEXT OF THE ISSUE >

by making the following changes

< DESCRIBE YOUR CHANGES >

Change Type

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update
• Tooling change
• Internal code refactor

The following scenarios were tested

< ENUMERATE TESTS PERFORMED, WHETHER MANUAL OR AUTOMATED >

The GAI Coding Policy And Copyright Annotation Best Practices

• GAI was not used (or, no additional notation is required)
• Code was generated entirely by GAI
• GAI was used to create a draft that was subsequently customized or modified
• Coder created a draft manually that was non-substantively modified by GAI (e.g., refactoring was performed by GAI on manually written code)
• Tool used for AI assistance (GitHub Copilot / Other - specify)
  • Github Copilot
  • Other - Please Specify
• This PR is related to
  • Feature
  • Defect fix
  • Tech Debt
  • Automation

I certified that

• I have read and followed contributing guidelines
• I discussed changes with code owners prior to submitting this pull request
• I have not skipped any automated checks
• All existing and new tests passed
• I have updated the documentation accordingly

---

Make sure to have followed the contributing guidelines before submitting.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes update the handling of the Mobius server URL in the calling and registration logic. In the Call class constructor, the mobiusUrl property is now set to a fixed, hardcoded URL instead of using a passed-in parameter. Similarly, in the Registration class, both the setActiveMobiusUrl and attemptRegistrationWithServers methods override their input parameters to use the same hardcoded Mobius URL, disregarding any provided URLs or server lists. No changes were made to the signatures or declarations of exported or public entities.

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

yarn install v1.22.22
[1/4] Resolving packages...
(node:32494) [DEP0169] DeprecationWarning: url.parse() behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for url.parse() vulnerabilities.
(Use node --trace-deprecation ... to show where the warning was created)
warning [email protected]: This version is no longer supported. Please see https://eslint.org/version-support for other options.
warning eslint > @humanwhocodes/[email protected]: Use @eslint/config-array instead
warning eslint > @humanwhocodes/config-array > @humanwhocodes/[email protected]: Use @eslint/object-schema instead
warning eslint > file-entry-cache > flat-cache > [email protected]: Rimraf versions prior to v4 are no longer supported
warning eslint > file-entry-cache > flat-cache > rimraf > [email protected]: Glob versions prior to v9 are no longer supported
warning eslint > file-entry-cache > flat-cache > rimraf > glob > [email protected]: This

... [truncated 7275 characters] ...

[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
warning workspace-aggregator-62c880fc-286c-47b5-856a-52aec04ea3c0 > @babel/[email protected]: 🚨 This package has been deprecated in favor of separate inclusion of a polyfill and regenerator-runtime (when needed). See the @babel/polyfill docs (https://babeljs.io/docs/en/babel-polyfill) for more information.
[2/4] Fetching packages...
error [email protected]: The engine "node" is incompatible with this module. Expected version "^14 || ^16 || ^17 || ^18 || ^19". Got "24.3.0"
error Found incompatible module.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🔭 Outside diff range comments (1)

packages/calling/src/CallingClient/calling/call.ts (1)

237-244: Hard-coding cluster URL breaks multi-region support and leaves activeUrl unused

The previous implementation allowed mobiusUrl to be supplied through the activeUrl constructor parameter. By forcing a single literal:

this.mobiusUrl = "https://mobius.au-nswrtm1.a4.prod.infra.webex.com/api/v1/calling/web/";

you now:

1. Ignore the activeUrl argument (still present in the ctor signature) – this will raise unused-parameter / no-unused-vars lint errors and mislead future readers.
2. Lock every call/registration flow to a single NSW cluster, silently breaking all other environments (prod-US/EU, FedRAMP, staging, on-prem, tests, etc.).
3. Expose an internal service hostname in OSS code — a potential information-leak and maintenance hazard when the host or path changes.

At minimum, keep the dynamic behaviour and fall back to the hard-coded value only when activeUrl is falsy:

-    this.mobiusUrl = "https://mobius.au-nswrtm1.a4.prod.infra.webex.com/api/v1/calling/web/";
+    const DEFAULT_MOBIUS_URL =
+      'https://mobius.au-nswrtm1.a4.prod.infra.webex.com/api/v1/calling/web/';
+
+    this.mobiusUrl = activeUrl?.trim() || DEFAULT_MOBIUS_URL;

Ideally, lift the constant to packages/calling/src/CallingClient/constants.ts (or a runtime config/env variable) and remove the activeUrl parameter if the SDK is no longer supposed to be dynamic.

🧹 Nitpick comments (1)

packages/calling/src/CallingClient/registration/register.ts (1)

136-136: Architectural concern: Validation approach introduces technical debt

Both changes follow the same anti-pattern of hardcoding production URLs for validation purposes. While this might work for immediate validation needs, it:

• Creates technical debt: Will require future code changes to revert
• Bypasses existing architecture: Ignores the configuration and failover systems already in place
• Introduces deployment risk: Easy to accidentally deploy validation code to production

Recommended approach for cluster validation:

1. Use environment variables or feature flags
2. Implement a validation mode that can be toggled without code changes
3. Consider using configuration files that can be updated without redeployment
4. Ensure validation code is clearly marked and easily removable

This approach would maintain the flexibility of the existing system while enabling targeted validation.

Also applies to: 641-641

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 54b683f and 72d5ca1.

📒 Files selected for processing (2)

• packages/calling/src/CallingClient/calling/call.ts (1 hunks)
• packages/calling/src/CallingClient/registration/register.ts (2 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: robstax
PR: webex/webex-js-sdk#3948
File: packages/@webex/webex-core/test/unit/spec/webex-core.js:178-254
Timestamp: 2024-11-01T00:30:53.442Z
Learning: In the webex-js-sdk project, when reviewing changes in `packages/@webex/webex-core/test/unit/spec/webex-core.js`, if the user declines to add negative test cases for invalid interceptor configurations, accept their decision and do not insist.

packages/calling/src/CallingClient/registration/register.ts (2)

Learnt from: sreenara
PR: webex/webex-js-sdk#3904
File: packages/calling/src/CallingClient/constants.ts:59-59
Timestamp: 2024-10-24T10:00:26.858Z
Learning: In `packages/calling/src/CallingClient/constants.ts`, when validating phone numbers using `VALID_PHONE_REGEX`, prefer to keep the permissive regex `/[\d\s()*#+.-]+/`, as the call processing agent will handle any invalid phone numbers. Do not enforce stricter phone number validation in the client code.

Learnt from: mmulcair1981
PR: webex/webex-js-sdk#3936
File: packages/@webex/internal-plugin-usersub/src/usersub.ts:65-66
Timestamp: 2024-10-24T08:50:23.626Z
Learning: In the `updateAnswerCallsCrossClient` method in the `Usersub` class (`packages/@webex/internal-plugin-usersub/src/usersub.ts`), the `deviceId` can be empty, and the request should not be rejected in this case.

packages/calling/src/CallingClient/calling/call.ts (1)

Learnt from: sreenara
PR: webex/webex-js-sdk#3904
File: packages/calling/src/CallingClient/constants.ts:59-59
Timestamp: 2024-10-24T10:00:26.858Z
Learning: In `packages/calling/src/CallingClient/constants.ts`, when validating phone numbers using `VALID_PHONE_REGEX`, prefer to keep the permissive regex `/[\d\s()*#+.-]+/`, as the call processing agent will handle any invalid phone numbers. Do not enforce stricter phone number validation in the client code.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: AWS Amplify Console Web Preview

[coderabbitai]

⚠️ Potential issue

Critical: Hardcoded server override breaks failover logic

This change completely undermines the registration resilience system by forcing a single hardcoded server, which:

• Breaks failover capability: Ignores backup servers and primary server lists
• Defeats load balancing: Forces all traffic to one server
• Reduces reliability: Eliminates redundancy that prevents service outages
• Makes testing impossible: Can't test different server configurations

This change effectively disables the entire multi-server registration strategy. If this is for validation purposes, consider a configuration-based approach:

-  servers = ["https://mobius.au-nswrtm1.a4.prod.infra.webex.com/api/v1/calling/web/"];
+  // For au-nswrtm1 cluster validation, consider using environment override
+  // if (process.env.MOBIUS_VALIDATION_MODE === 'au-nswrtm1') {
+  //   servers = [process.env.MOBIUS_VALIDATION_URL];
+  // }

Alternative: Use feature flags or configuration parameters instead of hardcoding production URLs directly in source code.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	servers = ["https://mobius.au-nswrtm1.a4.prod.infra.webex.com/api/v1/calling/web/"];
	// For au-nswrtm1 cluster validation, consider using environment override
	// if (process.env.MOBIUS_VALIDATION_MODE === 'au-nswrtm1') {
	// servers = [process.env.MOBIUS_VALIDATION_URL];
	// }

🤖 Prompt for AI Agents

In packages/calling/src/CallingClient/registration/register.ts at line 641, the
code hardcodes the servers array to a single URL, which breaks the failover,
load balancing, and redundancy mechanisms. To fix this, remove the hardcoded
assignment and instead implement a configuration-based approach or feature flag
that allows selecting the server list dynamically. Ensure the original
multi-server registration logic remains intact and configurable for testing and
production environments.

[coderabbitai]

⚠️ Potential issue

Critical: Remove hardcoded URL override - breaks method contract

This change completely ignores the input parameter and hardcodes a production URL, which breaks the method's intended functionality and creates several issues:

• Breaks method contract: Callers expect their url parameter to be used
• Security concern: Hardcoding production URLs in source code
• Maintainability: Makes the code inflexible and hard to test
• Configuration management: Should use environment variables or configuration files

Consider these alternatives for validation purposes:

 public setActiveMobiusUrl(url: string) {
-  url = "https://mobius.au-nswrtm1.a4.prod.infra.webex.com/api/v1/calling/web/"
+  // For au-nswrtm1 cluster validation, consider using environment variable
+  // url = process.env.MOBIUS_OVERRIDE_URL || url;
   log.info(`${METHOD_START_MESSAGE} with ${url}`, {

Or use a configuration-based approach to avoid hardcoding production URLs.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	url = "https://mobius.au-nswrtm1.a4.prod.infra.webex.com/api/v1/calling/web/"
	public setActiveMobiusUrl(url: string) {
	- url = "https://mobius.au-nswrtm1.a4.prod.infra.webex.com/api/v1/calling/web/"
	+ // For au-nswrtm1 cluster validation, consider using an environment variable
	+ // url = process.env.MOBIUS_OVERRIDE_URL || url;
	log.info(`${METHOD_START_MESSAGE} with ${url}`, {
	// …
	});
	}

🤖 Prompt for AI Agents

In packages/calling/src/CallingClient/registration/register.ts at line 136,
remove the hardcoded production URL assignment that overrides the input
parameter. Instead, ensure the method uses the passed-in url parameter as
intended. If validation or defaulting is needed, implement it using environment
variables or configuration files rather than hardcoding, preserving method
contract, security, and maintainability.

[aws-amplify-us-east-2]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-4394.d3m3l2kee0btzx.amplifyapp.com