feat: add validate command for API7 EE backend

[jarvis9443]

What

Add a validate subcommand that validates local ADC configuration against the server-side /apisix/admin/configs/validate API provided by API7 EE Dashboard. This performs comprehensive server-side validation (JSON Schema, plugin check_schema, duplicate ID detection) as a dry-run — nothing is persisted.

Why

The existing lint command only checks ADC's own Zod schema. It can't catch issues like invalid plugin configs, schema violations defined by the backend, or duplicate resource IDs. The validate API fills this gap by running the same validation that would happen during a real sync, without any side effects.

Changes

SDK (libs/sdk/src/backend/index.ts)

• Add BackendValidateResult and BackendValidationError interfaces
• Add optional validate() and supportValidate() methods to Backend interface

backend-api7 (libs/backend-api7/src/)

• New Validator class that transforms ADC hierarchical configuration to flat backend-native format and POSTs to the validate endpoint
• supportValidate() with version gating (>= 3.9.10)
• validate() method on BackendAPI7

CLI (apps/cli/src/)

• New ValidateTask with version checking and user-friendly error formatting
• New validate command: adc validate -f adc.yaml [--no-lint] [--backend api7ee]
• Pipeline: InitBackend → LoadLocal → Lint → Validate

E2E Tests (libs/backend-api7/e2e/validate.e2e-spec.ts)

• Valid config, invalid plugin, invalid route, multiple errors, mixed resources, dry-run verification
• Version-gated with conditionalDescribe(semverCondition(gte, '3.9.10'))

Usage

# Validate against API7 EE
adc validate -f adc.yaml --backend api7ee --gateway-group default

# Skip lint step
adc validate -f adc.yaml --no-lint

Scope

This PR covers API7 EE backend only. APISIX and standalone backend support will follow in a separate PR.

Summary by CodeRabbit

• New Features

  • Added an adc validate command to check one or more local config files (selectors, multiple files, optional linting) and render detailed per-resource validation errors.
  • Backends may now advertise validation support (requires server >= 3.9.10) and return structured validation results; validation is a dry-run and won’t apply changes when supported.

• Tests

  • Added end-to-end tests for success, multiple failure cases, aggregated errors, and dry-run semantics.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4e87d0ca-7858-4aff-80a9-1a058e9f3686

📥 Commits

Reviewing files that changed from the base of the PR and between 627f08e and f07f059.

📒 Files selected for processing (1)

• apps/cli/src/tasks/validate.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/cli/src/tasks/validate.ts

---

📝 Walkthrough

Walkthrough

Adds backend validation end-to-end: new CLI validate command and task, SDK validation types, BackendAPI7 support/validate methods with a Validator HTTP client, and E2E tests covering validation outcomes and dry-run semantics.

Changes

Cohort / File(s)	Summary
CLI command apps/cli/src/command/index.ts, apps/cli/src/command/validate.command.ts	Register new ValidateCommand and add a validate subcommand accepting multi --file and --lint; builds a Listr pipeline to init backend, load/filter local configs, optionally run lint, and invoke validation.
CLI tasks apps/cli/src/tasks/index.ts, apps/cli/src/tasks/validate.ts	Re-export validate tasks; added ValidateTask that verifies backend.supportValidate(), calls backend.validate(), formats validation errors into a single message, and throws on failure.
SDK types libs/sdk/src/backend/index.ts	Added BackendValidationError and BackendValidateResult types and extended Backend interface with optional validate() method.
BackendAPI7 core libs/backend-api7/src/index.ts	Added MINIMUM_VALIDATE_VERSION, supportValidate() (version check via semver), and validate(config) delegating to the new Validator.
BackendAPI7 validator libs/backend-api7/src/validator.ts	New Validator class that constructs a validation payload, POSTs to /apisix/admin/configs/validate, emits AXIOS_DEBUG events, returns structured success/error results, and maps/omits undefined fields and generated IDs.
E2E tests libs/backend-api7/e2e/validate.e2e-spec.ts	New end-to-end suite (gated semver >= 3.9.10) exercising supportValidate(), success/failure cases, aggregated errors, mixed resource validation, and dry-run (no state mutation).

Sequence Diagram(s)

sequenceDiagram
    participant CLI as CLI Command
    participant Task as Validate Task
    participant Backend as BackendAPI7
    participant Validator as Validator Class
    participant API as APISIX Admin API

    CLI->>Task: run validate with options
    Task->>Backend: supportValidate()
    Backend->>Backend: version() & semver check
    Backend-->>Task: support true/false

    alt supported
        Task->>Backend: validate(config)
        Backend->>Validator: new Validator(...).validate(config)
        Validator->>API: POST /apisix/admin/configs/validate
        alt 200 OK
            API-->>Validator: 200 {…}
            Validator-->>Backend: { success: true, errors: [] }
        else 400 Bad Request
            API-->>Validator: 400 { error_msg, errors }
            Validator-->>Backend: { success: false, errorMessage, errors }
        end
        Backend-->>Task: BackendValidateResult
        Task->>Task: format errors & throw if !success
    else not supported
        Task-->>Task: throw unsupported error
    end

    Task-->>CLI: return success or exit with error

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• bzp2010
• guoqqqi

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately summarizes the main change: adding a validate command for the API7 EE backend. It is concise, clear, and directly reflects the primary objective of the changeset.
E2e Test Quality Review	✅ Passed	E2E tests use real BackendAPI7 instances with genuine HTTP calls, covering valid/invalid configs, error aggregation, and dry-run semantics with clear assertions and proper async handling without race conditions.
Security Check	✅ Passed	The validate feature PR introduces no critical security vulnerabilities with proper error message formatting and no exposed credentials.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/validate-api7

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

libs/backend-api7/e2e/validate.e2e-spec.ts (1)

10-13: Unused imports: syncEvents, createEvent, deleteEvent.

These utilities are imported but not used in any test case.

♻️ Proposed fix

 import {
   conditionalDescribe,
   generateHTTPSAgent,
   semverCondition,
-  syncEvents,
-  createEvent,
-  deleteEvent,
 } from './support/utils';

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@libs/backend-api7/e2e/validate.e2e-spec.ts` around lines 10 - 13, The import
list includes unused symbols syncEvents, createEvent, and deleteEvent; remove
these three identifiers from the import statement (or, if they were intended to
be used, add the appropriate test cases that call syncEvents, createEvent, and
deleteEvent) so the test file no longer contains unused imports—update the
import line where syncEvents, createEvent, deleteEvent are listed to only import
the utilities actually used.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@libs/backend-api7/src/validator.ts`:
- Around line 113-118: The current mapping for config.ssls computes sslId as
ssl.id ?? ADCSDK.utils.generateId(ssl.snis?.[0] ?? '') which will call
generateId('') when snis is undefined or an empty array; change the logic in the
block that builds body.ssls (the map that sets sslId and calls
fromADC.transformSSL) to explicitly detect missing/empty ssl.snis and handle it
safely: either require/validate presence of snis (log a warning and skip or
throw), or derive a non-empty id using a safer seed (e.g., use a random/unique
value or serialize the ssl object) instead of ''. Ensure you reference
config.ssls, ssl.snis, ADCSDK.utils.generateId, sslId and fromADC.transformSSL
when making the change so no empty-string seed is passed to generateId.

---

Nitpick comments:
In `@libs/backend-api7/e2e/validate.e2e-spec.ts`:
- Around line 10-13: The import list includes unused symbols syncEvents,
createEvent, and deleteEvent; remove these three identifiers from the import
statement (or, if they were intended to be used, add the appropriate test cases
that call syncEvents, createEvent, and deleteEvent) so the test file no longer
contains unused imports—update the import line where syncEvents, createEvent,
deleteEvent are listed to only import the utilities actually used.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ccc2e6a2-01a4-4230-8913-b42d44c6bdbe

📥 Commits

Reviewing files that changed from the base of the PR and between d13f53a and e374db9.

📒 Files selected for processing (8)

• apps/cli/src/command/index.ts
• apps/cli/src/command/validate.command.ts
• apps/cli/src/tasks/index.ts
• apps/cli/src/tasks/validate.ts
• libs/backend-api7/e2e/validate.e2e-spec.ts
• libs/backend-api7/src/index.ts
• libs/backend-api7/src/validator.ts
• libs/sdk/src/backend/index.ts