feat(auditor): add filtering to target and config list endpoints (AIRCORE-387)

[maxdubrinsky]

What

The auditor plugin's target and config list endpoints previously supported only page / page_size / sort. This adds query filtering through the standard plugin idiom.

• New TargetFilter (type, model, description, project, created_at, updated_at) and ConfigFilter (description, project, created_at, updated_at) in api/v2/schemas.py — both NemoFilter subclasses (extra="forbid"), with DatetimeFilter range support on the timestamps.
• list_targets / list_configs now take a filter[...] dependency (make_filter_obj_dep) and forward filter_obj to entity_client.list.
• A small auditor-local _filters.make_filter_dep wrapper maps the raw pydantic ValidationError raised on an unknown filter key to HTTP 422 — the platform registers no handler for it, so the bare dependency would surface a 500. Shared infra is untouched.

Compatibility

Additive. With no filter the call is identical to before; page / page_size / sort and the response shape are unchanged (a filter echo key is added). Misspelled filter keys now return 422 (intended).

Tests

15 new tests (8 target / 7 config): per-field filtering, project narrowing, created_at $gte/$lte ranges, 422 on unknown key, and an empty-filter regression. Plugin suite green (40 passed).

Remaining before merge

Run make refresh-openapi to regenerate plugins/nemo-auditor/openapi/openapi.yaml (spec-from-Pydantic; no Stainless — auditor ships hand-written SDK resources).

AIRCORE-387

Summary by CodeRabbit

• New Features
  • Add filtering to config and target listing endpoints, including date-range support; filters are exposed in OpenAPI and echoed in list responses.
• Bug Fixes
  • Unknown or misspelled filter keys now return HTTP 422 with clearer validation details.
• Tests
  • New tests for config and target list filtering: parameter forwarding, range parsing, error handling, and response shape.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: dc40d0cd-2927-425b-b071-20228331c72e

📥 Commits

Reviewing files that changed from the base of the PR and between 55255da and d5f5c2c.

📒 Files selected for processing (1)

• plugins/nemo-auditor/openapi/openapi.yaml

---

📝 Walkthrough

Walkthrough

Adds query filtering to the targets and configs list endpoints. New filter schemas define optional fields for type, model, description, project, and timestamp ranges. A dependency factory validates filter payloads and converts Pydantic errors to HTTP 422. Both endpoints inject filter dependencies, forward converted filter objects to the entity client, and echo filters in responses. Tests verify parameter forwarding, range parsing, validation errors, and response structure.

Changes

Query filtering for targets and configs list endpoints

Layer / File(s)	Summary
Filter schemas and dependency factory plugins/nemo-auditor/src/nemo_auditor/api/v2/schemas.py, plugins/nemo-auditor/src/nemo_auditor/api/v2/_filters.py	TargetFilter and ConfigFilter models extend NemoFilter with optional fields for filtering by type, model, description, project, and created_at/updated_at ranges. make_filter_dep wraps async validation and converts ValidationError to HTTP 422 with error details.
Target list endpoint with filtering plugins/nemo-auditor/src/nemo_auditor/api/v2/targets.py	list_targets accepts injected TargetFilter dependency via _target_filter_dep, converts it to a dict for entity_client.list as filter_obj, includes OpenAPI extra params for filter schema documentation, and echoes the filter in the response payload.
Config list endpoint with filtering plugins/nemo-auditor/src/nemo_auditor/api/v2/configs.py	list_configs accepts injected ConfigFilter dependency via _config_filter_dep, converts it to a dict for entity_client.list as filter_obj, includes OpenAPI extra params for filter schema documentation, and echoes the filter in the response payload.
OpenAPI parameter and schema updates plugins/nemo-auditor/openapi/openapi.yaml	Adds deepObject filter query parameters to List Targets and List Configs operations and introduces ConfigFilter, TargetFilter, and DatetimeFilter component schemas documenting supported operators and shapes.
Filtering tests plugins/nemo-auditor/tests/test_api_targets.py, plugins/nemo-auditor/tests/test_api_configs.py	TestListTargetsFiltering and TestListConfigsFiltering verify filter parameters are forwarded as filter_obj, created_at ranges with $gte/$lte are parsed correctly, unknown filter keys return HTTP 422, missing filters forward None, and responses include data, pagination, sort, and echoed filter.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 22.73% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: adding filtering to target and config list endpoints, which is the primary focus across multiple files in this changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch aircore-387-auditor-filters/md

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Suite	Lines Covered	Line Rate	Branch Rate
Unit Tests	18715/24765	75.6%	62.0%
Integration Tests	11997/23529	51.0%	26.2%

[parkanzky]

This is going to shadow the filter python built-in. If that's the only way to get the user-facing API we want that may be ok, but it would be best to not shadow built-ins.