feat: Add Flow Operation Rule REST APIs

[kunzhao-nv]

Description

Adds an Operation Rule CRUD API under /v2/org/{org}/nico/rule and lets every rack/tray operation API accept an optional ruleId so callers can pin a specific rule instead of relying on Flow's default rule resolution.

1. Operation Rule CRUD API — 5 site-scoped endpoints, backed by Flow's OperationRule gRPC:

Method	Path	Purpose
POST	/v2/org/{org}/nico/rule	create
GET	/v2/org/{org}/nico/rule	list (filter by siteId, operationType, isDefault)
GET	/v2/org/{org}/nico/rule/{id}	get
PATCH	/v2/org/{org}/nico/rule/{id}	update
DELETE	/v2/org/{org}/nico/rule/{id}	delete

2. Optional ruleId on rack/tray operation APIs — added to 8 request schemas (power/firmware/bring-up, single + batch, rack + tray). When set, the value is forwarded to Flow's rule_id proto field via the three shared Execute* helpers in handler/util/common/common.go. When omitted, Flow falls back to its default rule resolution — no behavior change for existing callers.

Type of Change

• Add - New feature or capability
• Change - Changes in existing functionality
• Fix - Bug fixes
• Remove - Removed features or deprecated functionality
• Internal - Internal changes (refactoring, tests, docs, etc.)

Related Issues (Optional)

Breaking Changes

• This PR contains breaking changes

Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed
• No testing required (docs, internal refactor, etc.)

Additional Notes

Followups:

1. Support promoting a rule to default
2. Add REST api for rule-rack association

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 541b5269-8c7d-4037-ab29-df3cb6f0dff1

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🌿 Preview your docs: https://nvidia-preview-pull-request-2286.docs.buildwithfern.com/infra-controller

[github-actions]

🔐 TruffleHog Secret Scan

✅ No secrets or credentials found!

Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉

🔗 View scan details

_{🕐 Last updated: 2026-06-07 05:09:58 UTC | Commit: dd435f1}

[github-actions]

🔍 Container Scan Summary

Service	Total	Critical	High	Medium	Low	Other
nico-flow	116	13	50	41	4	8
nico-nsm	133	11	45	66	11	0
nico-psm	118	13	52	41	4	8
nico-rest-api	182	16	84	67	7	8
nico-rest-cert-manager	95	5	47	32	3	8
nico-rest-db	116	13	50	41	4	8
nico-rest-site-agent	115	13	50	41	3	8
nico-rest-site-manager	102	6	48	37	3	8
nico-rest-workflow	118	13	52	41	4	8
TOTAL	1095	103	478	407	43	64

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.