Add static OpenAPI spec and clean up operation IDs#24
Merged
Conversation
Introduce SDK generation scaffolding: commit a static openapi.json extracted from the Utoipa annotations via a golden-file test, add Stainless workspace/config for TypeScript and Python SDKs, and clean up operation IDs for ergonomic generated method names. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Drop .stainless/ workspace and generator config; keep the static openapi.json, golden-file test, and operation_id cleanup so the spec stays usable with any SDK generator. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ragnorc
changed the title
Wire a local pre-commit hook that regenerates openapi.json whenever the server source changes, and document the workflow in CONTRIBUTING. Opt-in via `pre-commit install`; the existing CI test remains the authoritative drift check. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This reverts commit 7c6d89d.
Track a project pre-commit hook under scripts/hooks/ that regenerates openapi.json when server source is staged, and auto-stages the updated spec into the commit. Zero external dependencies — plain bash + cargo. Enable via `git config core.hooksPath scripts/hooks`. The CI drift test remains the authoritative check. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This reverts commit 7427d87.
Describe the CI workflow that regenerates openapi.json on PRs and the fork fallback. The workflow itself is added in a follow-up commit via the GitHub API (local tooling lacks workflow-scope). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ragnorc
force-pushed
the
ragnorc/explore-api
branch
from
57135fb to
e0d48ad
Compare
# Conflicts: # CONTRIBUTING.md
The separate openapi-sync workflow was duplicating the workspace build (~15 min cold-cache compile), paying the cost twice per PR. Fold the regen + auto-commit into the existing test job: one compile, shared rust-cache, same drift-check semantics. - Same-repo PRs: OMNIGRAPH_UPDATE_OPENAPI=1 during the test run, then commit the regenerated spec back to the PR branch - Fork PRs / pushes: env var empty, test stays in strict drift-check mode - openapi_spec_is_up_to_date treats empty env value as unset, so the conditional workflow env expression works Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Restore the default pull_request checkout (refs/pull/N/merge) so tests see the merged state. The openapi.json auto-commit now uses a separate shallow clone of the PR branch, so the pushed commit contains only the spec change rather than the merge-commit tree. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit bcddbdf. Configure here.
| tmp=$(mktemp -d) | ||
| git clone --depth 1 --branch "${{ github.head_ref }}" \ | ||
| "https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }}.git" \ | ||
| "$tmp" |
There was a problem hiding this comment.
Script injection via github.head_ref in shell command
Medium Severity
${{ github.head_ref }} is interpolated directly into a run: shell script, which is a known GitHub Actions script injection vector. A branch name containing shell metacharacters (e.g., backticks or $()) would execute arbitrary commands in a context where GITHUB_TOKEN with contents: write is available. The safe pattern is to pass the value via an env: mapping (e.g., HEAD_REF: ${{ github.head_ref }}) and reference "$HEAD_REF" in the script instead.
Reviewed by Cursor Bugbot for commit bcddbdf. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
openapi.jsonextracted from the Utoipa annotations, kept in sync via a golden-file test (openapi_spec_is_up_to_date). Regenerate withOMNIGRAPH_UPDATE_OPENAPI=1 cargo test -p omnigraph-server --test openapi openapi_spec_is_up_to_date— any drift between the committed spec and the Utoipa-generated output fails CI.operation_idto every#[utoipa::path]so generated SDK methods have clean camelCase names (read,createBranch,getRun,mergeBranches, etc.) instead of the default function-name-derived IDs.Test plan
cargo test -p omnigraph-server --test openapi— all 65 tests passopenapi.jsoncontains valid OpenAPI 3.1 with 16 paths, 30 schemas,bearer_tokenscheme🤖 Generated with Claude Code
Note
Medium Risk
Adds a committed
openapi.jsongolden file and CI automation that can push commits back to same-repo PR branches, which affects CI behavior and repository history. Runtime API behavior is largely unchanged, but tooling/SDK generation may be impacted by the new explicitoperation_idvalues.Overview
Adds a committed OpenAPI artifact and keeps it in sync automatically. This PR introduces a generated
openapi.jsonchecked into the repo, plus a golden-file test (openapi_spec_is_up_to_date) that fails when the committed spec drifts from the Utoipa-generated output.Updates CI and docs to support spec regeneration. Workspace CI now sets
OMNIGRAPH_UPDATE_OPENAPIfor same-repo PRs and, whenopenapi.jsonchanges, commits and pushes the regenerated file back to the PR branch (requiringcontents: write).Stabilizes SDK method naming. All
#[utoipa::path]endpoints inomnigraph-servernow specify explicitoperation_ids (e.g.,listBranches,getRun,applySchema) so generated clients get consistent names.Reviewed by Cursor Bugbot for commit bcddbdf. Bugbot is set up for automated code reviews on this repo. Configure here.